FuzzEval: Assessing Fuzzers on Generating Context-Sensitive Inputs
read the original abstract
Cryptographic protocols form the backbone of modern security systems, yet vulnerabilities persist within their implementations. Traditional testing techniques, including fuzzing, have struggled to effectively identify vulnerabilities in cryptographic libraries due to their reliance on context-sensitive inputs. This paper presents a comprehensive evaluation of eleven state-of-the-art fuzzers' ability to generate context-sensitive inputs for testing a cryptographic standard, PKCS#1-v1.5, across thirteen implementations. Our study reveals nuanced performance differences among the fuzzers in terms of the validity and diversity of the produced inputs. This investigation underscores the limitations of existing fuzzers in handling context-sensitive inputs. These findings are expected to drive further research and development in this area.
This paper has not been read by Pith yet.
Forward citations
Cited by 1 Pith paper
-
Evaluating the Effectiveness of LLMs in Aiding Compliance Testing of PKCS#1-v1.5
LLM-assisted mutation testing reproduced 10 of 13 known PKCS#1 v1.5 violation categories and one new discrepancy but was limited by 82.5% hallucination rate in generated scripts.
discussion (0)
Sign in with ORCID, Apple, or X to comment. Anyone can read and Pith papers without signing in.