Communications of the ACM
With microscope and tweezers: the worm from MIT's perspective
Communications of the ACM
Letters to the editor: go to statement considered harmful
Communications of the ACM
Verifying a Multiprocessor Cache Controller Using Random Case
Verifying a Multiprocessor Cache Controller Using Random Case
Software engineering: quality assurance
ACM SIGSOFT Software Engineering Notes
Efficient detection of all pointer and array access errors
PLDI '94 Proceedings of the ACM SIGPLAN 1994 conference on Programming language design and implementation
FERRARI: A Flexible Software-Based Fault and Error Injection System
IEEE Transactions on Computers - Special issue on fault-tolerant computing
Concurrent Detection of Software and Hardware Data-Access Faults
IEEE Transactions on Computers
Measuring Software Dependability by Robustness Benchmarking
IEEE Transactions on Software Engineering
Simplifying failure-inducing input
Proceedings of the 2000 ACM SIGSOFT international symposium on Software testing and analysis
The Exception Handling Effectiveness of POSIX Operating Systems
IEEE Transactions on Software Engineering
Usability analysis with Markov models
ACM Transactions on Computer-Human Interaction (TOCHI)
An empirical study of operating systems errors
SOSP '01 Proceedings of the eighteenth ACM symposium on Operating systems principles
Mutation-based software testing using program schemata
ACM-SE 30 Proceedings of the 30th annual Southeast regional conference
Simplifying and Isolating Failure-Inducing Input
IEEE Transactions on Software Engineering
Accelerating software development through collaboration
Proceedings of the 24th International Conference on Software Engineering
IEEE Software
AMAST '02 Proceedings of the 9th International Conference on Algebraic Methodology and Software Technology
ATEC '02 Proceedings of the General Track of the annual conference on USENIX Annual Technical Conference
An Approach to Testing COTS Software for Robustness to Operating System Exceptions and Errors
ISSRE '99 Proceedings of the 10th International Symposium on Software Reliability Engineering
ISSTA '04 Proceedings of the 2004 ACM SIGSOFT international symposium on Software testing and analysis
Improving network applications security: a new heuristic to generate stress testing data
GECCO '05 Proceedings of the 7th annual conference on Genetic and evolutionary computation
Random testing of interrupt-driven software
Proceedings of the 5th ACM international conference on Embedded software
On deriving unknown vulnerabilities from zero-day polymorphic and metamorphic worm exploits
Proceedings of the 12th ACM conference on Computer and communications security
Presto Authorization: A Bitmap Indexing Scheme for High-Speed Access Control to XML Documents
IEEE Transactions on Knowledge and Data Engineering
Tool support for randomized unit testing
Proceedings of the 1st international workshop on Random testing
An empirical study of the robustness of MacOS applications using random testing
Proceedings of the 1st international workshop on Random testing
Is adaptive random testing really better than random testing
Proceedings of the 1st international workshop on Random testing
EXE: automatically generating inputs of death
Proceedings of the 13th ACM conference on Computer and communications security
Journal of Computing Sciences in Colleges
Emergent (mis)behavior vs. complex software systems
Proceedings of the 1st ACM SIGOPS/EuroSys European Conference on Computer Systems 2006
An empirical study of the robustness of MacOS applications using random testing
ACM SIGOPS Operating Systems Review
Enhancing adaptive random testing in high dimensional input domains
Proceedings of the 2007 ACM symposium on Applied computing
Feedback-Directed Random Test Generation
ICSE '07 Proceedings of the 29th international conference on Software Engineering
Randomized Differential Testing as a Prelude to Formal Verification
ICSE '07 Proceedings of the 29th international conference on Software Engineering
StackGuard: automatic adaptive detection and prevention of buffer-overflow attacks
SSYM'98 Proceedings of the 7th conference on USENIX Security Symposium - Volume 7
A Smart Fuzzer for x86 Executables
SESS '07 Proceedings of the Third International Workshop on Software Engineering for Secure Systems
Tracking system bugs: why are buffer overruns still around?
Proceedings of the 35th annual ACM SIGUCCS fall conference
Triage: diagnosing production run failures at the user's site
Proceedings of twenty-first ACM SIGOPS symposium on Operating systems principles
Predicting vulnerable software components
Proceedings of the 14th ACM conference on Computer and communications security
Directed test generation using symbolic grammars
Proceedings of the twenty-second IEEE/ACM international conference on Automated software engineering
Nighthawk: a two-level genetic-random unit test data generator
Proceedings of the twenty-second IEEE/ACM international conference on Automated software engineering
Flayer: exposing application internals
WOOT '07 Proceedings of the first USENIX workshop on Offensive Technologies
Information Assurance: Dependability and Security in Networked Systems
Information Assurance: Dependability and Security in Networked Systems
Detecting buffer overflow via automatic test input data generation
Computers and Operations Research
Callgraph properties of executables
AI Communications - Network Analysis in Natural Sciences and Engineering
Grammar-based whitebox fuzzing
Proceedings of the 2008 ACM SIGPLAN conference on Programming language design and implementation
Finding errors in .net with feedback-directed random testing
ISSTA '08 Proceedings of the 2008 international symposium on Software testing and analysis
TFTP vulnerability finding technique based on fuzzing
Computer Communications
Security Assessment Framework Using Static Analysis and Fault Injection
ICIC '08 Proceedings of the 4th international conference on Intelligent Computing: Advanced Intelligent Computing Theories and Applications - with Aspects of Theoretical and Methodological Issues
Distributing test cases more evenly in adaptive random testing
Journal of Systems and Software
EXE: Automatically Generating Inputs of Death
ACM Transactions on Information and System Security (TISSEC)
Privacy oracle: a system for finding application leaks with black box differential testing
Proceedings of the 15th ACM conference on Computer and communications security
Security Analysis of an IP Phone: Cisco 7960G
Principles, Systems and Applications of IP Telecommunications. Services and Security for Next Generation Networks
Experiences with model inference assisted fuzzing
WOOT'08 Proceedings of the 2nd conference on USENIX Workshop on offensive technologies
ASSURE: automatic software self-healing using rescue points
Proceedings of the 14th international conference on Architectural support for programming languages and operating systems
Evaluating the Quality of Open Source Software
Electronic Notes in Theoretical Computer Science (ENTCS)
Framework for exercising I/O exception handling code
International Journal of Information and Communication Technology
Enhanced lattice-based adaptive random testing
Proceedings of the 2009 ACM symposium on Applied Computing
Automatically finding patches using genetic programming
ICSE '09 Proceedings of the 31st International Conference on Software Engineering
Taint-based directed whitebox fuzzing
ICSE '09 Proceedings of the 31st International Conference on Software Engineering
Proceedings of the eighteenth international symposium on Software testing and analysis
Adaptive random testing based on distribution metrics
Journal of Systems and Software
Robust signatures for kernel data structures
Proceedings of the 16th ACM conference on Computer and communications security
State Based Robustness Testing for Components
Electronic Notes in Theoretical Computer Science (ENTCS)
Configuring resource managers using model fuzzing: a case study of the .NET thread pool
IM'09 Proceedings of the 11th IFIP/IEEE international conference on Symposium on Integrated Network Management
R-cubed (R3): rate, robustness, and recovery - an availability benchmark framework
R-cubed (R3): rate, robustness, and recovery - an availability benchmark framework
Security assessment for application network services using fault injection
PAISI'07 Proceedings of the 2007 Pacific Asia conference on Intelligence and security informatics
Designing better fitness functions for automated program repair
Proceedings of the 12th annual conference on Genetic and evolutionary computation
Automatically identifying critical input regions and code in applications
Proceedings of the 19th international symposium on Software testing and analysis
Testing system virtual machines
Proceedings of the 19th international symposium on Software testing and analysis
Robustness testing for software components
Science of Computer Programming
Dynamic test generation to find integer bugs in x86 binary linux programs
SSYM'09 Proceedings of the 18th conference on USENIX security symposium
A fistful of red-pills: how to automatically generate procedures to detect CPU emulators
WOOT'09 Proceedings of the 3rd USENIX conference on Offensive technologies
Input generation via decomposition and re-stitching: finding bugs in Malware
Proceedings of the 17th ACM conference on Computer and communications security
An autonomic testing framework for IPv6 configuration protocols
AIMS'10 Proceedings of the Mechanisms for autonomous management of networks and services, and 4th international conference on Autonomous infrastructure, management and security
Efficient file fuzz testing using automated analysis of binary file format
Journal of Systems Architecture: the EUROMICRO Journal
Tightlip: keeping applications from spilling the beans
NSDI'07 Proceedings of the 4th USENIX conference on Networked systems design & implementation
Finding and understanding bugs in C compilers
Proceedings of the 32nd ACM SIGPLAN conference on Programming language design and implementation
High coverage testing of Haskell programs
Proceedings of the 2011 International Symposium on Software Testing and Analysis
Checksum-Aware Fuzzing Combined with Dynamic Taint Analysis and Symbolic Execution
ACM Transactions on Information and System Security (TISSEC)
H-fuzzing: a new heuristic method for fuzzing data generation
NPC'11 Proceedings of the 8th IFIP international conference on Network and parallel computing
SimFuzz: Test case similarity directed deep fuzzing
Journal of Systems and Software
SNOOZE: toward a stateful network protocol fuzZEr
ISC'06 Proceedings of the 9th international conference on Information Security
Adaptive random testing through iterative partitioning
Ada-Europe'06 Proceedings of the 11th Ada-Europe international conference on Reliable Software Technologies
The S2E Platform: Design, Implementation, and Applications
ACM Transactions on Computer Systems (TOCS) - Special Issue APLOS 2011
Execution generated test cases: how to make systems code crash itself
SPIN'05 Proceedings of the 12th international conference on Model Checking Software
On enhancing the robustness of commercial operating systems
ISAS'04 Proceedings of the First international conference on Service Availability
QuickCheck testing for fun and profit
PADL'07 Proceedings of the 9th international conference on Practical Aspects of Declarative Languages
ASE '11 Proceedings of the 2011 26th IEEE/ACM International Conference on Automated Software Engineering
Undangle: early detection of dangling pointers in use-after-free and double-free vulnerabilities
Proceedings of the 2012 International Symposium on Software Testing and Analysis
Security'12 Proceedings of the 21st USENIX conference on Security symposium
A systematic review of software robustness
Information and Software Technology
THAPS: automated vulnerability scanning of PHP applications
NordSec'12 Proceedings of the 17th Nordic conference on Secure IT Systems
Comparative language fuzz testing: programming languages vs. fat fingers
Proceedings of the ACM 4th annual workshop on Evaluation and usability of programming languages and tools
Behavioral fuzzing operators for UML sequence diagrams
SAM'12 Proceedings of the 7th international conference on System Analysis and Modeling: theory and practice
Software verification and graph similarity for automated evaluation of students' assignments
Information and Software Technology
Proceedings of the 28th Annual ACM Symposium on Applied Computing
Accelerated robustness testing of state-based components using reverse execution
Proceedings of the 28th Annual ACM Symposium on Applied Computing
Semi-valid input coverage for fuzz testing
Proceedings of the 2013 International Symposium on Software Testing and Analysis
Fuzzing the ActionScript virtual machine
Proceedings of the 8th ACM SIGSAC symposium on Information, computer and communications security
Billions and billions of constraints: whitebox fuzz testing in production
Proceedings of the 2013 International Conference on Software Engineering
Scheduling black-box mutational fuzzing
Proceedings of the 2013 ACM SIGSAC conference on Computer & communications security
A methodology for testing CPU emulators
ACM Transactions on Software Engineering and Methodology (TOSEM) - Testing, debugging, and error handling, formal methods, lifecycle concerns, evolution and maintenance
Binary-code obfuscations in prevalent packer tools
ACM Computing Surveys (CSUR)
On fault resilience of OpenStack
Proceedings of the 4th annual Symposium on Cloud Computing
Dowsing for overflows: a guided fuzzer to find buffer boundary violations
SEC'13 Proceedings of the 22nd USENIX conference on Security
DroidFuzzer: Fuzzing the Android Apps with Intent-Filter Tag
Proceedings of International Conference on Advances in Mobile Computing & Multimedia
KameleonFuzz: evolutionary fuzzing for black-box XSS detection
Proceedings of the 4th ACM conference on Data and application security and privacy
Hi-index | 48.22 |
The following section describes the tools we built to test the utilities. These tools include the fuzz (random character) generator, ptyjig (to test interactive utilities), and scripts to automate the testing process. Next, we will describe the tests we performed, giving the types of input we presented to the utilities. Results from the tests will follow along with an analysis of the results, including identification and classification of the program bugs that caused the crashes. The final section presents concluding remarks, including suggestions for avoiding the types of problems detected by our study and some commentary on the bugs we found. We include an Appendix with the user manual pages for fuzz and ptyjig.