An empirical study of the reliability of UNIX utilities
Communications of the ACM
Software fault injection: inoculating programs against errors
Software fault injection: inoculating programs against errors
Programming Windows, Fifth Edition
Programming Windows, Fifth Edition
Comparing Operating Systems Using Robustness Benchmarks
SRDS '97 Proceedings of the 16th Symposium on Reliable Distributed Systems
Violating Assumptions with Fuzzing
IEEE Security and Privacy
An empirical study of the robustness of MacOS applications using random testing
Proceedings of the 1st international workshop on Random testing
An empirical study of the robustness of Windows NT applications using random testing
WSS'00 Proceedings of the 4th conference on USENIX Windows Systems Symposium - Volume 4
Polyglot: automatic extraction of protocol message format using dynamic binary analysis
Proceedings of the 14th ACM conference on Computer and communications security
Fuzzing: Brute Force Vulnerability Discovery
Fuzzing: Brute Force Vulnerability Discovery
Discoverer: automatic protocol reverse engineering from network traces
SS'07 Proceedings of 16th USENIX Security Symposium on USENIX Security Symposium
Fuzzing for Software Security Testing and Quality Assurance
Fuzzing for Software Security Testing and Quality Assurance
Tupni: automatic reverse engineering of input formats
Proceedings of the 15th ACM conference on Computer and communications security
Prospex: Protocol Specification Extraction
SP '09 Proceedings of the 2009 30th IEEE Symposium on Security and Privacy
State of the art: Dynamic symbolic execution for automated test generation
Future Generation Computer Systems
Service Oriented Computing and Applications
| Hi-index | 0.00 |
Fuzz testing is regarded as the most useful technique in finding serious security holes in a software system. It inserts unexpected data into the input of the software system and finds the system's bugs or errors. However, one of the disadvantages that fuzz testing executed using binary files has is that it requires a large number of fault-inserted files to cover every test case, which could be up to 2^8^x^F^I^L^E^S^I^Z^E files. In order to overcome this drawback, we propose a novel algorithm that efficiently reduces the number of fault-inserted files, yet still maintain the maximum test case coverage. The proposed approach enables the automatic analysis of fields of binary files by tracking and analyzing stack frames, assembly codes, and registers as the software system parses the files. We evaluate the efficacy of the new method by implementing a practical tool, the Binary File Analyzer and Fault Injector (BFAFI), which traces the program execution and analyzes the fields in binary file format. Our experiments demonstrate that the BFAFI reduced the total number of fault-inserted files with maximum test case coverage as well as detected approximately 14 times more exceptions than did the general fuzzer. Also, the BFAFI found 11 causes of exceptions; five of them were found only by BFAFI. Ten of the 11 causes of exceptions that we found were generated by a graphic rendering engine (GDI32.dll); the other was generated by the system library (kernel32.dll) in Windows XP SP2.