CRAXfuzz: Target-Aware Symbolic Fuzz Testing

Chao Chun Yeh, Hsiang Chung, Shih-Kun Huang

Research output: Chapter in Book/Report/Conference proceedingConference contributionpeer-review

5 Scopus citations


Vulnerabilities are caused by implementation bugs, such as buffer overflow, integer overflow, uncontrolled format strings, and command injection flaws. They are often exploited to intrude software systems. In order to reduce software bugs, testing techniques are proposed. The recent technique to discover security-related bugs is fuzz testing. However, traditional fuzzers can only find bugs when program exceptions, especially crashes, raised. Some security threats may pass these tests due to insufficient code coverage. In this paper, we introduce a software testing framework based on symbolic execution using S2E, a whole system symbolic execution engine. When a program executes our pre-defined security sensitive functions, such as malloc, strcpy or printf, our framework will initiate a triage process. The process will determine whether any related security vulnerabilities would possibly occur in these functions automatically. We successfully and efficiently reproduce 12 previously known vulnerabilities from normal input data within 100 seconds for large applications such as Tiff, VIM, and MPlayer. Our tool can help developers locate bugs faster, and improve the efficiency of software quality maintenance.

Original languageEnglish
Title of host publicationProceedings - 2015 IEEE 39th Annual Computer Software and Applications Conference, COMPSAC 2015
EditorsGang Huang, Jingwei Yang, Sheikh Iqbal Ahamed, Pao-Ann Hsiung, Carl K. Chang, William Chu, Ivica Crnkovic
PublisherIEEE Computer Society
Number of pages12
ISBN (Electronic)9781467365635
StatePublished - 21 Sep 2015
Event39th IEEE Annual Computer Software and Applications Conference, COMPSAC 2015 - Taichung, Taiwan
Duration: 1 Jul 20155 Jul 2015

Publication series

NameProceedings - International Computer Software and Applications Conference
ISSN (Print)0730-3157


Conference39th IEEE Annual Computer Software and Applications Conference, COMPSAC 2015


  • Fuzz testing
  • Software testing
  • Symbolic execution
  • Vulnerability


Dive into the research topics of 'CRAXfuzz: Target-Aware Symbolic Fuzz Testing'. Together they form a unique fingerprint.

Cite this