Efficient file fuzz testing using automated analysis of binary file format
- Authors
- Kim, Hyoung Chun; Choi, Young Han; Lee, Dong Hoon
- Issue Date
- 3월-2011
- Publisher
- ELSEVIER
- Keywords
- Software testing; Fuzzing; Security testing
- Citation
- JOURNAL OF SYSTEMS ARCHITECTURE, v.57, no.3, pp.259 - 268
- Indexed
- SCIE
SCOPUS
- Journal Title
- JOURNAL OF SYSTEMS ARCHITECTURE
- Volume
- 57
- Number
- 3
- Start Page
- 259
- End Page
- 268
- URI
- https://scholar.korea.ac.kr/handle/2021.sw.korea/112965
- DOI
- 10.1016/j.sysarc.2010.03.002
- ISSN
- 1383-7621
- Abstract
- Fuzz testing is regarded as the most useful technique in finding serious security holes in a software system. It inserts unexpected data into the input of the software system and finds the system's bugs or errors. However, one of the disadvantages that fuzz testing executed using binary files has is that it requires a large number of fault-inserted files to cover every test case, which could be up to 2(8xFILESIZE) files. In order to overcome this drawback, we propose a novel algorithm that efficiently reduces the number of fault-inserted files, yet still maintain the maximum test case coverage. The proposed approach enables the automatic analysis of fields of binary files by tracking and analyzing stack frames, assembly codes, and registers as the software system parses the files. We evaluate the efficacy of the new method by implementing a practical tool, the Binary File Analyzer and Fault Injector (BFAFI), which traces the program execution and analyzes the fields in binary file format Our experiments demonstrate that the BFAFI reduced the total number of fault-inserted files with maximum test case coverage as well as detected approximately 14 times more exceptions than did the general fuzzer. Also, the BFAFI found 11 causes of exceptions; five of them were found only by BFAFI. Ten of the 11 causes of exceptions that we found were generated by a graphic rendering engine (GDI32.d11): the other was generated by the system library (kerne132.d11.) in Windows XP SP2. (C) 2010 Elsevier B.V. All rights reserved.
- Files in This Item
- There are no files associated with this item.
- Appears in
Collections - School of Cyber Security > Department of Information Security > 1. Journal Articles
Items in ScholarWorks are protected by copyright, with all rights reserved, unless otherwise indicated.