A Smart Fuzzer for x86 Executables

Authors:
Andrea Lanzi;Lorenzo Martignoni;Mattia Monga;Roberto Paleari
Affiliations:
Universita degli Studi di Milano, Italy;Universita degli Studi di Milano, Italy;Universita degli Studi di Milano, Italy;Universita degli Studi di Milano, Italy
Venue:
SESS '07 Proceedings of the Third International Workshop on Software Engineering for Secure Systems
Year:
2007

Citing 14
Cited 1

Compilers: principles, techniques, and tools

Compilers: principles, techniques, and tools
An empirical study of the reliability of UNIX utilities

Communications of the ACM
Dynamic slicing in the presence of unconstrained pointers

TAV4 Proceedings of the symposium on Testing, analysis, and verification
Decompilation of binary programs

Software—Practice & Experience
Symbolic execution and program testing

Communications of the ACM
A Tool for Pro-active Defense Against the Buffer Overrun Attack

ESORICS '98 Proceedings of the 5th European Symposium on Research in Computer Security
Disassembly of Executable Code Revisited

WCRE '02 Proceedings of the Ninth Working Conference on Reverse Engineering (WCRE'02)
Detecting Kernel-Level Rootkits Through Binary Analysis

ACSAC '04 Proceedings of the 20th Annual Computer Security Applications Conference
Temporal search: detecting hidden malware timebombs with virtual machines

Proceedings of the 12th international conference on Architectural support for programming languages and operating systems
Efficient path conditions in dependence graphs for software safety analysis

ACM Transactions on Software Engineering and Methodology (TOSEM)
EXE: automatically generating inputs of death

Proceedings of the 13th ACM conference on Computer and communications security
Static Detection of Vulnerabilities in x86 Executables

ACSAC '06 Proceedings of the 22nd Annual Computer Security Applications Conference
Taint-enhanced policy enforcement: a practical approach to defeat a wide range of attacks

USENIX-SS'06 Proceedings of the 15th conference on USENIX Security Symposium - Volume 15
Behavior-based spyware detection

USENIX-SS'06 Proceedings of the 15th conference on USENIX Security Symposium - Volume 15

The 3rd International Workshop on Software Engineering for Secure Systems SESS07--Dependable and Secure

ICSE COMPANION '07 Companion to the proceedings of the 29th International Conference on Software Engineering

Quantified Score

Hi-index	0.00

Visualization

Abstract

The automatic identification of security-relevant flaws in binary executables is still a young but promising research area. In this paper, we describe a new approach for the identification of vulnerabilities in object code we called smart fuzzing. While conventional fuzzing uses random input to discover crash conditions, smart fuzzing restricts the input space by using a preliminary static analysis of the program, then refined by monitoring each execution. In other words, the search is driven by a mix of static and dynamic analysis in order to lead the execution path to selected corner cases that are the most likely to expose vulnerabilities, thus improving the effectiveness of fuzzing as a means for finding security breaches in black-box programs.