A guided fuzzing approach for security testing of network protocol software

Software vulnerabilities are one of the root causes of network security issues. Software security testing is an essential part of secure software development. Fuzzing has been proven to be an effective dynamic software security testing method. In this paper we present a guided fuzzing approach based on dynamic taint analysis for security testing of network protocol software. This approach identifies the security sensitive functions of target application affected by network packets via dynamic taint analysis, and generates testcases by mutating these packets with the elements of a fuzz library. Due to the guidance of taint information, it to some extend overcomes the blindness of traditional fuzzing methods and improves efficiency. The approach integrates several successive steps, we currently focus on the taint analysis step and have received interesting preliminary experimental results.