发布求助
文献互助 智能选刊 最新文献

Futag: Automated fuzz target generator for testing software libraries

2021 Ivannikov Memorial Workshop (IVMEM) Pub Date : 2021-09-01 DOI:10.1109/ivmem53963.2021.00021
Chi Thien Tran, S. Kurmangaleev
{"title":"Futag: Automated fuzz target generator for testing software libraries","authors":"Chi Thien Tran, S. Kurmangaleev","doi":"10.1109/ivmem53963.2021.00021","DOIUrl":null,"url":null,"abstract":"Recently, Fuzzing is one of the most successful techniques to expose bugs in software. For testing large programs or large codebase with many features and entry-points, the creation of fuzz-targets remains a big challenge. In this paper, we introduce Futag – an automated fuzz target generator for testing software libraries. This approach uses static analysis to collect information about source code: data type definitions, dependencies of types, definitions of functions, etc. Futag has found many vulnerabilities in latest version of popular libraries such as: libopenssl, libpng, libjson-c, liblxml2.","PeriodicalId":360766,"journal":{"name":"2021 Ivannikov Memorial Workshop (IVMEM)","volume":"18 1","pages":"0"},"PeriodicalIF":0.0000,"publicationDate":"2021-09-01","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":"1","resultStr":null,"platform":"Semanticscholar","paperid":null,"PeriodicalName":"2021 Ivannikov Memorial Workshop (IVMEM)","FirstCategoryId":"1085","ListUrlMain":"https://doi.org/10.1109/ivmem53963.2021.00021","RegionNum":0,"RegionCategory":null,"ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":null,"EPubDate":"","PubModel":"","JCR":"","JCRName":"","Score":null,"Total":0}
引用次数: 1

Abstract

Recently, Fuzzing is one of the most successful techniques to expose bugs in software. For testing large programs or large codebase with many features and entry-points, the creation of fuzz-targets remains a big challenge. In this paper, we introduce Futag – an automated fuzz target generator for testing software libraries. This approach uses static analysis to collect information about source code: data type definitions, dependencies of types, definitions of functions, etc. Futag has found many vulnerabilities in latest version of popular libraries such as: libopenssl, libpng, libjson-c, liblxml2.
分享
查看原文 本刊更多论文
Futag:用于测试软件库的自动模糊目标生成器
最近,模糊测试是一种最成功的暴露软件缺陷的技术。对于测试具有许多特性和入口点的大型程序或大型代码库,创建模糊目标仍然是一个很大的挑战。本文介绍了一种用于测试软件库的自动模糊目标生成器Futag。这种方法使用静态分析来收集有关源代码的信息:数据类型定义、类型的依赖关系、函数定义等。Futag在libopenssl、libpng、libjson-c、libxml2等最新版本的流行库中发现了许多漏洞。
本文章由计算机程序翻译,如有差异,请以英文原文为准。
求助全文
约1分钟内获得全文 求助全文
来源期刊
2021 Ivannikov Memorial Workshop (IVMEM)
2021 Ivannikov Memorial Workshop (IVMEM)
自引率
0.00%
发文量
0
×
引用
GB/T 7714-2015
复制
MLA
复制
APA
复制
导出至
BibTeX EndNote RefMan NoteFirst NoteExpress
×
提示
您的信息不完整,为了账户安全,请先补充。
现在去补充
×
提示
您因"违规操作"
具体请查看互助需知
我知道了
×
提示
现在去查看 取消
×
提示
确定
请完成安全验证×
copy
已复制链接
快去分享给好友吧!
我知道了
右上角分享
点击右上角分享
0
联系我们:info@booksci.cn Book学术提供免费学术资源搜索服务,方便国内外学者检索中英文文献。致力于提供最便捷和优质的服务体验。 Copyright © 2023 布克学术 All rights reserved.
京ICP备2023020795号-1
ghs 京公网安备 11010802042870号
Book学术文献互助
Book学术文献互助群
群 号:481959085
Book学术官方微信