FuSeBMC: A White-Box Fuzzer for Finding Security Vulnerabilities in C Programs (Competition Contribution)

Kaled Alshmrany; Rafael S. Menezes; Mikhail R Gadelha; Lucas Cordeiro

FuSeBMC: A White-Box Fuzzer for Finding Security Vulnerabilities in C Programs (Competition Contribution)

Kaled Alshmrany, Rafael S. Menezes, Mikhail R Gadelha, Lucas Cordeiro

SIDIA Instituto de Ciência e Tecnologia

Research output: Chapter in Book/Report/Conference proceeding › Conference contribution › peer-review

Abstract

We describe and evaluate a novel white-box fuzzer for C programs named FuSeBMC, which combines fuzzing and symbolic execution, and applies Bounded Model Checking (BMC) to find security vulnerabilities in C programs. FuSeBMC explores and analyzes C programs (1) to find execution paths that lead to property violations and (2) to incrementally inject labels to guide the fuzzer and the BMC engine to produce test-cases for code coverage. FuSeBMC successfully participates in Test-Comp'21 and achieves first place in the Cover-Error category and second place in the Overall category.

Original language	English
Title of host publication	24th International Conference on Fundamental Approaches to Software Engineering (FASE)
Publication status	Published - 20 Mar 2021

Cite this

@inproceedings{de5d1bdf673a42b783ca279c49b7942a,

title = "FuSeBMC: A White-Box Fuzzer for Finding Security Vulnerabilities in C Programs (Competition Contribution)",

abstract = "We describe and evaluate a novel white-box fuzzer for C programs named FuSeBMC, which combines fuzzing and symbolic execution, and applies Bounded Model Checking (BMC) to find security vulnerabilities in C programs. FuSeBMC explores and analyzes C programs (1) to find execution paths that lead to property violations and (2) to incrementally inject labels to guide the fuzzer and the BMC engine to produce test-cases for code coverage. FuSeBMC successfully participates in Test-Comp'21 and achieves first place in the Cover-Error category and second place in the Overall category.",

author = "Kaled Alshmrany and Menezes, {Rafael S.} and Gadelha, {Mikhail R} and Lucas Cordeiro",

year = "2021",

month = mar,

day = "20",

language = "English",

booktitle = "24th International Conference on Fundamental Approaches to Software Engineering (FASE)",

}

FuSeBMC: A White-Box Fuzzer for Finding Security Vulnerabilities in C Programs (Competition Contribution). / Alshmrany, Kaled; Menezes, Rafael S.; Gadelha, Mikhail R et al.

24th International Conference on Fundamental Approaches to Software Engineering (FASE) . 2021.

Research output: Chapter in Book/Report/Conference proceeding › Conference contribution › peer-review

TY - GEN

T1 - FuSeBMC: A White-Box Fuzzer for Finding Security Vulnerabilities in C Programs (Competition Contribution)

AU - Alshmrany, Kaled

AU - Menezes, Rafael S.

AU - Gadelha, Mikhail R

AU - Cordeiro, Lucas

PY - 2021/3/20

Y1 - 2021/3/20

N2 - We describe and evaluate a novel white-box fuzzer for C programs named FuSeBMC, which combines fuzzing and symbolic execution, and applies Bounded Model Checking (BMC) to find security vulnerabilities in C programs. FuSeBMC explores and analyzes C programs (1) to find execution paths that lead to property violations and (2) to incrementally inject labels to guide the fuzzer and the BMC engine to produce test-cases for code coverage. FuSeBMC successfully participates in Test-Comp'21 and achieves first place in the Cover-Error category and second place in the Overall category.

AB - We describe and evaluate a novel white-box fuzzer for C programs named FuSeBMC, which combines fuzzing and symbolic execution, and applies Bounded Model Checking (BMC) to find security vulnerabilities in C programs. FuSeBMC explores and analyzes C programs (1) to find execution paths that lead to property violations and (2) to incrementally inject labels to guide the fuzzer and the BMC engine to produce test-cases for code coverage. FuSeBMC successfully participates in Test-Comp'21 and achieves first place in the Cover-Error category and second place in the Overall category.

M3 - Conference contribution

BT - 24th International Conference on Fundamental Approaches to Software Engineering (FASE)

ER -

FuSeBMC: A White-Box Fuzzer for Finding Security Vulnerabilities in C Programs (Competition Contribution)

Abstract

Fingerprint

Cite this