Fuzzing with Code Fragments - USENIX 2012
by Christian Holler, Kim Herzig, Andreas Zeller

Proceedings of the 21st USENIX Conference on Security Symposium, Pages 38-38, USENIX Association, August 2012.

Download as PDF file.

See also

More information is available at http://dl.acm.org/citation.cfm?id=2362793.2362831.


Fuzz testing is an automated technique providing random data as input to a software system in the hope to expose a vulnerability. In order to be effective, the fuzzed input must be common enough to pass elementary consistency checks; a JavaScript interpreter, for instance, would only accept a semantically valid program. On the other hand, the fuzzed input must be uncommon enough to trigger exceptional behavior, such as a crash of the interpreter. The LangFuzz approach resolves this conflict by using a grammar to randomly generate valid programs; the code fragments, however, partially stem from programs known to have caused invalid behavior before. LangFuzz is an effective tool for security testing: Applied on the Mozilla JavaScript interpreter, it discovered a total of 105 new severe vulnerabilities within three months of operation (and thus became one of the top security bug bounty collectors within this period); applied on the PHP interpreter, it discovered 18 new defects causing crashes.

BibTeX Entry

    title = "Fuzzing with Code Fragments",
    author = "Christian Holler and Kim Herzig and Andreas Zeller",
    year = "2012",
    month = aug,
    booktitle = "Proceedings of the 21st USENIX Conference on Security Symposium",
    location = "Bellevue, WA",
    pages = "38--38",
    publisher = "USENIX Association",

Show all publications of the Software Engineering Chair.