CONFU

Huning Dai, Christian Murphy, Gail Kaiser
<span title="">2010</span> <i title="IGI Global"> <a target="_blank" rel="noopener" href="https://fatcat.wiki/container/gbiwrwcu7vfqnasr7ixpmrv2qu" style="color: black;">International Journal of Secure Software Engineering</a> </i> &nbsp;
Many software security vulnerabilities only reveal themselves under certain conditions, i.e., particular configurations and inputs together with a certain runtime environment. One approach to detecting these vulnerabilities is fuzz testing. However, typical fuzz testing makes no guarantees regarding the syntactic and semantic validity of the input, or of how much of the input space will be explored. To address these problems, we present a new testing methodology called Configuration Fuzzing.
more &raquo; ... figuration Fuzzing is a technique whereby the configuration of the running application is mutated at certain execution points, in order to check for vulnerabilities that only arise in certain conditions. As the application runs in the deployment environment, this testing technique continuously fuzzes the configuration and checks "security invariants" that, if violated, indicate a vulnerability. We discuss the approach and introduce a prototype framework called ConFu (CONfiguration FUzzing testing framework) for implementation. We also present the results of case studies that demonstrate the approach's feasibility and evaluate its performance.
<span class="external-identifiers"> <a target="_blank" rel="external noopener noreferrer" href="https://doi.org/10.4018/jsse.2010070103">doi:10.4018/jsse.2010070103</a> <a target="_blank" rel="external noopener" href="https://www.ncbi.nlm.nih.gov/pubmed/21037923">pmid:21037923</a> <a target="_blank" rel="external noopener" href="https://pubmed.ncbi.nlm.nih.gov/PMC2964869/">pmcid:PMC2964869</a> <a target="_blank" rel="external noopener" href="https://fatcat.wiki/release/a2dpsspinbe57e5z4dssdytdb4">fatcat:a2dpsspinbe57e5z4dssdytdb4</a> </span>
<a target="_blank" rel="noopener" href="https://web.archive.org/web/20100624084312/https://mice.cs.columbia.edu/getTechreport.php?techreportID=1425&amp;format=pdf&amp;" title="fulltext PDF download" data-goatcounter-click="serp-fulltext" data-goatcounter-title="serp-fulltext"> <button class="ui simple right pointing dropdown compact black labeled icon button serp-button"> <i class="icon ia-icon"></i> Web Archive [PDF] <div class="menu fulltext-thumbnail"> <img src="https://blobs.fatcat.wiki/thumbnail/pdf/2e/82/2e827a01a261b341caa2311d2f2a570b7feb8130.180px.jpg" alt="fulltext thumbnail" loading="lazy"> </div> </button> </a> <a target="_blank" rel="external noopener noreferrer" href="https://doi.org/10.4018/jsse.2010070103"> <button class="ui left aligned compact blue labeled icon button serp-button"> <i class="external alternate icon"></i> Publisher / doi.org </button> </a> <a target="_blank" rel="external noopener" href="https://www.ncbi.nlm.nih.gov/pmc/articles/PMC2964869" title="pubmed link"> <button class="ui compact blue labeled icon button serp-button"> <i class="file alternate outline icon"></i> pubmed.gov </button> </a>