Detecting the vulnerability of software with cyclic behavior using Sulley

Author

Hye-ryun Lee ; Seung-hun Shin ; Kyung-hee Choi ; Ki-hyun Chung ; Seung-Kyu Park ; Jun-yong Choi

fYear

2011

fDate

Nov. 29 2011-Dec. 1 2011

Firstpage

83

Lastpage

88

Abstract

Sulley, one of fuzzing tools can describe Software Under Test (SUT) more easily than other tools and provides with the libraries which can create the variety of test cases. But it has a weak point of difficulty to verify the vulnerability at the actual software because it doesn´t consider the process of the cycle between nodes. This paper carries out the research to resolve such problem so that it enables for Sulley to fuzz software with cycle. The basic structure and algorithm of Sulley are extended to adopt the requirement. We modify the structure of software excluding the cycle of software using the unfolding technique, which is widely used for the process of the loop structure in software field. The cycle structure is unfolded hiring the concept of boundary-interior path coverage. To evaluate the suggested method, fuzzing test is performed against the FTP service modeled by Sulley. The feasibility of the suggested method is proved by finding errors of the FTP service with cyclic behavior, which is being used widely.

Keywords

fuzzy set theory; program testing; software libraries; transport protocols; FTP service; SUT; Sulley; boundary-interior path coverage; cyclic behavior; fuzz software; fuzzing test; fuzzing tools; loop structure process; software cycle; software field; software libraries; software under test; software vulnerability; unfolded hiring; unfolding technique; Educational institutions; Libraries; Monitoring; Protocols; Servers; Software; Testing; Sulley; fuzz; testing; unfolding;

fLanguage

English

Publisher

ieee

Conference_Titel

Advanced Information Management and Service (ICIPM), 2011 7th International Conference on

Conference_Location

Jeju

Print_ISBN

978-1-4577-0471-0

Type

conf

Filename

6222137