Title :
Detecting the vulnerability of software with cyclic behavior using Sulley
Author :
Hye-ryun Lee ; Seung-hun Shin ; Kyung-hee Choi ; Ki-hyun Chung ; Seung-Kyu Park ; Jun-yong Choi
fDate :
Nov. 29 2011-Dec. 1 2011
Abstract :
Sulley, one of fuzzing tools can describe Software Under Test (SUT) more easily than other tools and provides with the libraries which can create the variety of test cases. But it has a weak point of difficulty to verify the vulnerability at the actual software because it doesn´t consider the process of the cycle between nodes. This paper carries out the research to resolve such problem so that it enables for Sulley to fuzz software with cycle. The basic structure and algorithm of Sulley are extended to adopt the requirement. We modify the structure of software excluding the cycle of software using the unfolding technique, which is widely used for the process of the loop structure in software field. The cycle structure is unfolded hiring the concept of boundary-interior path coverage. To evaluate the suggested method, fuzzing test is performed against the FTP service modeled by Sulley. The feasibility of the suggested method is proved by finding errors of the FTP service with cyclic behavior, which is being used widely.
Keywords :
fuzzy set theory; program testing; software libraries; transport protocols; FTP service; SUT; Sulley; boundary-interior path coverage; cyclic behavior; fuzz software; fuzzing test; fuzzing tools; loop structure process; software cycle; software field; software libraries; software under test; software vulnerability; unfolded hiring; unfolding technique; Educational institutions; Libraries; Monitoring; Protocols; Servers; Software; Testing; Sulley; fuzz; testing; unfolding;
Conference_Titel :
Advanced Information Management and Service (ICIPM), 2011 7th International Conference on
Conference_Location :
Jeju
Print_ISBN :
978-1-4577-0471-0
