Proceedings. International Conference on Availability, Security, and Reliability最新文献

筛选

英文中文

Configuration Fuzzing for Software Vulnerability Detection. 软件漏洞检测的配置模糊测试。

Proceedings. International Conference on Availability, Security, and Reliability Pub Date : 2010-02-15 DOI: 10.1109/ares.2010.22

Huning Dai, Christian Murphy, Gail Kaiser

{"title":"Configuration Fuzzing for Software Vulnerability Detection.","authors":"Huning Dai, Christian Murphy, Gail Kaiser","doi":"10.1109/ares.2010.22","DOIUrl":"10.1109/ares.2010.22","url":null,"abstract":"<p><p>Many software security vulnerabilities only reveal themselves under certain conditions, i.e., particular configurations of the software together with its particular runtime environment. One approach to detecting these vulnerabilities is fuzz testing, which feeds a range of randomly modified inputs to a software application while monitoring it for failures. However, typical fuzz testing makes no guarantees regarding the syntactic and semantic validity of the input, or of how much of the input space will be explored. To address these problems, in this paper we present a new testing methodology called configuration fuzzing. Configuration fuzzing is a technique whereby the configuration of the running application is randomly modified at certain execution points, in order to check for vulnerabilities that only arise in certain conditions. As the application runs in the deployment environment, this testing technique continuously fuzzes the configuration and checks \"security invariants\" that, if violated, indicate a vulnerability; however, the fuzzing is performed in a duplicated copy of the original process, so that it does not affect the state of the running application. In addition to discussing the approach and describing a prototype framework for implementation, we also present the results of a case study to demonstrate the approach's efficiency.</p>","PeriodicalId":89231,"journal":{"name":"Proceedings. International Conference on Availability, Security, and Reliability","volume":" ","pages":"525-530"},"PeriodicalIF":0.0,"publicationDate":"2010-02-15","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"https://www.ncbi.nlm.nih.gov/pmc/articles/PMC3057938/pdf/nihms200709.pdf","citationCount":null,"resultStr":null,"platform":"Semanticscholar","paperid":"29789511","PeriodicalName":null,"FirstCategoryId":null,"ListUrlMain":null,"RegionNum":0,"RegionCategory":"","ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":"OA","EPubDate":null,"PubModel":null,"JCR":null,"JCRName":null,"Score":null,"Total":0}

引用次数: 0