Problems in symbolic fuzzing presented at Infiltrate 2015

by Nathan Rittenhouse,

Summary : Fuzzing is undoubtedly one of the most popular methods for both attackers and defenders to find bugs in software. Recent advances in symbolic fuzzing, a technique that allows program logic to direct the fuzzing process, allow their operators to uncover bugs in software applications that would be very difficult to uncover otherwise. However, there are many programs which symbolic fuzzing can fail to test. In some instances, checksums, cryptographic operations, loop constructs, table lookups (such as atoi and character conversion routines), and other constructs (such as sanity checks) can stop bug discovery in its tracks. Moreover, some symbolic techniques fail to handle large programs. This talk will begin with an overview of symbolic fuzzing and how it can help find bugs faster. We’ll explore challenges this technique may face using specific code constructs and examples. Finally the talk will conclude with an analysis of how fuzzers deal with these specific cases and the merits to the approaches.