• Documents
  • Authors
  • Tables
  • Other Seers ▼
    RefSeer AckSeer CollabSeer SeerSeer
  • Log in
  • Sign up
  • MetaCart

CiteSeerX logo

Advanced Search Include Citations
Advanced Search Include Citations | Disambiguate

Automated Whitebox Fuzz Testing

Cached

  • Download as a PDF

Download Links

  • [www.cs.ucla.edu]
  • [research.microsoft.com]
  • [research.microsoft.com]
  • [research.microsoft.com]
  • [research.microsoft.com]
  • [www.isoc.org]

  • Save to List
  • Add to Collection
  • Correct Errors
  • Monitor Changes
by Patrice Godefroid , Michael Y. Levin , David Molnar
Citations:102 - 12 self
  • Summary
  • Active Bibliography
  • Co-citation
  • Clustered Documents
  • Version History

Versions

  • Version 0
  • Version 1

Version History

Metadata Version 1

User correction supplied by mph

DatumValueSource
TITLE Automated Whitebox Fuzz Testing user correction
AUTHOR NAME Patrice Godefroid user correction
AUTHOR NAME Michael Y. Levin user correction
AUTHOR AFFIL Microsoft (CSE) user correction
AUTHOR NAME David Molnar user correction
ABSTRACT Fuzz testing is an effective technique for finding security vulnerabilities in software. Traditionally, fuzz testing tools apply random mutations to well-formed inputs of a program and test the resulting values. We present an alternative whitebox fuzz testing approach inspired by recent advances in symbolic execution and dynamic test generation. Our approach records an actual run of the program under test on a well-formed input, symbolically evaluates the recorded trace, and gathers constraints on inputs capturing how the program uses these. The collected constraints are then negated one by one and solved with a constraint solver, producing new inputs that exercise different control paths in the program. This process is repeated with the help of a code-coverage maximizing heuristic designed to find defects as fast as possible. We have implemented this algorithm in SAGE (Scalable, Automated, Guided Execution), a new tool employing x86 instruction-level tracing and emulation for whitebox fuzzing of arbitrary file-reading Windows applications. We describe key optimizations needed to make dynamic test generation scale to large input files and long execution traces with hundreds of millions of instructions. We then present detailed experiments with several Windows applications. Notably, without any format-specific knowledge, SAGE detects the MS07-017 ANI vulnerability, which was missed by extensive blackbox fuzzing and static analysis tools. Furthermore, while still in an early stage of development, SAGE has already discovered 30+ new bugs in large shipped Windows applications including image processors, media players, and file decoders. Several of these bugs are potentially exploitable memory access violations. user correction
CITATIONS 31 found ParsCit 1.0
The National Science Foundation
  • About CiteSeerX
  • Submit Documents
  • Privacy Policy
  • Help
  • Data
  • Source
  • Contact Us

Developed at and hosted by The College of Information Sciences and Technology

© 2007-2010 The Pennsylvania State University