The future of grey-box fuzzing

Abstract: Society are becoming more dependent on software, and more artifacts are being connected to the Internet each day [31]. This makes the work of tracking down vulnerabilities in software a moral obligation for software developers. Since manual testing is expensive [7], automated bug finding techniques are attractive within the quality assurance field, since it can save companies a lot of money. This thesis summarizes the research of an automated bug finding technique called grey-box fuzzing, with the goal of saying something about its future. Grey-box fuzzing is a breed of fuzzing, where the basic concept of fuzzing is to provide random data as input to an application in order to test it for bugs. To portray the current state of grey-box fuzzing, two tools which are relevant to the current research will be presented and discussed. A definition of what grey-box fuzzing is will also be extracted from the research papers by looking at what they all have in common. The combination of fuzzing with symbolic execution or dynamic taint analysis are two of the approaches which this work has identified and discussed, but argues that dynamic taint analysis is more promising to the future. Lastly, the trend within fuzzing is predicted to go more towards the grey-box style of fuzzing, which leads to grey-box fuzzing rising in popularity.