Predictive Context-sensitive Fuzzing
Pietro Borrello
Network and Distributed System Security (NDSS) Symposium 2024 · Day 3 · Kernel Fuzzing
Fuzz testing, or fuzzing, stands as a cornerstone in modern software security, invaluable for proactively identifying vulnerabilities before they can be exploited. The predominant method, **coverage-guided fuzzing (CGF)**, relies on code coverage metrics to steer test case generation towards unexplored program paths. While highly effective for a broad spectrum of bugs, CGF often falls short when vulnerabilities are contingent not merely on reaching a specific code location, but on the *context*—the particular sequence of calls or argument values—that leads to that location. This talk introduces a groundbreaking approach: **Predictive Context-sensitive Fuzzing**, a novel methodology designed to overcome these limitations by selectively applying contextual awareness.