Explore an innovative approach to software bug discovery in this IEEE Symposium on Security & Privacy presentation. Learn about T-Fuzz, a novel fuzzing technique that improves code coverage by removing sanity checks in target programs. Discover how this method combines coverage-guided fuzzing with dynamic tracing to bypass complex input checks, allowing access to previously unreachable code paths. Understand the challenges of fuzzing transformed programs, including false positives and bug reproduction, and how T-Fuzz addresses these issues using symbolic execution. Examine the effectiveness of T-Fuzz through evaluations on various datasets and real-world programs, comparing its performance to existing techniques like Driller and AFL. Gain insights into the potential of program transformation in enhancing fuzzing capabilities and uncovering hidden software vulnerabilities.
Overview
Syllabus
T-Fuzz Fuzzing by Program Transformation: Hui Peng
Taught by
IEEE Symposium on Security and Privacy
Tags
Related Courses
-
NEUZZ - Efficient Fuzzing with Neural Program Smoothing
-
Program-Adaptive Mutational Fuzzing
-
Make Your Programs More Reliable with Fuzzing
-
Fuzz Smarter, Not Harder - An AFL-Fuzz Primer
-
Angora - Efficient Fuzzing by Principled Search
-
Beyond the Tip of the Iceberg - Fuzzing Binary Protocol for Deeper Code Coverage
