Imperial College London
Professor Cristian Cadar

ProfessorCristianCadar

Faculty of EngineeringDepartment of Computing

Professor of Software Reliability
 
 
 
//

Contact

 

c.cadar Website

 
 
//

Location

 

435Huxley BuildingSouth Kensington Campus

//

Summary

 

Publications

Citation

BibTex format

@inproceedings{Andronidis:2022:10.5281/zenodo.6529828,
author = {Andronidis, A and Cadar, C},
doi = {10.5281/zenodo.6529828},
pages = {340--351},
publisher = {ACM},
title = {SnapFuzz: High-throughput fuzzing of network applications},
url = {http://dx.doi.org/10.5281/zenodo.6529828},
year = {2022}
}
Download

RIS format (EndNote, RefMan)

TY  - CPAPER
AB  - In recent years, fuzz testing has benefited from increased com-putational power and important algorithmic advances, leading tosystems that have discovered many critical bugs and vulnerabilitiesin production software. Despite these successes, not all applicationscan be fuzzed efficiently. In particular, stateful applications such asnetwork protocol implementations are constrained by a low fuzzingthroughput and the need to develop complex fuzzing harnessesthat involve custom time delays and clean-up scripts.In this paper, we present SnapFuzz, a novel fuzzing frameworkfor network applications. SnapFuzz offers a robust architecturethat transforms slow asynchronous network communication intofast synchronous communication, snapshots the target at the latestpoint at which it is safe to do so, speeds up file operations byredirecting them to a custom in-memory filesystem, and removesthe need for many fragile modifications, such as configuring timedelays or writing clean-up scripts.Using SnapFuzz, we fuzzed five popular networking applications:LightFTP, TinyDTLS, Dnsmasq, LIVE555 and Dcmqrscp. We reportimpressive performance speedups of 62.8 x, 41.2 x, 30.6 x, 24.6 x, and8.4 x, respectively, with significantly simpler fuzzing harnesses inall cases. Due to its advantages, SnapFuzz has also found 12 extracrashes compared to AFLNet in these applications.
AU  - Andronidis,A
AU  - Cadar,C
DO  - 10.5281/zenodo.6529828
EP  - 351
PB  - ACM
PY  - 2022///
SP  - 340
TI  - SnapFuzz: High-throughput fuzzing of network applications
UR  - http://dx.doi.org/10.5281/zenodo.6529828
UR  - http://hdl.handle.net/10044/1/97429
ER  -
Download