1,358 Hits in 2.6 sec

Meta-control for Adaptive Cybersecurity in FUZZBUSTER

David J. Musliner, Scott E. Friedman, Jeffrey M. Rye, Tom Marble
2013 2013 IEEE 7th International Conference on Self-Adaptive and Self-Organizing Systems  
fuzz-testing and adaptation tools.  ...  To perform this selfadaptation, FUZZBUSTER uses meta-control to coordinate a diverse and growing set of custom and off-the-shelf fuzz-testing tools.  ...  The graph also illustrates FUZZBUSTER balancing its fuzz-testing based on future application usage.  ... 
doi:10.1109/saso.2013.29 dblp:conf/saso/MuslinerFRM13 fatcat:g4u5lefas5h3lk4azkyjlcgf7i

The MIDAS Cloud Platform for Testing SOA Applications

Steffen Herbold, Alberto De Francesco, Jens Grabowski, Patrick Harms, Lom M. Hillah, Fabrice Kordon, Ariele-Paolo Maesano, Libero Maesano, Claudia Di Napoli, Fabio De Rosa, Martin A. Schneider, Nicola Tonellotto (+2 others)
2015 2015 IEEE 8th International Conference on Software Testing, Verification and Validation (ICST)  
Through this, we provide methods for functional testing, security testing, and usage-based testing of service orchestrations.  ...  Since traditional testing does not scale well with such a complex setup, we employ a Model-based Testing (MBT) approach based on the Unified Modeling Language (UML) and the UML Testing Profile (UTP) within  ...  Furthermore, the combination of fuzzing and usage-based testing is a promissing approach for security testing that will be investigated.  ... 
doi:10.1109/icst.2015.7102636 dblp:conf/icst/HerboldFGHHKMMN15 fatcat:a345z7j5zzcdzbjxg3xkvogxnu

Model-Based Security Testing

Ina Schieferdecker, Juergen Grossmann, Martin Schneider
2012 Electronic Proceedings in Theoretical Computer Science  
MBST includes e.g. security functional testing, model-based fuzzing, risk- and threat-oriented testing, and the usage of security test patterns.  ...  Model-based security testing (MBST) is a relatively new field and especially dedicated to the systematic and efficient specification and documentation of security test objectives, security test cases and  ...  Risk-based security testing Risk-based testing can be generally introduced with two different goals in mind.  ... 
doi:10.4204/eptcs.80.1 fatcat:xbgolp2zlzflnast5eg5wqktwe

Steps Towards Fuzz Testing in Agile Test Automation

Pekka Pietikäinen, Atte Kettunen, Juha Röning
2016 International Journal of Secure Software Engineering  
Fuzz testing is a practical method for finding vulnerabilities in software, but has some characteristics that do not directly map to existing processes.  ...  The authors present experiences and practical ways to utilize fuzzing in software development, and generic ways for developers to keep security in mind.  ...  ACKNowLEdGMENT The authors would like to thank Antti Vähä-Sipilä and the companies we collaborate with for valuable comments for this work.  ... 
doi:10.4018/ijsse.2016010103 fatcat:tp7nyhza2vf33npwdruys3nyhq

HFContractFuzzer: Fuzzing Hyperledger Fabric Smart Contracts for Vulnerability Detection [article]

Mengjie Ding, Peiru Li, Shanshan Li, He Zhang
2021 arXiv   pre-print
In this paper, we propose HFContractFuzzer, a method based on Fuzzing technology to detect Hyperledger Fabric smart contracts, which combines a Fuzzing tool for golang named go-fuzz and smart contracts  ...  With its unique advantages such as decentralization and immutability, blockchain technology has been widely used in various fields in recent years.  ...  Smart contracts greatly improve the usage scenarios of blockchain and extends blockchain platform from a simple distributed account system to an extremely rich decentralized operating system [18] .  ... 
arXiv:2106.11210v1 fatcat:n4vxcivbdzhoxoyok4ruakkryu

OPC-MFuzzer: A Novel Multi-Layers Vulnerability Detection Tool for OPC Protocol Based on Fuzzing Technology

Xiong Qi, Peng Yong, Zhonghua Dai, Shengwei Yi, Ting Wang
2014 International Journal of Computer and Communication Engineering  
In this paper, a vulnerability detecting tool for OPC protocol based on Fuzzing technology named OPC-MFuzzer is proposed and implemented; three different test case generating mechanisms for the testing  ...  , unfortunately cannot be tested for vulnerability directly with traditional Fuzzer.  ...  Process state monitoring captures the exception with windows system driver and memory usage monitor.  ... 
doi:10.7763/ijcce.2014.v3.339 fatcat:4sgfqeucnjgsznjpvpue3a3utm

B-droid: A Static Taint Analysis Framework for Android Applications

Rehab Almotairy, Yassine Daadaa
2021 International Journal of Advanced Computer Science and Applications  
B-Droid is based on static taint analysis using a large set of sources and sinks techniques, side by side with the fuzz testing concept, in order to detect privacy leaks, whether malicious or unintentional  ...  This has the potential to offer improved precision in comparison to earlier approaches.  ...  This is based on static taint analysis using source and sink techniques alongside the fuzz testing concept, in order to analyze the behavior of AUTs against internet usage during the fuzzing lifecycle.  ... 
doi:10.14569/ijacsa.2021.0120150 fatcat:v5rdlfinqvebrbg5s2mhldxda4


Huning Dai, Christian Murphy, Gail Kaiser
2010 International Journal of Secure Software Engineering  
Many software security vulnerabilities only reveal themselves under certain conditions, i.e., particular configurations and inputs together with a certain runtime environment.  ...  As the application runs in the deployment environment, this testing technique continuously fuzzes the configuration and checks "security invariants" that, if violated, indicate a vulnerability.  ...  Configuration Fuzzing is based on the observation that most vulnerabilities occur under specific configurations with certain inputs (Ramakrishnan and Sekar, 2002) , i.e., an application running with one  ... 
doi:10.4018/jsse.2010070103 pmid:21037923 pmcid:PMC2964869 fatcat:a2dpsspinbe57e5z4dssdytdb4

Designing New Operating Primitives to Improve Fuzzing Performance

Wen Xu, Sanidhya Kashyap, Changwoo Min, Taesoo Kim
2017 Proceedings of the 2017 ACM SIGSAC Conference on Computer and Communications Security - CCS '17  
Our fuzzer-agnostic primitives can be easily applied to any fuzzer with fundamental performance improvement and directly benefit large-scale fuzzing and cloud-based fuzzing services.  ...  CCS CONCEPTS • Security and privacy → Vulnerability scanners; • Software and its engineering → Software testing and debugging;  ...  Furthermore, Microsoft provides a cloud-based fuzzing service called Project Springfield [31] for developers to find security bugs in the software.  ... 
doi:10.1145/3133956.3134046 dblp:conf/ccs/XuKMK17 fatcat:o2pkjtqjgzhqnnhzojifghhdo4

Synthesis of Linux Kernel Fuzzing Tools Based on Syscall

2017 DEStech Transactions on Computer Science and Engineering  
Meanwhile, we inspect these tools on the usage of coverage-based fuzzing which is the state-of-the-art fuzzing optimization technology.  ...  Any software especially the operating system requires testing and evaluation to validate the functional and security characteristics.  ...  And the test case with specific constraints can be further constructed. The method of constructing test case in fuzzing can be divided into two kinds, generation-based and mutation-based.  ... 
doi:10.12783/dtcse/aiea2017/14990 fatcat:jcek55dmpfbwppcaranfc2vh74

Online Model-Based Behavioral Fuzzing

Martin Schneider, Jurgen Grossmann, Ina Schieferdecker, Andrej Pietschker
2013 2013 IEEE Sixth International Conference on Software Testing, Verification and Validation Workshops  
Fuzz testing or fuzzing is interface robustness testing by stressing the interface of a system under test (SUT) with invalid input data.  ...  sequence based on a previously conducted risk analysis and reducing the test space by integrating already retrieved test results in the test generation process.  ...  MODEL-BASED BEHAVIORAL FUZZING Behavioral fuzzing is a security testing approach complementary to traditional data fuzzing.  ... 
doi:10.1109/icstw.2013.61 dblp:conf/icst/SchneiderGSP13 fatcat:rtwxfkgpszewzmup7pn63xgawy

The Art, Science, and Engineering of Fuzzing: A Survey [article]

Valentin J.M. Manes, HyungSeok Han, Choongwoo Han, Sang Kil Cha, Manuel Egele, Edward J. Schwartz, Maverick Woo
2019 arXiv   pre-print
To help preserve and bring coherence to the vast literature of fuzzing, this paper presents a unified, general-purpose model of fuzzing together with a taxonomy of the current fuzzing literature.  ...  At a high level, fuzzing refers to a process of repeatedly running a program with generated inputs that may be syntactically or semantically malformed.  ...  As mentioned in §2.1, fuzz testing only differentiates itself from software testing in that fuzz testing is security related.  ... 
arXiv:1812.00140v4 fatcat:zk2ow477dffc5pllixqigz24ba

EnFuzz: Ensemble Fuzzing with Seed Synchronization among Diverse Fuzzers [article]

Yuanliang Chen, Yu Jiang, Fuchen Ma, Jie Liang, Mingzhe Wang, Chijin Zhou, Zhuo Su, Xun Jiao
2019 arXiv   pre-print
For evaluation, we implement EnFuzz , a prototype basing on four strong open-source fuzzers (AFL, AFLFast, AFLGo, FairFuzz), and test them on Google's fuzzing test suite, which consists of widely used  ...  The 24-hour experiment indicates that, with the same resources usage, these four base fuzzers perform variously on different applications, while EnFuzz shows better generalization ability and always outperforms  ...  With the help of seeds sharing, the performance of ensemble fuzzing is much improved and is better than any of the constituent base fuzzers with the same computing resources usage.  ... 
arXiv:1807.00182v2 fatcat:x4n7rebelralrgtbkk7i6yrzbu

Billions and billions of constraints: Whitebox fuzz testing in production

Ella Bounimova, Patrice Godefroid, David Molnar
2013 2013 35th International Conference on Software Engineering (ICSE)  
We report experiences with constraint-based whitebox fuzz testing in production across hundreds of large Windows applications, multiple Microsoft product releases, and over 400 machine years of computations  ...  We highlight specific improvements to whitebox fuzzing driven by our data collection and open problems that remain.  ...  We also recognize that whitebox fuzzing is only one piece of the security puzzle and one niche application for automatic test generation.  ... 
doi:10.1109/icse.2013.6606558 dblp:conf/icse/BounimovaGM13 fatcat:rnjtmntim5dlbpc4hjvqiv4x3m

Security testing framework: strategy and approach

Thorsten Schulz, Andreas Hohenegger, Staffan Persson, Alvaro Ortega, Reinhard Hametner, Michael Paulitsch, Caspar Gries, Sergey Tverdyshev, Holger Blasum, Kertis Tomáš
2017 Zenodo  
Future work will focus on refining features of the testing framework for security testing of operating system components.The strategy for these activities is outlined in the third chapter, together with  ...  The research starts with a survey of non-industrial security frameworks and general identification of security vulnerabilities.  ...  NB: A previous project tested mutation-based fuzzing with no satisfying results. This technique should not be researched with high priority.  ... 
doi:10.5281/zenodo.2586591 fatcat:lz4li6fdwfhnnktbfdtjlsnlzu
« Previous Showing results 1 — 15 out of 1,358 results