Faculty of Technology > Electrical and Information Engineering > Computer Engineering Laboratory

OUSPG

[This page is CSS2 enabled. Your browser might not fully support it]

Experiences with Model Inference Assisted Fuzzing

$RCSfile: index.html,v $ $Revision: 1.4 $ $Date: 2008/09/08 10:17:54 $

ABSTRACT

In this paper we introduce the idea of model inference assisted fuzzing aimed to cost effectively improve software security. We experimented with several model inference techniques and applied fuzzing to the inferred models in order to generate robustness attacks. We proved our prototypes against real life software, namely anti-virus and archival software solutions. Several critical vulnerabilities were found in multiple file formats in multiple products. Based on the discovered vulnerabilities and the positive impact on the security we argue that our approach strikes a practical balance between completely random and manually designed model-based test case generation techniques.

Publication details and availability
Title:	Experiences with Model Inference Assisted Fuzzing
Publication details:	Viide J., Helin A., Laakso M., Pietikäinen P., Seppänen M., Halunen K., Puuperä R., Röning J. "Experiences with Model Inference Assisted Fuzzing". In proceedings of the 2nd USENIX Workshop on Offensive Technologies (WOOT '08). San Jose, CA. July 28, 2008.
Availability:	[PDF_] Full paper (original) [PS__] Full paper (original) [PDF_] Accompanying presentation (original)

[This page is CSS2 enabled. Your browser might not fully support it]