FuzzM: A Model-Based Approach to Grey-Box Fuzzing

Fuzz testing is a form of automated robustness testing that employs random, invalid or unusual inputs to search for unknown and potentially exploitable system behaviors. In this paper we describe model-based fuzzing, a fuzzing technique that utilizes both a mathematical model to guide the fuzzing process and a constraint solver to deduce high-quality tests capable of targeting deep system behaviors that random testing alone would be unlikely to reach. We describe the model-based fuzzing framework FuzzM, demonstrate how it can be used to model a simple system, and compare its performance with several off-the-self fuzing solutions.