Compilers: principles, techniques, and tools
Compilers: principles, techniques, and tools
An empirical study of the reliability of UNIX utilities
Communications of the ACM
Dynamic slicing in the presence of unconstrained pointers
TAV4 Proceedings of the symposium on Testing, analysis, and verification
Decompilation of binary programs
Software—Practice & Experience
Symbolic execution and program testing
Communications of the ACM
A Tool for Pro-active Defense Against the Buffer Overrun Attack
ESORICS '98 Proceedings of the 5th European Symposium on Research in Computer Security
Disassembly of Executable Code Revisited
WCRE '02 Proceedings of the Ninth Working Conference on Reverse Engineering (WCRE'02)
Detecting Kernel-Level Rootkits Through Binary Analysis
ACSAC '04 Proceedings of the 20th Annual Computer Security Applications Conference
Temporal search: detecting hidden malware timebombs with virtual machines
Proceedings of the 12th international conference on Architectural support for programming languages and operating systems
Efficient path conditions in dependence graphs for software safety analysis
ACM Transactions on Software Engineering and Methodology (TOSEM)
EXE: automatically generating inputs of death
Proceedings of the 13th ACM conference on Computer and communications security
Static Detection of Vulnerabilities in x86 Executables
ACSAC '06 Proceedings of the 22nd Annual Computer Security Applications Conference
Taint-enhanced policy enforcement: a practical approach to defeat a wide range of attacks
USENIX-SS'06 Proceedings of the 15th conference on USENIX Security Symposium - Volume 15
Behavior-based spyware detection
USENIX-SS'06 Proceedings of the 15th conference on USENIX Security Symposium - Volume 15
ICSE COMPANION '07 Companion to the proceedings of the 29th International Conference on Software Engineering
Hi-index | 0.00 |
The automatic identification of security-relevant flaws in binary executables is still a young but promising research area. In this paper, we describe a new approach for the identification of vulnerabilities in object code we called smart fuzzing. While conventional fuzzing uses random input to discover crash conditions, smart fuzzing restricts the input space by using a preliminary static analysis of the program, then refined by monitoring each execution. In other words, the search is driven by a mix of static and dynamic analysis in order to lead the execution path to selected corner cases that are the most likely to expose vulnerabilities, thus improving the effectiveness of fuzzing as a means for finding security breaches in black-box programs.