Automatic Fault Localization for Fuzzing

Author

Lu, Yu ; Lifa, Wu ; Fan, Pan ; Honglin, Zhuang ; Zheng, Hong

Author_Institution

Inst. of Command Autom., PLA Univ. of Sci. & Technol., Nanjing, China

fYear

2011

fDate

21-23 Oct. 2011

Firstpage

388

Lastpage

391

Abstract

Fuzzing has proved successful in finding security vulnerabilities in large binary programs. Traditionally, reversing engineering technologies are used to locate codes that may lead to exceptions in Fuzzing, and this may demand a great amount of human efforts and consequently gives rise to low efficiency. In this paper, an automatic fault localization method for Fuzzing is proposed together with an automatic vulnerability analysis system named Fuzz Loc. Fuzz Loc can filter key instructions that may directly cause exceptions. Starting from these key instructions, Fuzz Loc implements automatic fault localization by back tracing. With Fuzz Loc, a great deal of human efforts can be saved. Experiments show that Fuzz Loc can locate fault codes accurately with little human intervention and consequently improves efficiency of fault analysis and vulnerability mining.

Keywords

fault location; security of data; FuzzLoc; automatic fault localization method; automatic vulnerability analysis system; fault analysis; fault code location; human effort; human intervention; large binary program; reversed engineering technology; security vulnerability mining; Algorithm design and analysis; Bismuth; Heuristic algorithms; Humans; Security; Software; Syntactics; Fuzzing; automatic fault localization; reversing engineering; security vulnerabilities;

fLanguage

English

Publisher

ieee

Conference_Titel

Instrumentation, Measurement, Computer, Communication and Control, 2011 First International Conference on

Conference_Location

Beijing

Print_ISBN

978-0-7695-4519-6

Type

conf

DOI

10.1109/IMCCC.2011.104

Filename

6154129