Please use this identifier to cite or link to this item: http://scholarbank.nus.edu.sg/handle/10635/136279
Title: ENHANCING DIRECTED SEARCH IN BLACK-BOX, GREY-BOX AND WHITE-BOX FUZZ TESTING
Authors: PHAM VAN THUAN
Keywords: Software Testing, Fuzzing, Symbolic Execution, Binary Analysis, Crash Reproduction, Test Bucketing
Issue Date: 29-Mar-2017
Source: PHAM VAN THUAN (2017-03-29). ENHANCING DIRECTED SEARCH IN BLACK-BOX, GREY-BOX AND WHITE-BOX FUZZ TESTING. ScholarBank@NUS Repository.
Abstract: Fuzz testing (or fuzzing) techniques, which include (model-based) black-box, coverage-based grey-box and white-box approaches, have become prominent in software testing. However, given an inadequate test suite they are not skilled at directing the exploration to reach given target locations and expose bugs in large program binaries that take highly-structured inputs. We observe that these limitations can be circumvented by improving the directed-ness of fuzzing approaches. In this thesis, we design a set of directed search algorithms for black-box, grey-box and white-box fuzz testing. The experimental evaluations on two applications of directed fuzzing -- crash reproduction and patch testing -- show that our tools (Hercules, MoBWF and AFLGo) effectively guide the search and successfully reproduce 19 crashes and discover 14 zero-day vulnerabilities (5 CVEs assigned) in large real-world (binary) programs (e.g., Adobe Reader, Windows Media Player, Binutils) taking highly-structured file formats (e.g., PNG, WAV, PDF).
URI: http://scholarbank.nus.edu.sg/handle/10635/136279
Appears in Collections:Ph.D Theses (Open)

Show full item record
Files in This Item:
File Description SizeFormatAccess SettingsVersion 
PhamVT.pdf1.83 MBAdobe PDF

OPEN

NoneView/Download

Page view(s)

67
checked on Jan 21, 2018

Download(s)

567
checked on Jan 21, 2018

Google ScholarTM

Check


Items in DSpace are protected by copyright, with all rights reserved, unless otherwise indicated.