Many kinds of memory safety vulnerabilities have been endangering software systems for decades. Amongst other approaches, fuzzing is a promising technique to unveil various software faults. Recently, feedback-guided fuzzing demonstrated its power, producing a steady stream of security-critical software bugs. Most fuzzing efforts—especially feedback fuzzing—are limited to user space components o...

Users rarely consider their media player as a security critical application. However, with an increasing amount of media content available on the web, users are exposing themselves to attack by downloading possibly malicious content. We focus on identifying vulnerabilities in three media formats (AVI, MPEG and Ogg) and two media players (MPlayer and VLC). We use a modification of traditional fo...

The latest generation of smart card embeds an HTTP web server which facilitates the integration of smart card into the existing networks and provides more services and custom interfaces. It also helps the developers to simplify the use of new programming model (servlets). However, due to the sensitive information stored and the resource constraints with which the technology is running, it is ne...

Test case mutation and generation (m&g) based on data samples is an effective way to generate test cases for Knowledge-based fuzzing, but present m&g technique is only capable of one-dimensional m&g at a time, based on a data sample, and thus it is impossible to find a vulnerability that can only be detected by multidimensional m&g. This paper proposes a mathematical model FTSG that formally de...

Protocol reverse engineering, the process of extracting the application-level protocol used by an implementation, without access to the protocol specification, is important for many network security applications. Recent work [17] has proposed protocol reverse engineering by using clustering on network traces, but has several significant limitations. In this paper we propose a new approach to ex...

Many software security vulnerabilities only reveal themselves under certain conditions, i.e., particular configurations of the software and certain inputs together with its particular runtime environment. One approach to detecting these vulnerabilities is fuzz testing, which feeds a range of randomly modified inputs to a software application while monitoring it for failures. However, typical fu...

We summarize the open challenges and opportunities for fuzzing symbolic execution as they emerged in discussions among researchers practitioners a Shonan Meeting that were validated subsequent survey.

IT-Sicherheitstests untersuchen Systeme auf sicherheitsrelevante Schwachstellen, indem diese ausgeführt werden. Eine inzwischen verbreitete Technik hierfür ist das sogenannte Fuzzing, bei dem die Schnittstellen eines Systems mit ungültigen Daten stimuliert werden. Diese können zufallsbasiert, mit Beschreibungen der Eingabedatenformate, beispielsweise mit Hilfe von Grammatiken, oder zusätzlich m...

In this paper we introduce the idea of model inference assisted fuzzing aimed to cost effectively improve software security. We experimented with several model inference techniques and applied fuzzing to the inferred models in order to generate robustness attacks. We proved our prototypes against real life software, namely anti-virus and archival software solutions. Several critical vulnerabili...

Abstract Fuzzing has become one of the best-established methods to uncover software bugs. Meanwhile, market embedded systems, which binds execution tightly very hardware architecture, grown at a steady pace, and that pace is anticipated yet more sustained in near future. Embedded systems also benefit from fuzzing, but innumerable existing architectures peripherals complicate development general...