English

FuSeBMC: A White-Box Fuzzer for Finding Security Vulnerabilities in C Programs

Cryptography and Security 2020-12-22 v1 Logic in Computer Science

Abstract

We describe and evaluate a novel white-box fuzzer for C programs named FuSeBMC, which combines fuzzing and symbolic execution, and applies Bounded Model Checking (BMC) to find security vulnerabilities in C programs. FuSeBMC explores and analyzes C programs (1) to find execution paths that lead to property violations and (2) to incrementally inject labels to guide the fuzzer and the BMC engine to produce test-cases for code coverage. FuSeBMC successfully participates in Test-Comp'21 and achieves first place in the Cover-Error category and second place in the Overall category.

Keywords

Cite

@article{arxiv.2012.11223,
  title  = {FuSeBMC: A White-Box Fuzzer for Finding Security Vulnerabilities in C Programs},
  author = {Kaled M. Alshmrany and Rafael S. Menezes and Mikhail R. Gadelha and Lucas C. Cordeiro},
  journal= {arXiv preprint arXiv:2012.11223},
  year   = {2020}
}

Comments

4 pages

R2 v1 2026-06-23T21:07:16.221Z