MSc Thesis Presentation - Madonna Huang

Date

Name: Madonna Huang

Date: Wednesday, November 6

Time: 2pm - 3pm 

Location: ICCS 306

Supervisor: Caroline Lemieux 

Title: Investigating Fuzzing Strategies in a CI/CD Setup

Abstract:

Fuzzing best practices suggest that fuzzing should be run for at least 24 hours, if not longer. This recommendation makes it hard to integrate fuzzing into CI/CD contexts, to rapidly check a commit for bugs.

Existing studies on CI/CD fuzzing simulated a CI/CD environment by running undirected fuzzers on Magma benchmark programs, which have multiple bugs injected into a single version of the program. Directed fuzzers, such as AFLGo, aim to generate inputs that reach specific target locations in the program being fuzzed. Thus, they should be more effective at fuzzing in a CI/CD environment. In this study, we evaluate both directed and undirected fuzzers in a simulated CI/CD environment.

Like prior work, we use Magma as a source of benchmarks, and run fuzzers for 10 minutes. Unlike prior work, we start the fuzzing process from a saturated corpus, rather than Magma's default corpus. Also unlike prior work, we run the fuzzers on versions of Magma programs with a single bug injected. To deal with the threat that Magma patches give directed fuzzers access to too precise information as to the bug location, we plan to conduct experiments where we add additional lines of target code, to evaluate the sensitivity of directed fuzzers.