A Smart Fuzzer for x86 Executables

The automatic identification of security-relevant flaws in binary executables is still a young but promising research area. In this paper, we describe a new approach for the identification of vulnerabilities in object code we called smart fuzzing. While conventional fuzzing uses random input to disc...

Full description

Saved in:
Bibliographic Details
Main Authors: Lanzi, Andrea, Martignoni, Lorenzo, Monga, Mattia, Paleari, Roberto
Format: Conference Proceeding
Language:English
Subjects:
Buffer overflow
Computer bugs
Computer crashes
Computer crime
Condition monitoring
Data security
Information analysis
Lead
Security and privacy > Software and application security > Software security engineering
Signal processing
Software and its engineering > Software creation and management > Software verification and validation > Formal software verification
Software and its engineering > Software organization and properties > Software functional properties > Correctness > Access protection
Software and its engineering > Software organization and properties > Software functional properties > Formal methods
Software and its engineering > Software organization and properties > Software functional properties > Formal methods > Model checking
Testing
Theory of computation > Logic > Verification by model checking
Theory of computation > Semantics and reasoning > Program reasoning > Program analysis
Theory of computation > Semantics and reasoning > Program semantics
Online Access:Request full text
Tags: Add Tag
No Tags, Be the first to tag this record!
Description
Summary:The automatic identification of security-relevant flaws in binary executables is still a young but promising research area. In this paper, we describe a new approach for the identification of vulnerabilities in object code we called smart fuzzing. While conventional fuzzing uses random input to discover crash conditions, smart fuzzing restricts the input space by using a preliminary static analysis of the program, then refined by monitoring each execution. In other words, the search is driven by a mix of static and dynamic analysis in order to lead the execution path to selected corner cases that are the most likely to expose vulnerabilities, thus improving the effectiveness of fuzzing as a means for finding security breaches in black-box programs.
DOI:10.1109/SESS.2007.1