• Documents
  • Authors
  • Tables
  • Log in
  • Sign up
  • MetaCart
  • DMCA
  • Donate

CiteSeerX logo

DMCA

Automated Whitebox Fuzz Testing

Cached

  • Download as a PDF

Download Links

  • [www.cs.ucla.edu]
  • [research.microsoft.com]
  • [research.microsoft.com]
  • [research.microsoft.com]
  • [research.microsoft.com]
  • [research.microsoft.com]
  • [research.microsoft.com]
  • [research.microsoft.com]
  • [www.cs.ucsb.edu]
  • [www.cs.ucsb.edu]
  • [www.isoc.org]

  • Save to List
  • Add to Collection
  • Correct Errors
  • Monitor Changes
by Patrice Godefroid , Michael Y. Levin , David Molnar
Citations:311 - 25 self
  • Summary
  • Citations
  • Active Bibliography
  • Co-citation
  • Clustered Documents
  • Version History

BibTeX

@MISC{Godefroid_automatedwhitebox,
    author = {Patrice Godefroid and Michael Y. Levin and David Molnar},
    title = { Automated Whitebox Fuzz Testing},
    year = {}
}

Share

Facebook Twitter Reddit Bibsonomy

OpenURL

 

Abstract

Fuzz testing is an effective technique for finding security vulnerabilities in software. Traditionally, fuzz testing tools apply random mutations to well-formed inputs of a program and test the resulting values. We present an alternative whitebox fuzz testing approach inspired by recent advances in symbolic execution and dynamic test generation. Our approach records an actual run of the program under test on a well-formed input, symbolically evaluates the recorded trace, and gathers constraints on inputs capturing how the program uses these. The collected constraints are then negated one by one and solved with a constraint solver, producing new inputs that exercise different control paths in the program. This process is repeated with the help of a code-coverage maximizing heuristic designed to find defects as fast as possible. We have implemented this algorithm in SAGE (Scalable, Automated, Guided Execution), a new tool employing x86 instruction-level tracing and emulation for whitebox fuzzing of arbitrary file-reading Windows applications. We describe key optimizations needed to make dynamic test generation scale to large input files and long execution traces with hundreds of millions of instructions. We then present detailed experiments with several Windows applications. Notably, without any format-specific knowledge, SAGE detects the MS07-017 ANI vulnerability, which was missed by extensive blackbox fuzzing and static analysis tools. Furthermore, while still in an early stage of development, SAGE has already discovered 30+ new bugs in large shipped Windows applications including image processors, media players, and file decoders. Several of these bugs are potentially exploitable memory access violations.

Keyphrases

whitebox fuzz testing    well-formed input    new input    key optimization    dynamic test generation scale    security vulnerability    exploitable memory access violation    long execution trace    collected constraint    random mutation    symbolic execution    x86 instruction-level tracing    actual run    ms07-017 ani vulnerability    new bug    image processor    new tool    fuzz testing tool    several window application    large shipped window application    alternative whitebox fuzz    file decoder    whitebox fuzzing    early stage    code-coverage maximizing    constraint solver    recent advance    static analysis tool    gather constraint    format-specific knowledge    detailed experiment    approach record    medium player    recorded trace    extensive blackbox fuzzing    guided execution    fuzz testing    arbitrary file-reading window application    dynamic test generation    different control path    effective technique    large input file   

Powered by: Apache Solr
  • About CiteSeerX
  • Submit and Index Documents
  • Privacy Policy
  • Help
  • Data
  • Source
  • Contact Us

Developed at and hosted by The College of Information Sciences and Technology

© 2007-2019 The Pennsylvania State University