HexFuzz: Bug Finding through combined fault injection and fuzzing at library boundaries
Primary Investigator:
Mathias Payer
Hui Peng, Hrishikesh Deshpande, Mathias Payer
Abstract
Fuzzing is an effective bug finding technique. But existing random fuzzing approaches are inefficient. In this work, we propose a fuzzing approach that works in combination with fault injection at the API layer. Fault injection unmasks bugs that are unlikely to be triggered under normal conditions. Fuzzing, on the other hand, uses a random mutated input to expose bugs. Fuzzing by interception at the API layer combines the benefits of fault injection with a random fuzzing approach. Our approach has exposed new bugs in well-tested open source programs.