Fuzzing Flashcards
1
Q
How does fuzzing work?
A
Check for software vulnerabilities through dynamic testing:
- automatically generate so-called fuzz test cases
- monitor target program for security-related bugs
2
Q
Name the three different classes of fuzzing
A
- black-box fuzzing: check if a fuzz test crashed the target program
- white-box fuzzing: use heavyweight program and runtime analysis
- grey-box fuzzing: use lightweight analysis techniques such as code coverage
3
Q
What different input generation techniques are there?
A
- Random generation
- Model-based input generation (either predefined or inferred model: specification mining)
- Mutation-based Input Generation (start with initial kernel of valid seed inputs, use mutation operators: bit-flipping, arithmetic / block-based dictionary based, crossover)
4
Q
How does execution monitoring work?
A
When does a fuzz test violate security policy?
- termination with a fatal signal
- many memory errors automatically detected by OS
- sanitizers can find more errors: address sanitizers, UB sanitizers, thread sanitizers