Menu
Publications
2024
2023
2022
2021
2020
2019
2018
2017
2016
2015
2014
2013
2012
2011
2010
2009
2008
2007
2006
2005
2004
2003
2002
2001
Editor-in-Chief
Nikiforov
Vladimir O.
D.Sc., Prof.
Partners
doi: 10.17586/2226-1494-2021-21-6-895-902
Stochastic software testing for vulnerability analysis
Read the full article ';
Article in Russian
For citation:
Abstract
For citation:
Maneev A.O., Spivak A.I. Stochastic software testing for vulnerability analysis. Scientific and Technical Journal of Information Technologies, Mechanics and Optics, 2021, vol. 21, no. 6, pp. 895–902 (in Russian). doi: 10.17586/2226-1494-2021-21-6-895-902
Abstract
Stochastic testing by fuzzing tools is one of the approaches to software vulnerability analysis. A testing process usually generates random input data for a tested program and takes a significant period of time. Reducing testing time is an important task. One of the areas of research for improving testing is to define only those sets of data sequences, which have an impact on the execution path of the tested program. Thus, a new approach of input data generation that reduces total testing time allows finding more program vulnerabilities. The paper suggests a modification of a genetic algorithm, which is used by fuzzer afl (American Fuzzy Lop). The promising positions model is introduced to improve the efficiency of input data generation. With this model, the most promising position in input data is chosen by the fuzzer genetic algorithm from the viewpoint of vulnerability analysis for next mutation steps. Compared to existing solutions, the suggested model pays attention to the perspective position of a data element to increase code coverage and directs the genetic algorithm to change it. The model was evaluated with the popular fuzzer afl and its modifications (aflfast, symfuzz, afl-rb). During the evaluation study, the suggested model reached 21 % more code coverage than existing solutions. Edge coverage between base program blocks is increased from 20897.3 up to 17267.4. The developed model can be used during software testing, which implies an input and processing of user data. The model can be integrated into stochastic testing tools. The modification should be done only, in the random generator component and does not require redesigning the whole testing tool.
Keywords: testing, dynamic testing, stochastic testing, vulnerability, fuzzing
References
References
-
Sutton M., Greene A., Armini P. Fuzzing: Brute Force Vulnerability Discovery. Pearson Education, 2007, 576 p.
-
Hertzfeld A. Monkey Lives. Available at: http://www.folklore.org/StoryView.py?story=Monkey_Lives.txt(accessed: 21.10.2021).
-
Bug bounty. Manalyzer. Available at: https://manalyzer.org/bounty(accessed: 21.10.2021).
-
MelnikovaV.V., KotovS.L., PalyukhB.V., Proskuryakov M.A. Testing program using genetic algorithms. Software & Systems, 2011, no. 4, pp. 107–110. (in Russian)
-
Godefroid P. Random testing for security: blackbox vs. whitebox fuzzing. RT '07: Proc. of the 2nd International Workshop on Random Testing: Co-located with the 22nd IEEE/ACM International Conference on Automated Software Engineering (ASE 2007), 2007, pp. 1. https://doi.org/10.1145/1292414.1292416
-
American Fuzzy Loop (2.52b). Available at: http://lcamtuf.coredump.cx/afl/(accessed: 21.10.2021).
-
Yue T., Tang Y., Yu B., Wang P., Wang E. LearnAFL: Greybox fuzzing with knowledge enhancement. IEEE Access, 2019, vol. 7, pp. 117029–117043. https://doi.org/10.1109/ACCESS.2019.2936235
-
Kersten R., Luckow K., Pãsãreanu C.S. Poster: AFL-based Fuzzing for Java with Kelinci. Proc. of the 24th ACM SIGSAC Conference on Computer and Communications Security (CCS 2017), 2017, pp. 2511–2513. https://doi.org/10.1145/3133956.3138820
-
Smetsers R., Moerman J., Janssen M., Verwer S. Complementing Model Learning with Mutation-Based Fuzzing. arXiv: 1611.02429. 2016. Available at: http://arxiv.org/abs/1611.02429 (accessed: 21.10.2021).
-
Cha S.K., Woo M., Brumley D. Program-adaptive mutational fuzzing. Proc. of the 36th IEEE Symposium on Security and Privacy (SP 2015), 2015, pp. 725–741. https://doi.org/10.1109/SP.2015.50
-
Householder A.D. Well There's Your Problem: Isolating the Crash Inducing Bits in a Fuzzed File. Technical Note CMU/SEI-2012-TN-012. Software Engineering Institute. Carnegie Mellon University, 2012, 19 p.
-
Rajpal M., Blum W., Singh R. Not all bytes are equal: Neural byte sieve for fuzzing. arXiv: 1711.045962017. 2017. Available at: http://arxiv.org/abs/1711.04596(accessed: 21.10.2021).
-
Böhme M., Pham V.-T., Roychoudhury A. Coverage-based Greybox Fuzzing As Markov Chain. Proc. of the 23rd ACM Conference on Computer and Communications Security (CCS 2016), 2016, pp. 1032–1043. https://doi.org/10.1145/2976749.2978428