A Taint Based Approach for Smart Fuzzing

A Taint Based Approach for Smart Fuzzing

Fuzzing is one of the most popular test-based software vulnerability detection techniques. It consists in running the target application with dedicated inputs in order to exhibit potential failures that could be exploited by a malicious user. In this paper we propose a global approach for fuzzing, a...

Ausführliche Beschreibung

Gespeichert in:
Bibliographische Detailangaben
Hauptverfasser: Bekrar, S., Bekrar, C., Groz, R., Mounier, L.
Format: Tagungsbericht
Sprache:eng
Schlagworte:
Assembly
Computer Science
dynamic analysis
Monitoring
Protocols
Registers
Runtime
Security
smart fuzzing
Software
Software Engineering
taint analysis
vulnrability detection
Online-Zugang:Volltext bestellen
Tags: Tag hinzufügen
Keine Tags, Fügen Sie den ersten Tag hinzu!
Beschreibung
Zusammenfassung:Fuzzing is one of the most popular test-based software vulnerability detection techniques. It consists in running the target application with dedicated inputs in order to exhibit potential failures that could be exploited by a malicious user. In this paper we propose a global approach for fuzzing, addressing the main challenges to be faced in an industrial context: large-size applications, without source code access, and with a partial knowledge of the input specifications. This approach integrates several successive steps, and we mostly focus here on an important one which relies on binary-level dynamic taint analysis. We summarize the main problems to be addressed in this step, and we detail the solution we implemented to solve them.
ISSN:2159-4848
2771-3091
DOI:10.1109/ICST.2012.182