Theses and Dissertations Collection

The exploration of the input space of programs can often be prohibitively expensive duringfuzzing. To improve this exploration, modern fuzzing relies on human expertise to provide plausible initial test cases. However, the process of handcrafting test cases for fuzzing is often strenuous for humans and requires a deeper understanding of the Program-Under-Test (PUT). Also, the use of known inputs to programs often cannot trigger vulnerable program behaviors or reach potentially vulnerable code locations in a fuzzing session. To address those issues, we propose a seed generation framework for human-in-the-loop directed fuzzing. Our proposed framework uses symbolic execution to generate seeds that exercise paths to target program locations and uses fuzzing to trigger vulnerable program behaviors. Finally, our framework enables the visualization of the explored execution paths in binaries for generated or user-provided test inputs. The experimental results of our approach show its effectiveness in improving AFL’s performance in discovering software bugs.