论文信息 - SAGE: Whitebox Fuzzing for Security Testing

SAGE: Whitebox Fuzzing for Security Testing

Most ACM Queue readers might think of "program verification research" as mostly theoretical with little impact on the world at large. Think again. If you are reading these lines on a PC running some form of Windows (like 93-plus percent of PC users--that is, more than a billion people), then you have been affected by this line of work--without knowing it, which is precisely the way we want it to be.

Patrice Godefroid | Michael Y. Levin | David A. Molnar | Patrice Godefroid | D. Molnar

[1] Barton P. Miller,et al. An empirical study of the robustness of Windows NT applications using random testing , 2000 .

[2] Koushik Sen,et al. DART: directed automated random testing , 2005, PLDI '05.

[3] Sanjay Bhansali,et al. Framework for instruction-level tracing and analysis of program executions , 2006, VEE '06.

[4] Michael Howard,et al. The security development lifecycle : SDL, a process for developing demonstrably more secure software , 2006 .

[5] Satish Narayanasamy,et al. Automatically classifying benign and harmful data races using replay analysis , 2007, PLDI '07.

[6] Nikolaj Bjørner,et al. Z3: An Efficient SMT Solver , 2008, TACAS.

[7] Patrice Godefroid,et al. Automated Whitebox Fuzz Testing , 2008, NDSS.

[8] Koushik Sen. DART: Directed Automated Random Testing , 2009, Haifa Verification Conference.