liu.seSearch for publications in DiVA
Change search
ReferencesLink to record
Permanent link

Direct link
Turning programs against each other: high coverage fuzz-testing using binary-code mutation and dynamic slicing
Linköping University, Department of Computer and Information Science, Database and information techniques. Linköping University, Faculty of Science & Engineering.
Linköping University, Department of Computer and Information Science, Database and information techniques. Linköping University, Faculty of Science & Engineering.
2015 (English)In: 2015 10TH JOINT MEETING OF THE EUROPEAN SOFTWARE ENGINEERING CONFERENCE AND THE ACM SIGSOFT SYMPOSIUM ON THE FOUNDATIONS OF SOFTWARE ENGINEERING (ESEC/FSE 2015) PROCEEDINGS, New York, NY, USA: Association for Computing Machinery (ACM), 2015, 782-792 p.Conference paper (Refereed)
Abstract [en]

Mutation-based fuzzing is a popular and widely employed black-box testing technique for finding security and robustness bugs in software. It owes much of its success to its simplicity; a well-formed seed input is mutated, e.g. through random bit-flipping, to produce test inputs. While reducing the need for human effort, and enabling security testing even of closed-source programs with undocumented input formats, the simplicity of mutation-based fuzzing comes at the cost of poor code coverage. Often millions of iterations are needed, and the results are highly dependent on configuration parameters and the choice of seed inputs. In this paper we propose a novel method for automated generation of high-coverage test cases for robustness testing. Our method is based on the observation that, even for closed-source programs with proprietary input formats, an implementation that can generate well-formed inputs to the program is typically available. By systematically mutating the program code of such generating programs, we leverage information about the input format encoded in the generating program to produce high-coverage test inputs, capable of reaching deep states in the program under test. Our method works entirely at the machine-code level, enabling use-cases similar to traditional black-box fuzzing. We have implemented the method in our tool MutaGen, and evaluated it on 7 popular Linux programs. We found that, for most programs, our method improves code coverage by one order of magnitude or more, compared to two well-known mutation-based fuzzers. We also found a total of 8 unique bugs.

Place, publisher, year, edition, pages
New York, NY, USA: Association for Computing Machinery (ACM), 2015. 782-792 p.
Keyword [en]
Fuzz testing, fuzzing, black-box, dynamic slicing, program mutation
National Category
Computer Science
Identifiers
URN: urn:nbn:se:liu:diva-128810DOI: 10.1145/2786805.2786844ISI: 000382568700067ISBN: 978-1-4503-3675-8OAI: oai:DiVA.org:liu-128810DiVA: diva2:932169
Conference
10th Joint Meeting on Foundations of Software Engineering
Available from: 2016-05-31 Created: 2016-05-31 Last updated: 2016-09-30

Open Access in DiVA

No full text

Other links

Publisher's full text

Search in DiVA

By author/editor
Kargén, UlfShahmehri, Nahid
By organisation
Database and information techniquesFaculty of Science & Engineering
Computer Science

Search outside of DiVA

GoogleGoogle Scholar
The number of downloads is the sum of all downloads of full texts. It may include eg previous versions that are now no longer available

Altmetric score

Total: 4 hits
ReferencesLink to record
Permanent link

Direct link