TL;DR
SnapFuzz is a new fuzzing framework that significantly improves the efficiency of testing network applications by transforming asynchronous communication into synchronous, snapshotting states, and optimizing file operations, leading to faster testing and more bug discoveries.
Contribution
Introduces SnapFuzz, a novel framework that enhances fuzzing efficiency for network applications through architecture innovations and performance optimizations.
Findings
Achieved up to 62.8x speedup in fuzzing throughput.
Discovered 12 additional crashes compared to AFLNet.
Simplified fuzzing harness development for network applications.
Abstract
In recent years, fuzz testing has benefited from increased computational power and important algorithmic advances, leading to systems that have discovered many critical bugs and vulnerabilities in production software. Despite these successes, not all applications can be fuzzed efficiently. In particular, stateful applications such as network protocol implementations are constrained by their low fuzzing throughput and the need to develop fuzzing harnesses that reset their state and isolate their side effects. In this paper, we present SnapFuzz, a novel fuzzing framework for network applications. SnapFuzz offers a robust architecture that transforms slow asynchronous network communication into fast synchronous communication, snapshots the target at the latest point at which it is safe to do so, speeds up all file operations by redirecting them to a custom in-memory filesystem, and removes…
Peer Reviews
No public reviews on file for this paper yet. If you reviewed it on a platform where reviews are public (OpenReview, ICLR, NeurIPS, ICML), you can paste yours below so the community can read it here.
Code & Models
Videos
No videos yet. Explain this paper in a talk, walkthrough, or lecture? Add one.
