doi: 10.17586/2226-1494-2021-21-6-895-902


Stochastic software testing for vulnerability analysis

A. O. Maneev, A. I. Spivak


Read the full article  ';
Article in Russian

For citation:
Maneev A.O., Spivak A.I. Stochastic software testing for vulnerability analysis. Scientific and Technical Journal of Information Technologies, Mechanics and Optics, 2021, vol. 21, no. 6, pp. 895–902 (in Russian). doi: 10.17586/2226-1494-2021-21-6-895-902


Abstract
Stochastic testing by fuzzing tools is one of the approaches to software vulnerability analysis. A testing process usually generates random input data for a tested program and takes a significant period of time. Reducing testing time is an important task. One of the areas of research for improving testing is to define only those sets of data sequences, which have an impact on the execution path of the tested program. Thus, a new approach of input data generation that reduces total testing time allows finding more program vulnerabilities. The paper suggests a modification of a genetic algorithm, which is used by fuzzer afl (American Fuzzy Lop). The promising positions model is introduced to improve the efficiency of input data generation. With this model, the most promising position in input data is chosen by the fuzzer genetic algorithm from the viewpoint of vulnerability analysis for next mutation steps. Compared to existing solutions, the suggested model pays attention to the perspective position of a data element to increase code coverage and directs the genetic algorithm to change it. The model was evaluated with the popular fuzzer afl and its modifications (aflfast, symfuzz, afl-rb). During the evaluation study, the suggested model reached 21 % more code coverage than existing solutions. Edge coverage between base program blocks is increased from 20897.3 up to 17267.4. The developed model can be used during software testing, which implies an input and processing of user data. The model can be integrated into stochastic testing tools. The modification should be done only, in the random generator component and does not require redesigning the whole testing tool.

Keywords: testing, dynamic testing, stochastic testing, vulnerability, fuzzing

References
  1. Sutton M., Greene A., Armini P. Fuzzing: Brute Force Vulnerability Discovery. Pearson Education, 2007, 576 p.
  2. Hertzfeld A. Monkey Lives. Available at: http://www.folklore.org/StoryView.py?story=Monkey_Lives.txt(accessed: 21.10.2021).
  3. Bug bounty. Manalyzer. Available at: https://manalyzer.org/bounty(accessed: 21.10.2021).
  4. MelnikovaV.V., KotovS.L., PalyukhB.V., Proskuryakov M.A. Testing program using genetic algorithms. Software & Systems, 2011, no. 4, pp. 107–110. (in Russian)
  5. Godefroid P. Random testing for security: blackbox vs. whitebox fuzzing. RT '07: Proc. of the 2nd International Workshop on Random Testing: Co-located with the 22nd IEEE/ACM International Conference on Automated Software Engineering (ASE 2007), 2007, pp. 1. https://doi.org/10.1145/1292414.1292416
  6. American Fuzzy Loop (2.52b). Available at: http://lcamtuf.coredump.cx/afl/(accessed: 21.10.2021).
  7. Yue T., Tang Y., Yu B., Wang P., Wang E. LearnAFL: Greybox fuzzing with knowledge enhancement. IEEE Access, 2019, vol. 7, pp. 117029–117043. https://doi.org/10.1109/ACCESS.2019.2936235
  8. Kersten R., Luckow K., Pãsãreanu C.S. Poster: AFL-based Fuzzing for Java with Kelinci. Proc. of the 24th ACM SIGSAC Conference on Computer and Communications Security (CCS 2017), 2017, pp. 2511–2513. https://doi.org/10.1145/3133956.3138820
  9. Smetsers R., Moerman J., Janssen M., Verwer S. Complementing Model Learning with Mutation-Based Fuzzing. arXiv: 1611.02429. 2016. Available at: http://arxiv.org/abs/1611.02429 (accessed: 21.10.2021).
  10. Cha S.K., Woo M., Brumley D. Program-adaptive mutational fuzzing. Proc. of the 36th IEEE Symposium on Security and Privacy (SP 2015), 2015, pp. 725–741. https://doi.org/10.1109/SP.2015.50
  11. Householder A.D. Well There's Your Problem: Isolating the Crash Inducing Bits in a Fuzzed File. Technical Note CMU/SEI-2012-TN-012. Software Engineering Institute. Carnegie Mellon University, 2012, 19 p.
  12. Rajpal M., Blum W., Singh R. Not all bytes are equal: Neural byte sieve for fuzzing. arXiv: 1711.045962017. 2017. Available at: http://arxiv.org/abs/1711.04596(accessed: 21.10.2021).
  13. Böhme M., Pham V.-T., Roychoudhury A. Coverage-based Greybox Fuzzing As Markov Chain. Proc. of the 23rd ACM Conference on Computer and Communications Security (CCS 2016), 2016, pp. 1032–1043. https://doi.org/10.1145/2976749.2978428


Creative Commons License

This work is licensed under a Creative Commons Attribution-NonCommercial 4.0 International License
Copyright 2001-2024 ©
Scientific and Technical Journal
of Information Technologies, Mechanics and Optics.
All rights reserved.

Яндекс.Метрика