Towards Effective Performance Fuzzing

2022 IEEE International Symposium on Software Reliability Engineering Workshops (ISSREW) Pub Date : 2022-10-01 DOI:10.1109/ISSREW55968.2022.00055

Yiqun Chen, M. Bradbury, N. Suri

{"title":"Towards Effective Performance Fuzzing","authors":"Yiqun Chen, M. Bradbury, N. Suri","doi":"10.1109/ISSREW55968.2022.00055","DOIUrl":null,"url":null,"abstract":"Fuzzing is an automated testing technique that utilizes injection of random inputs in a target program to help uncover vulnerabilities. Performance fuzzing extends the classic fuzzing approach and generates inputs that trigger poor performance. During our evaluation of performance fuzzing tools, we have identified certain conventionally used assumptions that do not always hold true. Our research (re)evaluates PERFFUZZ [1] in order to identify the limitations of current techniques, and guide the direction of future work for improvements to performance fuzzing. Our experimental results highlight two specific limitations. Firstly, we identify the assumption that the length of execution paths correlate to program performance is not always the case, and thus cannot reflect the quality of test cases generated by performance fuzzing. Secondly, the default testing parameters by the fuzzing process (timeouts and size limits) overly confine the input search space. Based on these observations, we suggest further investigation on performance fuzzing guidance, as well as controlled fuzzing and testing parameters.","PeriodicalId":178302,"journal":{"name":"2022 IEEE International Symposium on Software Reliability Engineering Workshops (ISSREW)","volume":"26 1","pages":"0"},"PeriodicalIF":0.0000,"publicationDate":"2022-10-01","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":"1","resultStr":null,"platform":"Semanticscholar","paperid":null,"PeriodicalName":"2022 IEEE International Symposium on Software Reliability Engineering Workshops (ISSREW)","FirstCategoryId":"1085","ListUrlMain":"https://doi.org/10.1109/ISSREW55968.2022.00055","RegionNum":0,"RegionCategory":null,"ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":null,"EPubDate":"","PubModel":"","JCR":"","JCRName":"","Score":null,"Total":0}

引用次数: 1

Abstract

Fuzzing is an automated testing technique that utilizes injection of random inputs in a target program to help uncover vulnerabilities. Performance fuzzing extends the classic fuzzing approach and generates inputs that trigger poor performance. During our evaluation of performance fuzzing tools, we have identified certain conventionally used assumptions that do not always hold true. Our research (re)evaluates PERFFUZZ [1] in order to identify the limitations of current techniques, and guide the direction of future work for improvements to performance fuzzing. Our experimental results highlight two specific limitations. Firstly, we identify the assumption that the length of execution paths correlate to program performance is not always the case, and thus cannot reflect the quality of test cases generated by performance fuzzing. Secondly, the default testing parameters by the fuzzing process (timeouts and size limits) overly confine the input search space. Based on these observations, we suggest further investigation on performance fuzzing guidance, as well as controlled fuzzing and testing parameters.

查看原文

微信好友朋友圈 QQ好友复制链接

本刊更多论文

迈向有效的性能模糊测试

模糊测试是一种自动化测试技术，它利用在目标程序中注入随机输入来帮助发现漏洞。性能模糊测试扩展了经典的模糊测试方法，并生成触发性能差的输入。在我们对性能模糊测试工具的评估过程中，我们已经确定了某些传统使用的假设并不总是正确的。我们的研究(重新)评估了PERFFUZZ[1]，以确定当前技术的局限性，并指导未来改进性能模糊测试的工作方向。我们的实验结果突出了两个特定的局限性。首先，我们确定执行路径的长度与程序性能相关的假设并不总是如此，因此不能反映性能模糊测试生成的测试用例的质量。其次，模糊处理的默认测试参数(超时和大小限制)过度限制了输入搜索空间。基于这些观察结果，我们建议进一步研究性能模糊指导，以及控制模糊和测试参数。

本文章由计算机程序翻译，如有差异，请以英文原文为准。

求助全文

约1分钟内获得全文去求助

来源期刊

2022 IEEE International Symposium on Software Reliability Engineering Workshops (ISSREW)

自引率

0.00%

发文量