• DocumentCode
    2089734
  • Title

    A Taint Based Approach for Smart Fuzzing

  • Author

    Bekrar, Sofia ; Bekrar, Chaouki ; Groz, Roland ; Mounier, Laurent

  • Author_Institution
    VUPEN Security, Montpellier, France
  • fYear
    2012
  • fDate
    17-21 April 2012
  • Firstpage
    818
  • Lastpage
    825
  • Abstract
    Fuzzing is one of the most popular test-based software vulnerability detection techniques. It consists in running the target application with dedicated inputs in order to exhibit potential failures that could be exploited by a malicious user. In this paper we propose a global approach for fuzzing, addressing the main challenges to be faced in an industrial context: large-size applications, without source code access, and with a partial knowledge of the input specifications. This approach integrates several successive steps, and we mostly focus here on an important one which relies on binary-level dynamic taint analysis. We summarize the main problems to be addressed in this step, and we detail the solution we implemented to solve them.
  • Keywords
    formal specification; program testing; software reliability; source coding; system monitoring; binary-level dynamic taint analysis; industrial context; input specification; malicious user; smart fuzzing; source code access; taint based approach; test-based software vulnerability detection technique; Assembly; Monitoring; Protocols; Registers; Runtime; Security; Software; dynamic analysis; smart fuzzing; taint analysis; vulnrability detection;
  • fLanguage
    English
  • Publisher
    ieee
  • Conference_Titel
    Software Testing, Verification and Validation (ICST), 2012 IEEE Fifth International Conference on
  • Conference_Location
    Montreal, QC
  • Print_ISBN
    978-1-4577-1906-6
  • Type

    conf

  • DOI
    10.1109/ICST.2012.182
  • Filename
    6200194
    • Link To Document
    https://search.isc.ac/dl/search/defaultta.aspx?DTC=49&DC=2089734