DocumentCode
3348533
Title
Automatic Fault Localization for Fuzzing
Author
Lu, Yu ; Lifa, Wu ; Fan, Pan ; Honglin, Zhuang ; Zheng, Hong
Author_Institution
Inst. of Command Autom., PLA Univ. of Sci. & Technol., Nanjing, China
fYear
2011
fDate
21-23 Oct. 2011
Firstpage
388
Lastpage
391
Abstract
Fuzzing has proved successful in finding security vulnerabilities in large binary programs. Traditionally, reversing engineering technologies are used to locate codes that may lead to exceptions in Fuzzing, and this may demand a great amount of human efforts and consequently gives rise to low efficiency. In this paper, an automatic fault localization method for Fuzzing is proposed together with an automatic vulnerability analysis system named Fuzz Loc. Fuzz Loc can filter key instructions that may directly cause exceptions. Starting from these key instructions, Fuzz Loc implements automatic fault localization by back tracing. With Fuzz Loc, a great deal of human efforts can be saved. Experiments show that Fuzz Loc can locate fault codes accurately with little human intervention and consequently improves efficiency of fault analysis and vulnerability mining.
Keywords
fault location; security of data; FuzzLoc; automatic fault localization method; automatic vulnerability analysis system; fault analysis; fault code location; human effort; human intervention; large binary program; reversed engineering technology; security vulnerability mining; Algorithm design and analysis; Bismuth; Heuristic algorithms; Humans; Security; Software; Syntactics; Fuzzing; automatic fault localization; reversing engineering; security vulnerabilities;
fLanguage
English
Publisher
ieee
Conference_Titel
Instrumentation, Measurement, Computer, Communication and Control, 2011 First International Conference on
Conference_Location
Beijing
Print_ISBN
978-0-7695-4519-6
Type
conf
DOI
10.1109/IMCCC.2011.104
Filename
6154129
Link To Document