• DocumentCode
    3062105
  • Title

    A Smart Fuzzer for x86 Executables

  • Author

    Lanzi, Andrea ; Martignoni, Lorenzo ; Monga, Mattia ; Paleari, Roberto

  • Author_Institution
    Univ. degli Studi di Milano, Milan
  • fYear
    2007
  • fDate
    20-26 May 2007
  • Firstpage
    7
  • Lastpage
    7
  • Abstract
    The automatic identification of security-relevant flaws in binary executables is still a young but promising research area. In this paper, we describe a new approach for the identification of vulnerabilities in object code we called smart fuzzing. While conventional fuzzing uses random input to discover crash conditions, smart fuzzing restricts the input space by using a preliminary static analysis of the program, then refined by monitoring each execution. In other words, the search is driven by a mix of static and dynamic analysis in order to lead the execution path to selected corner cases that are the most likely to expose vulnerabilities, thus improving the effectiveness of fuzzing as a means for finding security breaches in black-box programs.
  • Keywords
    program testing; security of data; binary executables; black-box programs; preliminary static analysis; security-relevant flaws automatic identification; smart fuzzer; smart fuzzing; x86 executables; Buffer overflow; Computer bugs; Computer crashes; Computer crime; Condition monitoring; Data security; Information analysis; Lead; Signal processing; Testing;
  • fLanguage
    English
  • Publisher
    ieee
  • Conference_Titel
    Software Engineering for Secure Systems, 2007. SESS '07: ICSE Workshops 2007. Third International Workshop on
  • Conference_Location
    Minneapolis, MN
  • Print_ISBN
    0-7695-2952-6
  • Type

    conf

  • DOI
    10.1109/SESS.2007.1
  • Filename
    4273333
    • Link To Document
    https://search.isc.ac/dl/search/defaultta.aspx?DTC=49&DC=3062105