Fuzzing: The State of the Art.
Scientific Publication
- Report Number:
- DSTO-TN-1043
- Authors:
- McNally, R.; Yiu, K.; Grove, D.; Gerhardy, D.
- Issue Date:
- 2012-02
- AR Number:
- AR-015-148
- Classification:
- Unclassified
- Report Type:
- Technical Note
- Division:
- Command, Control, Communication and Intelligence Division (C3ID)
- Release Authority:
- Chief, Command, Control, Communication and Intelligence Division
- Task Sponsor:
- DSTO
- Task Number:
- 07/343
- File Number:
- 2011/1216182/1
- Pages:
- 43
- References:
- 37
- Terms:
- Fuzzy systems; Computer security
- URI:
- http://hdl.handle.net/1947/10173
Abstract
Fuzzing is an approach to software testing where the system being tested is bombarded with test cases generated by another program. The system is then monitored for any flaws exposed by the processing of this input. While the fundamental principles of fuzzing have not changed since the term was first coined, the complexity of the mechanisms used to drive the fuzzing process have undergone significant evolutionary advances. This paper is a survey of the history of fuzzing, which attempts to identify significant features of fuzzers and recent advances in their development, in order to discern the current state of the art in fuzzing technologies, and to extrapolate them into the future.
Executive Summary
Fuzzing is an approach to software testing where the system being tested is bombarded with test cases generated by another program. The system is then monitored for any flaws exposed by the processing of this input. Whilst such a simplistic approach may sound naive, history has shown fuzzing to be surprisingly effective at uncovering flaws in a wide range of software systems.; This combination of simplicity and effectiveness led to the wide adoption of fuzzing based approaches within the software attacker community around the turn of this century. Early fuzzing implementations tended to be relatively simple, constructing test cases from a sequence of random numbers. Driven by a desire to test increasingly sophisticated systems, the complexity of fuzzing implementations has increased to the point where there are now several recognisable classes of fuzzer, each with their own strengths and weaknesses.; With its effectiveness established, it was only a matter of time before fuzzing was incorporated into software development best practices and used as part of a software test and defensive coding regime. Several companies have developed and released commercial fuzzing tool suites, including fuzzing support for large numbers of computer protocols. This, in addition to research activies within both the academic and commercial spheres, suggests that fuzzing techniques will continue to evolve, and fuzzing will remain an important tool for vulnerability discovery in the future.; This paper is a survey of the history of fuzzing, which attempts to identify significant features of fuzzers and recent advances in their development.