Longbin Zhou
ABSTRACT
As people pay more and more attention to software security, the technology of vulnerability mining has gradually become the research hotspot in the industry. Fuzz testing is the mainstream of the vulnerability mining technology. In order to solve the shortcomings of the traditional document fuzz testing, such as efficiency is not high and the function is missing, so a new method of document fuzz testing will be introduced. In this paper, there will be a new way to streamline the test sample. It depends on the code coverage. So the smallest sample set of maximum code coverage will be gotten by using this method. It relies on virtual machine technology, it is more reliable and more accurate than Binary instrumentation technology. This method can effectively reduce a large number of invalid test.
- Yunzhan Gong, Ruilian Wei.2008. Software Testing. Beijing: China Machine Press.Google Scholar
- Barton Miller. 2008. "Preface". In Ari Takanen, Jared DeMott and Charlie Miller, Fuzzing for Software Security Testing and Quality Assurance, ISBN 978-1-59693-214-2Google Scholar
- Chen Yanling, Wang Zheng. 2011. Advancement Of The Study On Fuzzy Testing. Computer Applications and SoftwareGoogle Scholar
- Rainer Gerlich, Ralf Gerlich, Thomas Boll. 2007. Random Testing: From the Classical Approach to Global View and Full Test Automation.Google Scholar
- Sulley. 2014. http://www.fuzzing.org/Avp-content/Sulley Manual.pdf{EB/OL}.Google Scholar
- Schachter K. 2005. Peach fuzz{J}. Long Island Business News.Google Scholar
- Failure Observation Engine. 2010. https://www.cert.org/vulnerability-analysis/tools/foe.cfm.Google Scholar
- ZHANG Rong, WANG Shu-yan. 2011. Research and Implementation of Dynamic Tests Based on Instrumentation Technology. Modern Electronics Technique.Google Scholar
- Nethercote N, Seward J. 2007. Valgrind: a framework for heavyweight dynamic binary instrumentation {J}. Acm Sigplan Notices. 42(6):89--100. Google ScholarDigital Library
- Luk C K, Cohn R, Muth R, et al. 2005. 9 8 Pin: Building Customized Program Analysis Tools with Dynamic Instrumentation{C}// Programming Language Design & Implementation. Google ScholarDigital Library
Index Terms
- Fuzz Testing Based on Virtualization Technology
Recommendations
FairFuzz: a targeted mutation strategy for increasing greybox fuzz testing coverage
ASE '18: Proceedings of the 33rd ACM/IEEE International Conference on Automated Software EngineeringIn recent years, fuzz testing has proven itself to be one of the most effective techniques for finding correctness bugs and security vulnerabilities in practice. One particular fuzz testing tool, American Fuzzy Lop (AFL), has become popular thanks to ...
Turning programs against each other: high coverage fuzz-testing using binary-code mutation and dynamic slicing
ESEC/FSE 2015: Proceedings of the 2015 10th Joint Meeting on Foundations of Software EngineeringMutation-based fuzzing is a popular and widely employed black-box testing technique for finding security and robustness bugs in software. It owes much of its success to its simplicity; a well-formed seed input is mutated, e.g. through random bit-...
Semi-valid input coverage for fuzz testing
ISSTA 2013: Proceedings of the 2013 International Symposium on Software Testing and AnalysisWe define semi-valid input coverage (SVCov), the first coverage criterion for fuzz testing. Our criterion is applicable whenever the valid inputs can be defined by a finite set of constraints. SVCov measures to what extent the tests cover the domain of ...
Comments