Title :
Schnauzer: scalable profiling for likely security bug sites
Author :
Arthur, W. ; Mammo, Biruk ; Rodriguez, Roberto ; Austin, Tom ; Bertacco, Valeria
Author_Institution :
Adv. Comput. Archit. Lab., Univ. of Michigan, Ann Arbor, MI, USA
Abstract :
Software bugs comprise the greatest threat to computer security today. Though enormous effort has been expended on eliminating security exploits, contemporary testing techniques are insufficient to deliver software free of security vulnerabilities. In this paper we propose a novel approach to security vulnerability analysis: dynamic control frontier profiling. Security exploits are often buried in rarely executed code paths hidden just beyond the path space explored by end-users. Therefore, we develop Schnauzer, a distributed sampling technology to discover the dynamic control frontier, which forms the line of demarcation between dynamically executed and unseen paths. This frontier may then be used to direct tools (such as white-box fuzz testers) to attain a level of testing coverage currently unachievable. We further demonstrate that the dynamic control frontier paths are a rich source of security bugs, sensitizing many known security exploits.
Keywords :
distributed processing; program debugging; program diagnostics; program testing; security of data; Schnauzer; code paths; computer security; contemporary testing techniques; coverage testing; distributed sampling technology; dynamic control frontier profiling; scalable profiling; security bug sites; security vulnerability analysis; software bugs; Buffer overflows; Computer bugs; Instruments; Security; Sociology; Software; Testing;
Conference_Titel :
Code Generation and Optimization (CGO), 2013 IEEE/ACM International Symposium on
Conference_Location :
Shenzhen
Print_ISBN :
978-1-4673-5524-7
DOI :
10.1109/CGO.2013.6494998
