Browse > Article
http://dx.doi.org/10.13089/JKIISC.2021.31.5.911

The Status Quo and Future of Software Regression Bug Discovery via Fuzz Testing  

Lee, Gwangmu (Seoul National University)
Lee, Byoungyoung (Seoul National University)
Publication Information
Journal of the Korea Institute of Information Security & Cryptology / v.31, no.5, 2021 , pp. 911-917 More about this Journal
Abstract
As software gets an increasing amount of patches, lots of software bugs are increasingly caused by such software patches, collectively known as regression bugs. To proactively detect the regressions bugs, both industry and academia are actively searching for a way to augment fuzz testing, one of the most popular automatic bug detection techniques. In this paper, we investigate the status quo of the studies on augmenting fuzz testing for regression bug detection and, based on the limitations of current proposals, provide an outlook of the relevant research.
Keywords
Regression bug; Fuzz testing; Directed fuzzing; Differential fuzzing; Hybrid fuzzing;
Citations & Related Records
연도 인용수 순위
  • Reference
1 Hristina Palikareva, Tomasz Kuchta, and Cristian Cadar, "Shadow of a doubt: testing for divergences between software versions," Proceedings of the 38th International Conference on Software Engineering, pp. 1181-1192, May. 2016.
2 Hongxu Chen, Yinxing Xue, Yuekang Li, Bihuan Chen, Xiaofei Xie, Xiuheng Wu, and Yang Liu. "Hawkeye: towards a desired directed grey-box fuzzer," Proceedings of the 2018 ACM SIGSAC Conference on Computer and Communications Security, pp. 2095-2108, Oct. 2018.
3 ZDNet, "Commit 1 million: the history of the Linux kernel," https://www.zdnet.com/article/commit-1-million-the-history-of-the-linux-kernel, Aug. 2020.
4 Github, "OSS-Fuzz," https://github.com/google/oss-fuzz, Sep. 2021.
5 Marcel Bohme, Van-Thuan Pham, Manh-Dung Nguyen, and Abhik Roychoudhury. "Directed greybox fuzzing," Proceedings of the 2017 ACM SIGSAC Conference on Computer and Communications Security, pp. 2329-2344, Oct. 2017.
6 Barton P. Miller, Louis Fredriksen, and Bryan So, "An empirical study of the reliability of UNIX utilities," Commun. ACM, vol. 33, no. 12, pp. 32-44, Dec. 1990.   DOI
7 Yuting Chen, Ting Su, and Zhendong Su. "Deep differential testing of JVM implementations," Proceedings of the 41st International Conference on Software Engineering, pp. 1257-1268, May. 2019.
8 The LLVM Compiler Infrastructure, "li bFuzzer," https://llvm.org/docs/LibFuzzer.html, Sep. 2021.
9 Xiaogang Zhu and Marcel Bohme, "Regression greybox fuzzing," Proceedings of the 28th ACM Conference on Computer and Communications Security, [Preprint,] Nov. 2021. [accessed 2021 Septenber 27]. Available from: https://mboehme.github.io/paper/CCS21.pdf
10 Github, "American Fuzzy Lop," https://github.com/google/AFL, Sep. 2021.
11 Github, "ClusterFuzz," https://google.github.io/clusterfuzz/, Sep. 2021.
12 Syzbot, "Syzbot," https://syzkaller.appspot.com/upstream, Sep. 2021.
13 Yannic Noller, Corina S. Pasareanu, Marcel Bohme, Youcheng Sun, Hoang Lam Nguyen, and Lars Grunske, "HyDiff: hybrid differential software analysis," Proceedings of the ACM/IEEE 42nd International Conference on Software Engineering, pp. 1273-1285, Jun. 2020.
14 ZDNet, "Open-source security: This is why bugs in open-source software have hit a record high," https://www.zdnet.com/article/open-source-security-this-is-why-bugs-in-open-source-software-have-hit-a-record-high, Mar. 2020.
15 Gwangmu Lee, Woochul Shim, and Byoungyoung Lee, "Constraint-guided directed greybox fuzzing," Proceedings of the 30th USENIX Conference on Security Symposium, pp. 3559-3576, Aug. 2021.
16 Theofilos Petsios, Adrian Tang, Salvatore Stolfo, Angelos D. Keromytis, and Suman Jana, "NEZHA: efficient domain-independent differential testing," 2017 IEEE Symposium on Security and Privacy, pp. 615-632, May. 2017.