Title :
Offset-Aware Mutation Based Fuzzing for Buffer Overflow Vulnerabilities: Few Preliminary Results
Author :
Rawat, Sanjay ; Mounier, Laurent
Author_Institution :
Grenoble INP, CNRS VERIMAG, Grenoble, France
Abstract :
This article presents few preliminary results and future ideas related to smart fuzzing to detect buffer overflow vulnerabilities. The approach is based on the combination of lightweight static analysis techniques and mutation-based evolutionary strategies. First, a static taint-analysis allows to identify the most dangerous execution paths, containing vulnerable statements those execution depend on user input streams. Then, concrete input are produced and executed on the vulnerable program following an offset-aware mutation strategy: at each step, the current input streams are mutated with specific values, and at specific offsets, depending on their ability to activate a target execution path. We provide few empirical results on a benchmarking dataset as a proof of concept and discuss future extension.
Keywords :
evolutionary computation; program diagnostics; buffer overflow vulnerability; lightweight static analysis; mutation-based evolutionary strategy; offset-aware mutation based fuzzing; smart fuzzing; static taint-analysis; Computer crashes; Evolutionary computation; IEEE Computer Society; Instruments; Measurement; Runtime; Software; buffer overflow; evolutionary algorithm; fuzzing; taint analysis;
Conference_Titel :
Software Testing, Verification and Validation Workshops (ICSTW), 2011 IEEE Fourth International Conference on
Conference_Location :
Berlin
Print_ISBN :
978-1-4577-0019-4
Electronic_ISBN :
978-0-7695-4345-1
DOI :
10.1109/ICSTW.2011.9
