Write a Blog >>
ICST 2020
Sat 24 - Wed 28 October 2020 Porto, Portugal
Tue 27 Oct 2020 10:30 - 10:45 at Infante - Testing tools Chair(s): Andy Zaidman, René Just
Tue 27 Oct 2020 21:30 - 21:45 at Infante - Testing tools Chair(s): René Just, Andy Zaidman

Server fuzzing is difficult. Unlike simple command-line tools, servers feature a massive state space that can be traversed effectively only with well-defined sequences of input messages. Valid sequences are specified in a protocol. In this paper, we present AFLNET, the first greybox fuzzer for protocol implementations. Unlike existing protocol fuzzers, AFLNET takes a mutational approach and uses state-feedback to guide the fuzzing process. AFLNET is seeded with a corpus of recorded message exchanges between the server and an actual client. No protocol specification or message grammars are required. AFLNET acts as a client and replays variations of the original sequence of messages sent to the server and retains those variations that were effective at increasing the coverage of the code or state space. To identify the server states that are exercised by a message sequence, AFLNET uses the server’s response codes. From this feedback, AFLNET identifies progressive regions in the state space, and systematically steers towards such regions. The case studies with AFLNET on two popular protocol implementations demonstrate a substantial performance boost over the state-of the-art. AFLNET discovered two new CVEs which are classified as critical (CVSS score CRITICAL 9.8).

Tue 27 Oct
Times are displayed in time zone: Greenwich Mean Time : Lisbon change

10:00 - 11:00: Testing toolsTesting Tools Track at Infante +11h
Chair(s): Andy ZaidmanDelft University of Technology, René JustUniversity of Washington, USA
10:00 - 10:15
Talk
Callisto: Entropy-based Test Generation and Data Quality Assessment for Machine Learning Systems
Testing Tools Track
Sakshi Udeshi, Xingbin JiangSingapore University of Technology and Design, Sudipta ChattopadhyaySingapore University of Technology and Design
Link to publication DOI
10:15 - 10:30
Talk
Run Java Applications and Test Them In-Vivo Meantime
Testing Tools Track
Antonia BertolinoCNR-ISTI, Guglielmo De AngelisCNR-IASI, CNR-ISTI, Breno MirandaFederal University of Pernambuco, Paolo TonellaUniversità della Svizzera Italiana (USI)
Link to publication DOI
10:30 - 10:45
Talk
AFLNet: A Greybox Fuzzer for Network Protocols
Testing Tools Track
Van-Thuan PhamMonash University, Marcel BöhmeMonash University, Australia, Abhik RoychoudhuryNational University of Singapore, Singapore
Link to publication DOI
10:45 - 11:00
Talk
ct-fuzz: Fuzzing for Timing Leaks
Testing Tools Track
Shaobo HeUniversity of Utah, Michael EmmiAmazon Web Services, Gabriela CiocarlieSRI International
Link to publication DOI
21:00 - 22:00: Testing toolsTesting Tools Track at Infante
Chair(s): René JustUniversity of Washington, USA, Andy ZaidmanDelft University of Technology
21:00 - 21:15
Talk
Callisto: Entropy-based Test Generation and Data Quality Assessment for Machine Learning Systems
Testing Tools Track
Sakshi Udeshi, Xingbin JiangSingapore University of Technology and Design, Sudipta ChattopadhyaySingapore University of Technology and Design
Link to publication DOI
21:15 - 21:30
Talk
Run Java Applications and Test Them In-Vivo Meantime
Testing Tools Track
Antonia BertolinoCNR-ISTI, Guglielmo De AngelisCNR-IASI, CNR-ISTI, Breno MirandaFederal University of Pernambuco, Paolo TonellaUniversità della Svizzera Italiana (USI)
Link to publication DOI
21:30 - 21:45
Talk
AFLNet: A Greybox Fuzzer for Network Protocols
Testing Tools Track
Van-Thuan PhamMonash University, Marcel BöhmeMonash University, Australia, Abhik RoychoudhuryNational University of Singapore, Singapore
Link to publication DOI
21:45 - 22:00
Talk
ct-fuzz: Fuzzing for Timing Leaks
Testing Tools Track
Shaobo HeUniversity of Utah, Michael EmmiAmazon Web Services, Gabriela CiocarlieSRI International
Link to publication DOI