Experiences with Model Inference Assisted Fuzzing
نویسندگان
چکیده
In this paper we introduce the idea of model inference assisted fuzzing aimed to cost effectively improve software security. We experimented with several model inference techniques and applied fuzzing to the inferred models in order to generate robustness attacks. We proved our prototypes against real life software, namely anti-virus and archival software solutions. Several critical vulnerabilities were found in multiple file formats in multiple products. Based on the discovered vulnerabilities and the positive impact on the security we argue that our approach strikes a practical balance between completely random and manually designed model-based test case generation techniques.
منابع مشابه
kAFL: Hardware-Assisted Feedback Fuzzing for OS Kernels
Many kinds of memory safety vulnerabilities have been endangering software systems for decades. Amongst other approaches, fuzzing is a promising technique to unveil various software faults. Recently, feedback-guided fuzzing demonstrated its power, producing a steady stream of security-critical software bugs. Most fuzzing efforts—especially feedback fuzzing—are limited to user space components o...
متن کاملA New Fuzzing Method Using Multi Data Samples Combination
* Corresponding Author Abstract-Knowledge-based Fuzzing technologies have been applied successfully in software vulnerability mining, however, its current methods mainly focus on Fuzzing target software using a single data sample with one or multi-dimension input mutation [1], and thus the vulnerability mining results are not stable, false negatives of vulnerability are high and the selection o...
متن کاملO-19: Challenges of Donor Selection: The Experiences of Iranian Infertile Couples Undergoing Assisted Reproductive Donation Procedures
Background: Couples seeking assisted reproductive donation procedures are faced with complex challenges throughout their treatment which can have important psychological impacts on their life. Selecting a suitable donor is one of the hardest decisions they will ever make. This study was carried out to provide an in-depth description of the experiences of couples in relation to donor selection. ...
متن کاملProactive Security Testing and Fuzzing
Software is bound to have security critical flaws, and no testing or code auditing can ensure that software is flawless. But software security testing requirements have improved radically during the past years, largely due to criticism from security conscious consumers and Enterprise customers. Whereas in the past, security flaws were taken for granted (and patches were quietly and humbly insta...
متن کاملH-Fuzzing: A New Heuristic Method for Fuzzing Data Generation
How to efficiently reduce the fuzzing data scale while assuring high fuzzing veracity and vulnerability coverage is a pivotal issue in program fuzz test. This paper proposes a new heuristic method for fuzzing data generation named with H-Fuzzing. H-Fuzzing achieves a high program execution path coverage by retrieving the static information and dynamic property from the program. Our experiments ...
متن کاملذخیره در منابع من
با ذخیره ی این منبع در منابع من، دسترسی به آن را برای استفاده های بعدی آسان تر کنید
عنوان ژورنال:
دوره شماره
صفحات -
تاریخ انتشار 2008