UTopia: Automatic Generation of Fuzz Driver using Unit Tests

Jeong, Bokdeuk; Jang, Joonun; Yi, Hayoon; Moon, Jiin; Kim, Junsik; Jeon, Intae; Kim, Taesoo; Shim, WooChul; Hwang, Yong Ho

doi:10.1109/sp46215.2023.10179394

Cited by 7 publications

(1 citation statement)

References 14 publications

Supporting

Mentioning

Contrasting

Order By: Relevance

“…In most cases (if not all), writing fuzz tests is still a primarily manual process, which is a major hindrance to the widespread adoption of fuzzing. There are a few efforts to automate the process, such as FUDGE [8], FuzzGen [9], and other tools [10]- [12]. These tools try to learn the patterns of existing code bases and use them to generate fuzz tests automatically.…”

Section: Introductionmentioning

confidence: 99%

Zero-Config Fuzzing for Microservices

Wang,

Benea,

Ivancic

2023

2023 38th IEEE/ACM International Conference on Automated Software Engineering (ASE)

View full text Add to dashboard Cite

The microservice paradigm is a popular software development pattern that breaks down a large application into smaller, independent services. While this approach offers several advantages, such as scalability, agility, and flexibility, it also introduces new security challenges. This paper presents a novel approach to securing microservice architectures using fuzz testing. Fuzz testing is known to find programming errors in software by feeding it with unexpected or random inputs. In this paper, we propose a zero-config fuzz test generation technique for microservices that can maximize coverage of internal states by mutating both the incoming requests and the backend responses from dependent services. We successfully deployed our technique to over 95% of C++ services built on Google's internal microservice platform. It reported and got fixed thousands of errors in real-world microservice applications.

show abstract

Section: Introductionmentioning

confidence: 99%