The Art, Science, and Engineering of Fuzzing: A Survey
Among the many software testing techniques available today, fuzzing has remained highly popular due to its conceptual simplicity, its low barrier to deployment, and its vast amount of empirical evidence in discovering real-world software vulnerabilities. At a high level, fuzzing refers to a process of repeatedly running a program with generated inputs that may be syntactically or semantically malformed. While researchers and practitioners alike have invested a large and diverse effort towards improving fuzzing in recent years, this surge of work has also made it difficult to gain a comprehensive and coherent view of fuzzing. To help preserve and bring coherence to the vast literature of fuzzing, this paper presents a unified, general-purpose model of fuzzing together with a taxonomy of the current fuzzing literature. We methodically explore the design decisions at every stage of our model fuzzer by surveying the related literature and innovations in the art, science, and engineering that make modern-day fuzzers effective.
- Publisher
- IEEE COMPUTER SOC
- Issue Date
- 2021-11
- Language
- English
- Article Type
- Article
- Citation
IEEE TRANSACTIONS ON SOFTWARE ENGINEERING, v.47, no.11, pp.2312 - 2331
- ISSN
- 0098-5589
- Appears in Collection
- CS-Journal Papers(저널논문)
- Files in This Item
- 111726.pdf(1.1 MB)Download
This item is cited by other documents in WoS
| ⊙ Detail Information in WoSⓡ | Click to see |  |
| ⊙ Cited 220 items in WoS | Click to see citing articles in |  |
Items in DSpace are protected by copyright, with all rights reserved, unless otherwise indicated.