Title :
An Empirical Study for Security of Windows DLL Files Using Automated API Fuzz Testing
Author :
Choi, Younghan ; Kim, Hyoungchun ; Lee, Dohoon
Author_Institution :
Electron. & Telecommun. Res. Inst.(ETRI), Daejeon
Abstract :
Fuzz testing is a method that inserts an unexpected data into input of a software system and finds defects of it in order to perform security testing. In this paper , We proposed a novel methodology that performed API fuzz testing automatically and evaluated it for Windows system that most of people in the world used. We implemented an automated API fuzz testing tool that our methodology applied to. Using this tool, we experimented on 1,182 DLL files and 6,117 API functions in a system fold of Windows XP SP2. We found 177 faults in them. Among faults, 10 faults are related to control flow of a program.
Keywords :
application program interfaces; program testing; security of data; user interfaces; Windows DLL file security; application programming interface; automated API fuzz testing; software testing; Application software; Automatic testing; Data security; Electronic equipment testing; Performance evaluation; Prototypes; Software prototyping; Software systems; Software testing; System testing; Fuzz Testing; Software Testing; Windows;
Conference_Titel :
Advanced Communication Technology, 2008. ICACT 2008. 10th International Conference on
Conference_Location :
Gangwon-Do
Print_ISBN :
978-89-5519-136-3
DOI :
10.1109/ICACT.2008.4494042
