完整後設資料紀錄
DC 欄位語言
dc.contributor.authorYeh, Chao-Chunen_US
dc.contributor.authorChung, Hsiangen_US
dc.contributor.authorHuang, Shih-Kunen_US
dc.date.accessioned2017-04-21T06:48:14Z-
dc.date.available2017-04-21T06:48:14Z-
dc.date.issued2015en_US
dc.identifier.isbn978-1-4673-6563-5en_US
dc.identifier.issn0730-3157en_US
dc.identifier.urihttp://dx.doi.org/10.1109/COMPSAC.2015.99en_US
dc.identifier.urihttp://hdl.handle.net/11536/136477-
dc.description.abstractVulnerabilities are caused by implementation bugs, such as buffer overflow, integer overflow, uncontrolled format strings, and command injection flaws. They are often exploited to intrude software systems. In order to reduce software bugs, testing techniques are proposed. The recent technique to discover security-related bugs is fuzz testing. However, traditional fuzzers can only find bugs when program exceptions, especially crashes, raised. Some security threats may pass these tests due to insufficient code coverage. In this paper, we introduce a software testing framework based on symbolic execution using (SE)-E-2, a whole system symbolic execution engine. When a program executes our pre-defined security sensitive functions, such as malloc, strcpy or printf, our framework will initiate a triage process. The process will determine whether any related security vulnerabilities would possibly occur in these functions automatically. We successfully and efficiently reproduce 12 previously known vulnerabilities from normal input data within 100 seconds for large applications such as Tiff, VIM, and MPlayer. Our tool can help developers locate bugs faster, and improve the efficiency of software quality maintenance.en_US
dc.language.isoen_USen_US
dc.subjectcomponenten_US
dc.subjectfuzz testingen_US
dc.subjectsymbolic executionen_US
dc.subjectsoftware testingen_US
dc.subjectvulnerabilityen_US
dc.titleCRAXfuzz: Target-Aware Symbolic Fuzz Testingen_US
dc.typeProceedings Paperen_US
dc.identifier.doi10.1109/COMPSAC.2015.99en_US
dc.identifier.journal39TH ANNUAL IEEE COMPUTERS, SOFTWARE AND APPLICATIONS CONFERENCE (COMPSAC 2015), VOL 2en_US
dc.citation.spage460en_US
dc.citation.epage471en_US
dc.contributor.department資訊工程學系zh_TW
dc.contributor.department資訊技術服務中心zh_TW
dc.contributor.departmentDepartment of Computer Scienceen_US
dc.contributor.departmentInformation Technology Services Centeren_US
dc.identifier.wosnumberWOS:000380584300065en_US
dc.citation.woscount0en_US
顯示於類別:會議論文