Dissecting American Fuzzy Lop: A FuzzBench Evaluation

Abstract

AFL is one of the most used and extended fuzzers, adopted by industry and academic researchers alike. Although the community agrees on AFL’s effectiveness at discovering new vulnerabilities and its outstanding usability, many of its internal design choices remain untested to date. Security practitioners often clone the project “as-is” and use it as a starting point to develop new techniques, usually taking everything under the hood for granted. Instead, we believe that a careful analysis of the different parameters could help modern fuzzers improve their performance and explain how each choice can affect the outcome of security testing, either negatively or positively.

Document Details

Document Type
Pub Defense Publication
Publication Date
Mar 29, 2023
Source ID
10.1145/3580596

Entities

People

  • Alessandro Mantovani
  • Andrea Fioraldi
  • Davide Balzarotti
  • Dominik Maier

Organizations

  • Defense Advanced Research Projects Agency
  • EURECOM
  • Technische Universität Berlin

Tags

Readers

  • Mathematical Modeling and Probability Theory.
  • Research Science/Academic Research
  • Theoretical Analysis.