title = { Offset-Aware Mutation based Fuzzing for Buffer Overflow Vulnerabilities: Few Preliminary Results },
    author = {Rawat, Sanjay and Mounier, Laurent},
    year = {2011},
    booktitle = {Proc. of The Second International Workshop on Security Testing (SECTEST)},
    publisher = {IEEE},
    team = {DCS,PACSS},
    abstract = {This article presents few preliminary results and future ideas related to smart fuzzing to detect buffer overflow vulnerabilities. The approach is based on the combination of lightweight static analysis techniques and mutation-based evolutionary strategies. First, a static taint-analysis allows to identify the most dangerous execution paths, containing vulnerable statements those execution depend on user input streams. Then, concrete input are produced and executed on the vulnerable program following an \emph{offset-aware} mutation strategy: at each step, the current input streams are mutated with specific values, \emph{and at specific offsets}, depending on their ability to activate a target execution path. We provide few empirical results on a benchmarking dataset as a proof of concept and discuss future extension. },



Sections de Publications

Contact | Plan du site | Site réalisé avec SPIP 3.0.26 + AHUNTSIC [CC License]

info visites 873122