Kaizen: a scalable concolic fuzzing tool for Scala

Kaizen: a scalable concolic fuzzing tool for Scala

연구 분야: Analysis

학회: SCALA 2020: Proceedings of the 11th ACM SIGPLAN International Symposium on Scala

Scala is an open-source programming language created by Martin Odersky in 2001 and released under the BSD or Berkeley Software Distribution license. The language consolidates object-oriented and functional programming in one high-level and robust language. Scala also maintains static types that help to reduce tricky errors during the execution time. In this paper, we introduce ”Kaizen” as a practical security analysis tool that works based on concolic fuzzing for evaluating real-world Scala applications. To evaluated our approach, we analyzed 1,000 popular Scala projects existing on GitHub. As a result, Kaizen could report and exploit 101 security issues; some of those have not been reported before. Furthermore, our performance analysis outcome on the ScalaBench test suite demonstrates a 49% runtime overhead that proves Kaizen’s usefulness for security testing in the Scala ecosystem.