Interprocedural slicing using dependence graphs
PLDI '88 Proceedings of the ACM SIGPLAN 1988 conference on Programming Language design and Implementation
The category-partition method for specifying and generating fuctional tests
Communications of the ACM
Interprocedural slicing using dependence graphs
ACM Transactions on Programming Languages and Systems (TOPLAS)
An empirical study of the reliability of UNIX utilities
Communications of the ACM
Using Program Slicing in Software Maintenance
IEEE Transactions on Software Engineering
Static slicing in the presence of goto statements
ACM Transactions on Programming Languages and Systems (TOPLAS)
Assertion-oriented automated test data generation
Proceedings of the 18th international conference on Software engineering
Slicing object-oriented software
Proceedings of the 18th international conference on Software engineering
Automated test-data generation for exception conditions
Software—Practice & Experience
Genetic Algorithms and Grouping Problems
Genetic Algorithms and Grouping Problems
Genetic Algorithms in Search, Optimization and Machine Learning
Genetic Algorithms in Search, Optimization and Machine Learning
Computers and Intractability: A Guide to the Theory of NP-Completeness
Computers and Intractability: A Guide to the Theory of NP-Completeness
Fast Anti-Random (FAR) Test Generation to Improve the Quality of Behavioral Model Verification
Journal of Electronic Testing: Theory and Applications
A static measure of a subset of intra-procedural data flow testing coverage based on node coverage
CASCON '99 Proceedings of the 1999 conference of the Centre for Advanced Studies on Collaborative research
ITS4: A static vulnerability scanner for C and C++ code
ACSAC '00 Proceedings of the 16th Annual Computer Security Applications Conference
Breeding Software Test Cases with Genetic Algorithms
HICSS '03 Proceedings of the 36th Annual Hawaii International Conference on System Sciences (HICSS'03) - Track 9 - Volume 9
Characterizing the 'Security Vulnerability Likelihood' of Software Functions
ICSM '03 Proceedings of the International Conference on Software Maintenance
Testing static analysis tools using exploitable buffer overflows from open source code
Proceedings of the 12th ACM SIGSOFT twelfth international symposium on Foundations of software engineering
Analysis and Visualization of Predicate Dependence on Formal Parameters and Global Variables
IEEE Transactions on Software Engineering
Stress testing real-time systems with genetic algorithms
GECCO '05 Proceedings of the 7th annual conference on Genetic and evolutionary computation
Improving network applications security: a new heuristic to generate stress testing data
GECCO '05 Proceedings of the 7th annual conference on Genetic and evolutionary computation
Search-based software test data generation: a survey: Research Articles
Software Testing, Verification & Reliability
Statically detecting likely buffer overflow vulnerabilities
SSYM'01 Proceedings of the 10th conference on USENIX Security Symposium - Volume 10
StackGuard: automatic adaptive detection and prevention of buffer-overflow attacks
SSYM'98 Proceedings of the 7th conference on USENIX Security Symposium - Volume 7
IEEE Transactions on Software Engineering
The Current State and Future of Search Based Software Engineering
FOSE '07 2007 Future of Software Engineering
Automated Test Data Generation using Search Based Software Engineering
AST '07 Proceedings of the Second International Workshop on Automation of Software Test
Automated test data generation using a scatter search approach
Information and Software Technology
A systematic review of search-based testing for non-functional system properties
Information and Software Technology
Search-based multi-paths test data generation for structure-oriented testing
Proceedings of the first ACM/SIGEVO Summit on Genetic and Evolutionary Computation
Towards security testing with taint analysis and genetic algorithms
Proceedings of the 2010 ICSE Workshop on Software Engineering for Secure Systems
SimFuzz: Test case similarity directed deep fuzzing
Journal of Systems and Software
Mitigating program security vulnerabilities: Approaches and challenges
ACM Computing Surveys (CSUR)
Security testing of web applications: a research plan
Proceedings of the 34th International Conference on Software Engineering
Search-based software engineering: Trends, techniques and applications
ACM Computing Surveys (CSUR)
Information and Software Technology
ARMORY: An automatic security testing tool for buffer overflow defect detection
Computers and Electrical Engineering
| Hi-index | 0.01 |
Buffer overflows cause serious problems in various categories of software systems. In critical systems, such as health-care, nuclear or aerospace software applications, a buffer overflow may cause severe threats to humans or severe economic losses. If they occur in network or security applications, they can be exploited to gain administrator privileges, perform system attacks, access unauthorized data, or misuse the system. This paper proposes a combination of genetic algorithms, linear programming, evolutionary testing, and static and dynamic information to detect buffer overflows. The newly proposed test input generation process avoids the need for human intervention to define and tune genetic algorithm weights and therefore it becomes completely automated. The process that guides the genetic search towards the detection of buffer overflow relies on a fitness function that takes into account static and dynamic information. Reported results of our case studies, consisting of two sets of open-source programs show that the new process and fitness function outperform previously published approaches.