Axiomatizing software test data adequacy
IEEE Transactions on Software Engineering
A Formal Evaluation of Data Flow Path Selection Criteria
IEEE Transactions on Software Engineering
An empirical study of the reliability of UNIX utilities
Communications of the ACM
Software unit test coverage and adequacy
ACM Computing Surveys (CSUR)
System Security Assessment through Specification Mutations and Fault Injection
Proceedings of the IFIP TC6/TC11 International Conference on Communications and Multimedia Security Issues of the New Century
Violating Assumptions with Fuzzing
IEEE Security and Privacy
DART: directed automated random testing
Proceedings of the 2005 ACM SIGPLAN conference on Programming language design and implementation
Valgrind: a framework for heavyweight dynamic binary instrumentation
Proceedings of the 2007 ACM SIGPLAN conference on Programming language design and implementation
Flayer: exposing application internals
WOOT '07 Proceedings of the first USENIX workshop on Offensive Technologies
Fuzzing: Brute Force Vulnerability Discovery
Fuzzing: Brute Force Vulnerability Discovery
Grammar-based whitebox fuzzing
Proceedings of the 2008 ACM SIGPLAN conference on Programming language design and implementation
Fuzzing for Software Security Testing and Quality Assurance
Fuzzing for Software Security Testing and Quality Assurance
Automated Test Generation and Verified Software
Verified Software: Theories, Tools, Experiments
Taint-based directed whitebox fuzzing
ICSE '09 Proceedings of the 31st International Conference on Software Engineering
Generating Structurally Complex Test Cases By Data Mutation
The Computer Journal
KLEE: unassisted and automatic generation of high-coverage tests for complex systems programs
OSDI'08 Proceedings of the 8th USENIX conference on Operating systems design and implementation
Improving Fuzz Testing Using Game Theory
NSS '10 Proceedings of the 2010 Fourth International Conference on Network and System Security
SNOOZE: toward a stateful network protocol fuzZEr
ISC'06 Proceedings of the 9th international conference on Information Security
SAGE: Whitebox Fuzzing for Security Testing
Queue - Networks
The Art of Software Testing
Communications of the ACM
On the danger of coverage directed test case generation
FASE'12 Proceedings of the 15th international conference on Fundamental Approaches to Software Engineering
| Hi-index | 0.00 |
We define semi-valid input coverage (SVCov), the first coverage criterion for fuzz testing. Our criterion is applicable whenever the valid inputs can be defined by a finite set of constraints. SVCov measures to what extent the tests cover the domain of semi-valid inputs, where an input is semi-valid if and only if it satisfies all the constraints but one. We demonstrate SVCov's practical value in a case study on fuzz testing the Internet Key Exchange protocol (IKE). Our study shows that it is feasible to precisely define and efficiently measure SVCov. Moreover, SVCov provides essential information for improving the effectiveness of fuzz testing and enhancing fuzz-testing tools and libraries. In particular, by increasing coverage under SVCov, we have discovered a previously unknown vulnerability in a mature IKE implementation.