An empirical study of the reliability of UNIX utilities
Communications of the ACM
Suffix arrays: a new method for on-line string searches
SODA '90 Proceedings of the first annual ACM-SIAM symposium on Discrete algorithms
Software Testing Techniques
Approximation algorithms for grammar-based compression
SODA '02 Proceedings of the thirteenth annual ACM-SIAM symposium on Discrete algorithms
Introduction To Automata Theory, Languages, And Computation
Introduction To Automata Theory, Languages, And Computation
Offline Dictionary-Based Compression
DCC '99 Proceedings of the Conference on Data Compression
Discoverer: automatic protocol reverse engineering from network traces
SS'07 Proceedings of 16th USENIX Security Symposium on USENIX Security Symposium
Behavioral fuzzing operators for UML sequence diagrams
SAM'12 Proceedings of the 7th international conference on System Analysis and Modeling: theory and practice
| Hi-index | 0.00 |
In this paper we introduce the idea of model inference assisted fuzzing aimed to cost effectively improve software security. We experimented with several model inference techniques and applied fuzzing to the inferred models in order to generate robustness attacks. We proved our prototypes against real life software, namely anti-virus and archival software solutions. Several critical vulnerabilities were found in multiple file formats in multiple products. Based on the discovered vulnerabilities and the positive impact on the security we argue that our approach strikes a practical balance between completely random and manually designed model-based test case generation techniques.