Paper Info
Title
Offset-Aware Mutation Based Fuzzing for Buffer Overflow Vulnerabilities: Few Preliminary Results
Abstract
This article presents few preliminary results and future ideas related to smart fuzzing to detect buffer overflow vulnerabilities. The approach is based on the combination of lightweight static analysis techniques and mutation-based evolutionary strategies. First, a static taint-analysis allows to identify the most dangerous execution paths, containing vulnerable statements those execution depend on user input streams. Then, concrete input are produced and executed on the vulnerable program following an offset-aware mutation strategy: at each step, the current input streams are mutated with specific values, and at specific offsets, depending on their ability to activate a target execution path. We provide few empirical results on a benchmarking dataset as a proof of concept and discuss future extension.
Year
DOI
Venue
2011
10.1109/ICSTW.2011.9
Software Testing, Verification and Validation Workshops
Keywords
Field
DocType
concrete input,preliminary results,current input stream,buffer overflow vulnerabilities,offset-aware mutation,future extension,user input stream,specific offset,specific value,target execution path,dangerous execution path,future idea,lightweight static analysis technique,taint analysis,buffer overflow,fuzzing,evolutionary algorithm,evolutionary computation,measurement
Fuzz testing,Evolutionary algorithm,Computer science,Static analysis,Evolutionary computation,Taint checking,Proof of concept,Offset (computer science),Buffer overflow,Distributed computing
Conference
ISBN
Citations 
PageRank 
978-0-7695-4345-1
8
0.64
References 
Authors
7
2
Name
Order
Citations
PageRank
Sanjay Rawat114610.59
Laurent Mounier2118779.54