Show simple item record

Taint-based Directed Whitebox Fuzzing

dc.contributor.authorRinard, Martin C.
dc.contributor.authorGanesh, Vijay
dc.contributor.authorLeek, Tim
dc.date.accessioned2010-10-14T15:01:03Z
dc.date.available2010-10-14T15:01:03Z
dc.date.issued2009-06
dc.date.submitted2009-05
dc.identifier.isbn978-1-4244-3453-4
dc.identifier.issn0270-5257
dc.identifier.otherINSPEC Accession Number: 10699591
dc.identifier.urihttp://hdl.handle.net/1721.1/59320
dc.description.abstractWe present a new automated white box fuzzing technique and a tool, BuzzFuzz, that implements this technique. Unlike standard fuzzing techniques, which randomly change parts of the input file with little or no information about the underlying syntactic structure of the file, BuzzFuzz uses dynamic taint tracing to automatically locate regions of original seed input files that influence values used at key program attack points (points where the program may contain an error). BuzzFuzz then automatically generates new fuzzed test input files by fuzzing these identified regions of the original seed input files. Because these new test files typically preserve the underlying syntactic structure of the original seed input files, they tend to make it past the initial input parsing components to exercise code deep within the semantic core of the computation. We have used BuzzFuzz to automatically find errors in two open-source applications: Swfdec (an Adobe Flash player) and MuPDF (a PDF viewer). Our results indicate that our new directed fuzzing technique can effectively expose errors located deep within large programs. Because the directed fuzzing technique uses taint to automatically discover and exploit information about the input file format, it is especially appropriate for testing programs that have complex, highly structured input file formats.en_US
dc.description.sponsorshipNational Science Foundation (U.S.) (grants CCR-0325283)en_US
dc.description.sponsorshipNational Science Foundation (U.S.) (grant CNS-0509415)en_US
dc.description.sponsorshipNational Science Foundation (U.S.) (grant CCF- 0811397)en_US
dc.description.sponsorshipUnited States. Dept. of Defense (Air Force Cooperative Agreement FA8750-06-2-0189)en_US
dc.description.sponsorshipUnited States. Dept. of Defense (Air Force Contract FA8721-05-C-0002)en_US
dc.language.isoen_US
dc.publisherInstitute of Electrical and Electronics Engineersen_US
dc.relation.isversionofhttp://dx.doi.org/10.1109/ICSE.2009.5070546en_US
dc.rightsArticle is made available in accordance with the publisher's policy and may be subject to US copyright law. Please refer to the publisher's site for terms of use.en_US
dc.sourceIEEEen_US
dc.titleTaint-based Directed Whitebox Fuzzingen_US
dc.typeArticleen_US
dc.identifier.citationGanesh, V., T. Leek, and M. Rinard. “Taint-based directed whitebox fuzzing.” Software Engineering, 2009. ICSE 2009. IEEE 31st International Conference on. 2009. 474-484. ©2009 Institute of Electrical and Electronics Engineers.en_US
dc.contributor.departmentLincoln Laboratoryen_US
dc.contributor.departmentMassachusetts Institute of Technology. Computer Science and Artificial Intelligence Laboratoryen_US
dc.contributor.departmentMassachusetts Institute of Technology. Department of Electrical Engineering and Computer Scienceen_US
dc.contributor.approverRinard, Martin C.
dc.contributor.mitauthorRinard, Martin C.
dc.contributor.mitauthorGanesh, Vijay
dc.contributor.mitauthorLeek, Tim
dc.relation.journalIEEE 31st International Conference on Software Engineering, 2009. ICSE 2009en_US
dc.eprint.versionFinal published versionen_US
dc.type.urihttp://purl.org/eprint/type/JournalArticleen_US
eprint.statushttp://purl.org/eprint/status/PeerRevieweden_US
dspace.orderedauthorsGanesh, Vijay; Leek, Tim; Rinard, Martinen
dc.identifier.orcidhttps://orcid.org/0000-0001-8095-8523
mit.licensePUBLISHER_POLICYen_US
mit.metadata.statusComplete


Files in this item

Thumbnail
Name:
Ganesh-2009-Taint-based directed ...
Size:
171.2Kb
Format:
PDF
View/Open

This item appears in the following Collection(s)

Show simple item record