[PDF] ethz.ch

Semi-valid input coverage for fuzz testing

P Tsankov, MT Dashti, D Basin - Proceedings of the 2013 International …, 2013 - dl.acm.org
P Tsankov, MT Dashti, D Basin
Proceedings of the 2013 International Symposium on Software Testing and Analysis, 2013dl.acm.org
We define semi-valid input coverage (SVCov), the first coverage criterion for fuzz testing. Our
criterion is applicable whenever the valid inputs can be defined by a finite set of constraints.
SVCov measures to what extent the tests cover the domain of semi-valid inputs, where an
input is semi-valid if and only if it satisfies all the constraints but one. We demonstrate
SVCov's practical value in a case study on fuzz testing the Internet Key Exchange protocol
(IKE). Our study shows that it is feasible to precisely define and efficiently measure SVCov …
We define semi-valid input coverage (SVCov), the first coverage criterion for fuzz testing. Our criterion is applicable whenever the valid inputs can be defined by a finite set of constraints. SVCov measures to what extent the tests cover the domain of semi-valid inputs, where an input is semi-valid if and only if it satisfies all the constraints but one.
We demonstrate SVCov's practical value in a case study on fuzz testing the Internet Key Exchange protocol (IKE). Our study shows that it is feasible to precisely define and efficiently measure SVCov. Moreover, SVCov provides essential information for improving the effectiveness of fuzz testing and enhancing fuzz-testing tools and libraries. In particular, by increasing coverage under SVCov, we have discovered a previously unknown vulnerability in a mature IKE implementation.
ACM Digital Library
Show moreShow less
Save Cite Cited by 22 Related articles All 10 versions Library Search
Showing the best result for this search. See all results