Software unit test coverage and adequacy
ACM Computing Surveys (CSUR)
Service specific anomaly detection for network intrusion detection
Proceedings of the 2002 ACM symposium on Applied computing
Software security vulnerability testing in hostile environments
Proceedings of the 2002 ACM symposium on Applied computing
Tracking down software bugs using automatic anomaly detection
Proceedings of the 24th International Conference on Software Engineering
Model-based analysis of configuration vulnerabilities
Journal of Computer Security
Fault Injection Techniques and Tools
Computer
Testing for Software Vulnerability Using Environment Perturbation
DSN '00 Proceedings of the 2000 International Conference on Dependable Systems and Networks (formerly FTCS-30 and DCCA-8)
Skoll: Distributed Continuous Quality Assurance
Proceedings of the 26th International Conference on Software Engineering
The design and implementation of Zap: a system for migrating computing environments
OSDI '02 Proceedings of the 5th symposium on Operating systems design and implementationCopyright restrictions prevent ACM from being able to make the PDFs for this conference available for downloading
Towards Dependability in Everyday Software Using Software Telemetry
EASE '06 Proceedings of the Third IEEE International Workshop on Engineering of Autonomic & Autonomous Systems
Fuzzing: Brute Force Vulnerability Discovery
Fuzzing: Brute Force Vulnerability Discovery
Distributed In Vivo Testing of Software Applications
ICST '08 Proceedings of the 2008 International Conference on Software Testing, Verification, and Validation
Effective and scalable software compatibility testing
ISSTA '08 Proceedings of the 2008 international symposium on Software testing and analysis
Security in Computing Systems: Challenges, Approaches and Solutions
Security in Computing Systems: Challenges, Approaches and Solutions
Quality Assurance of Software Applications Using the In Vivo Testing Approach
ICST '09 Proceedings of the 2009 International Conference on Software Testing Verification and Validation
Taint-based directed whitebox fuzzing
ICSE '09 Proceedings of the 31st International Conference on Software Engineering
Incremental covering array failure characterization in large configuration spaces
Proceedings of the eighteenth international symposium on Software testing and analysis
Hi-index | 0.00 |
Many software security vulnerabilities only reveal themselves under certain conditions, that is, particular configurations and inputs together with a certain runtime environment. One approach to detecting these vulnerabilities is fuzz testing. However, typical fuzz testing makes no guarantees regarding the syntactic and semantic validity of the input, or of how much of the input space will be explored. To address these problems, the authors present a new testing methodology called Configuration Fuzzing. Configuration Fuzzing is a technique whereby the configuration of the running application is mutated at certain execution points to check for vulnerabilities that only arise in certain conditions. As the application runs in the deployment environment, this testing technique continuously fuzzes the configuration and checks "security invariants'' that, if violated, indicate vulnerability. This paper discusses the approach and introduces a prototype framework called ConFu CONfiguration FUzzing testing framework for implementation. Additionally, the results of case studies that demonstrate the approach's feasibility are presented along with performance evaluations.