Abstract | ||
---|---|---|
Fuzzing is one of the most popular test-based software vulnerability detection techniques. It consists in running the target application with dedicated inputs in order to exhibit potential failures that could be exploited by a malicious user. In this paper we propose a global approach for fuzzing, addressing the main challenges to be faced in an industrial context: large-size applications, without source code access, and with a partial knowledge of the input specifications. This approach integrates several successive steps, and we mostly focus here on an important one which relies on binary-level dynamic taint analysis. We summarize the main problems to be addressed in this step, and we detail the solution we implemented to solve them. |
Year | DOI | Venue |
---|---|---|
2012 | 10.1109/ICST.2012.182 | Software Testing, Verification and Validation |
Keywords | Field | DocType |
smart fuzzing,large-size application,input specification,binary-level dynamic taint analysis,global approach,malicious user,industrial context,dedicated input,detection technique,main problem,main challenge,source coding,protocols,assembly,dynamic analysis,registers,software reliability,taint analysis,source code,formal specification,security,system monitoring,software security | Vulnerability (computing),Fuzz testing,Source code,Computer science,Formal specification,System monitoring,Real-time computing,Software,Taint checking,Software quality | Conference |
ISBN | Citations | PageRank |
978-1-4577-1906-6 | 17 | 0.94 |
References | Authors | |
18 | 4 |
Name | Order | Citations | PageRank |
---|---|---|---|
Sofia Bekrar | 1 | 38 | 2.14 |
Chaouki Bekrar | 2 | 38 | 2.14 |
Roland Groz | 3 | 496 | 50.60 |
Laurent Mounier | 4 | 1187 | 79.54 |