论文信息 - Finding Software Vulnerabilities by Smart Fuzzing

Finding Software Vulnerabilities by Smart Fuzzing

Nowadays, one of the most effective ways to identify software vulnerabilities by testing is the use of fuzzing, whereby the robustness of software is tested against invalid inputs that play on implementation limits or data boundaries. A high number of random combinations of such inputs are sent to the system through its interfaces. Although fuzzing is a fast technique which detects real errors, its efficiency should be improved. Indeed, the main drawbacks of fuzz testing are its poor coverage which involves missing many errors, and the quality of tests. Enhancing fuzzing with advanced approaches such as: data tainting and coverage analysis would improve its efficiency and make it smarter. This paper will present an idea on how these techniques when combined give better error detection by iteratively guiding executions and generating the most pertinent test cases able to trigger potential vulnerabilities and maximize the coverage of testing.

[1] Jared D. DeMott,et al. Fuzzing for Software Security Testing and Quality Assurance , 2008 .

[2] David Brumley,et al. All You Ever Wanted to Know about Dynamic Taint Analysis and Forward Symbolic Execution (but Might Have Been Afraid to Ask) , 2010, 2010 IEEE Symposium on Security and Privacy.

[3] James Newsome,et al. Dynamic Taint Analysis for Automatic Detection, Analysis, and SignatureGeneration of Exploits on Commodity Software , 2005, NDSS.

[4] Pedram Amini,et al. Fuzzing: Brute Force Vulnerability Discovery , 2007 .

[5] Abraham Kandel,et al. Effective Black-Box Testing with Genetic Algorithms , 2005, Haifa Verification Conference.

[6] James C. King,et al. Symbolic execution and program testing , 1976, CACM.

[7] Stephen McCamant,et al. Crash analysis with BitBlaze , 2010 .

[8] Patrice Godefroid,et al. Automated Whitebox Fuzz Testing , 2008, NDSS.

[9] Harish Patil,et al. Pin: building customized program analysis tools with dynamic instrumentation , 2005, PLDI '05.

[10] Alessandro Orso,et al. Dytan: a generic dynamic taint analysis framework , 2007, ISSTA '07.

[11] Nicholas Nethercote,et al. Valgrind: a framework for heavyweight dynamic binary instrumentation , 2007, PLDI '07.