2017 Symposium Posters

Posters > 2017

HexFuzz: Bug Finding through combined fault injection and fuzzing at library boundaries


PDF

Primary Investigator:
Mathias Payer

Project Members
Hui Peng, Hrishikesh Deshpande, Mathias Payer
Abstract
Fuzzing is an effective bug finding technique. But existing random fuzzing approaches are inefficient. In this work, we propose a fuzzing approach that works in combination with fault injection at the API layer. Fault injection unmasks bugs that are unlikely to be triggered under normal conditions. Fuzzing, on the other hand, uses a random mutated input to expose bugs. Fuzzing by interception at the API layer combines the benefits of fault injection with a random fuzzing approach. Our approach has exposed new bugs in well-tested open source programs.

Our annual information security symposium will take place on April 3rd and 4th, 2018.
Purdue University, West Lafayette, IN