{"title":"RankFuzz:基于综合评价的模糊测试","authors":"Cheng Li, Qiang Wei, Qingxian Wang","doi":"10.1109/MINES.2012.161","DOIUrl":null,"url":null,"abstract":"It has been proven successful that fuzz testing can successfully find security vulnerabilities in programs. However, traditional black box fuzz testing tools, which randomly mutate the input, are blind and ineffective. The white box fuzzing technology, known as the symbolic execution, is still facing the problem of low efficiency and path explosion. We present a new automated fuzzing technique based on comprehensive evaluation and a tool, Rank Fuzz, that implements this technique. By running dynamic taint analysis, we divide the input into several fields and make a rank to each of them according to the comprehensive evaluation results, in the hope that the potential vulnerability can be quickly found. We use several existing vulnerabilities to assess the reasonability of our evaluation system, finding that Rank Fuzz can effectively locate the bytes triggering the vulnerabilities and all of their ranks are on the top 30% of total fields. We also test two off-the-shelf applications within 8 hours and find 3 new vulnerabilities.","PeriodicalId":208089,"journal":{"name":"2012 Fourth International Conference on Multimedia Information Networking and Security","volume":"8 1","pages":"0"},"PeriodicalIF":0.0000,"publicationDate":"2012-11-02","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":"1","resultStr":"{\"title\":\"RankFuzz: Fuzz Testing Based on Comprehensive Evaluation\",\"authors\":\"Cheng Li, Qiang Wei, Qingxian Wang\",\"doi\":\"10.1109/MINES.2012.161\",\"DOIUrl\":null,\"url\":null,\"abstract\":\"It has been proven successful that fuzz testing can successfully find security vulnerabilities in programs. However, traditional black box fuzz testing tools, which randomly mutate the input, are blind and ineffective. The white box fuzzing technology, known as the symbolic execution, is still facing the problem of low efficiency and path explosion. We present a new automated fuzzing technique based on comprehensive evaluation and a tool, Rank Fuzz, that implements this technique. By running dynamic taint analysis, we divide the input into several fields and make a rank to each of them according to the comprehensive evaluation results, in the hope that the potential vulnerability can be quickly found. We use several existing vulnerabilities to assess the reasonability of our evaluation system, finding that Rank Fuzz can effectively locate the bytes triggering the vulnerabilities and all of their ranks are on the top 30% of total fields. We also test two off-the-shelf applications within 8 hours and find 3 new vulnerabilities.\",\"PeriodicalId\":208089,\"journal\":{\"name\":\"2012 Fourth International Conference on Multimedia Information Networking and Security\",\"volume\":\"8 1\",\"pages\":\"0\"},\"PeriodicalIF\":0.0000,\"publicationDate\":\"2012-11-02\",\"publicationTypes\":\"Journal Article\",\"fieldsOfStudy\":null,\"isOpenAccess\":false,\"openAccessPdf\":\"\",\"citationCount\":\"1\",\"resultStr\":null,\"platform\":\"Semanticscholar\",\"paperid\":null,\"PeriodicalName\":\"2012 Fourth International Conference on Multimedia Information Networking and Security\",\"FirstCategoryId\":\"1085\",\"ListUrlMain\":\"https://doi.org/10.1109/MINES.2012.161\",\"RegionNum\":0,\"RegionCategory\":null,\"ArticlePicture\":[],\"TitleCN\":null,\"AbstractTextCN\":null,\"PMCID\":null,\"EPubDate\":\"\",\"PubModel\":\"\",\"JCR\":\"\",\"JCRName\":\"\",\"Score\":null,\"Total\":0}","platform":"Semanticscholar","paperid":null,"PeriodicalName":"2012 Fourth International Conference on Multimedia Information Networking and Security","FirstCategoryId":"1085","ListUrlMain":"https://doi.org/10.1109/MINES.2012.161","RegionNum":0,"RegionCategory":null,"ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":null,"EPubDate":"","PubModel":"","JCR":"","JCRName":"","Score":null,"Total":0}
RankFuzz: Fuzz Testing Based on Comprehensive Evaluation
It has been proven successful that fuzz testing can successfully find security vulnerabilities in programs. However, traditional black box fuzz testing tools, which randomly mutate the input, are blind and ineffective. The white box fuzzing technology, known as the symbolic execution, is still facing the problem of low efficiency and path explosion. We present a new automated fuzzing technique based on comprehensive evaluation and a tool, Rank Fuzz, that implements this technique. By running dynamic taint analysis, we divide the input into several fields and make a rank to each of them according to the comprehensive evaluation results, in the hope that the potential vulnerability can be quickly found. We use several existing vulnerabilities to assess the reasonability of our evaluation system, finding that Rank Fuzz can effectively locate the bytes triggering the vulnerabilities and all of their ranks are on the top 30% of total fields. We also test two off-the-shelf applications within 8 hours and find 3 new vulnerabilities.
求助内容:
应助结果提醒方式:
京公网安备 11010802042870号
