Overview
Explore an innovative approach to software bug discovery in this IEEE Symposium on Security & Privacy presentation. Learn about T-Fuzz, a novel fuzzing technique that improves code coverage by removing sanity checks in target programs. Discover how this method combines coverage-guided fuzzing with dynamic tracing to bypass complex input checks, allowing access to previously unreachable code paths. Understand the challenges of fuzzing transformed programs, including false positives and bug reproduction, and how T-Fuzz addresses these issues using symbolic execution. Examine the effectiveness of T-Fuzz through evaluations on various datasets and real-world programs, comparing its performance to existing techniques like Driller and AFL. Gain insights into the potential of program transformation in enhancing fuzzing capabilities and uncovering hidden software vulnerabilities.
Syllabus
T-Fuzz Fuzzing by Program Transformation: Hui Peng
Taught by
IEEE Symposium on Security and Privacy