完整後設資料紀錄
DC 欄位語言
dc.contributor.authorLin, Ying-Daren_US
dc.contributor.authorLiao, Feng-Zeen_US
dc.contributor.authorHuang, Shih-Kunen_US
dc.contributor.authorLai, Yuan-Chengen_US
dc.date.accessioned2016-03-28T00:05:45Z-
dc.date.available2016-03-28T00:05:45Z-
dc.date.issued2015-01-01en_US
dc.identifier.isbn978-1-4799-8691-0en_US
dc.identifier.issn1071-6572en_US
dc.identifier.urihttp://hdl.handle.net/11536/129831-
dc.description.abstractInternet applications have made our daily life fruitful. However, they also cause many security problems if these applications are leveraged by intruders. Thus, it is important to find and fix vulnerabilities timely to prevent application vulnerabilities from being exploited. Fuzz testing is a popular methodology that effectively finds vulnerabilities in application programs with seed input mutation. However, it is not a satisfied solution for the web browsers. In this work, we propose a solution, called scheduled DOM fuzzing (SDF), which integrates several related browser fuzzing tools and the fuzzing framework called BFF. To explore more crash possibilities, we revise the browser fuzzing architecture and schedule seed input selection and mutation dynamically. We also propose two probability computing methods in scheduling mechanism which tries to improve the performance by determining which combinations of seed and mutation would produce more crashes. Our experiments show that SDF is 2.27 time more efficient in terms of the number of crashes and vulnerabilities found at most. SDF also has the capacity for finding 23 exploitable crashes in Windows 7 within five days. The experimental results reveals that a good scheduling method for seed and mutations in browser fuzzing is able to find more exploitable crashes than fuzzers with the fixed seed input.en_US
dc.language.isoen_USen_US
dc.subjectbrowser fuzzingen_US
dc.subjectblack-box fuzzingen_US
dc.subjectvulnerabilitiesen_US
dc.subjectexploitsen_US
dc.subjectmutationen_US
dc.subjectschedulingen_US
dc.subjectdocument object modelen_US
dc.subjectDOMen_US
dc.titleBrowser Fuzzing by Scheduled Mutation and Generation of Document Object Modelsen_US
dc.typeProceedings Paperen_US
dc.identifier.journal49TH ANNUAL IEEE INTERNATIONAL CARNAHAN CONFERENCE ON SECURITY TECHNOLOGY (ICCST)en_US
dc.citation.spage169en_US
dc.citation.epage174en_US
dc.contributor.department資訊工程學系zh_TW
dc.contributor.departmentDepartment of Computer Scienceen_US
dc.identifier.wosnumberWOS:000368936200030en_US
dc.citation.woscount0en_US
顯示於類別:會議論文