论文信息 - Improving Fuzz Testing Using Game Theory

Improving Fuzz Testing Using Game Theory

We propose a game theoretical model for fuzz testing, consisting in generating unexpected input to search for software vulnerabilities. As of today, no performance guarantees or assessment frameworks for fizzing exist. Our paper addresses these issues and describes a simple model that can be used to assess and identify optimal fizzing strategies, by leveraging game theory. In this context, payoff functions are obtained using a tainted data analysis and instrumentation of a target application to assess the impact of different fizzing strategies.

[1] Radu State,et al. Using game theory to configure P2P SIP , 2009, IPTComm.

[2] Dawson R. Engler,et al. EXE: automatically generating inputs of death , 2006, CCS '06.

[3] David Brumley,et al. Vulnerability-Specific Execution Filtering for Exploit Prevention on Commodity Software , 2006, NDSS.

[4] Luca de Alfaro,et al. Game Models for Open Systems , 2003, Verification: Theory and Practice.

[5] Justin Seitz. Gray Hat Python: Python Programming for Hackers and Reverse Engineers , 2009 .

[6] Andrew McLennan,et al. Gambit: Software Tools for Game Theory , 2006 .

[7] Adam Kiezun,et al. Grammar-based whitebox fuzzing , 2008, PLDI '08.

[8] Dawson R. Engler,et al. EXE: A system for automatically generating inputs of death using symbolic execution , 2006, CCS 2006.

[9] Margus Veanes,et al. Play to Test , 2005, FATES.

[10] Radu State,et al. KiF: a stateful SIP fuzzer , 2007, IPTComm '07.

[11] Amy Greenwald,et al. Matrix Games and Nash Equilibrium , 2007 .

[12] James Newsome,et al. Dynamic Taint Analysis for Automatic Detection, Analysis, and SignatureGeneration of Exploits on Commodity Software , 2005, NDSS.

[13] Martin Vuagnoux,et al. Autodafé: an Act of Software Torture , 2005 .

[14] Tal Garfinkel,et al. Understanding data lifetime via whole system simulation , 2004 .