Change search
CiteExportLink to record
Permanent link

Direct link
Cite
Citation style
  • apa
  • ieee
  • modern-language-association-8th-edition
  • vancouver
  • Other style
More styles
Language
  • de-DE
  • en-GB
  • en-US
  • fi-FI
  • nn-NO
  • nn-NB
  • sv-SE
  • Other locale
More languages
Output format
  • html
  • text
  • asciidoc
  • rtf
Introducing probabilities within grey-box fuzzing
Linköping University, Department of Computer and Information Science, Database and information techniques.
2019 (English)Independent thesis Advanced level (degree of Master (Two Years)), 20 credits / 30 HE creditsStudent thesisAlternative title
Hänsynstagande till sannolikheter inom grey-box fuzzing (Swedish)
Abstract [en]

Over the recent years, the software industry has faced a steady increase in the number of exposed and exploited software vulnerabilities. With more software and devices being connected to the internet every day, the need for proactive security measures has never been more important. One promising new technology for making software more secure is fuzz testing. This automated testing technique is based around generating a large number of test cases with the intention of revealing dangerous bugs and vulnerabilities. In this thesis work, a new direction within grey-box fuzz testing is evaluated against previous work. The presented approach uses sampled probability data in order to guide the fuzz testing towards program states that are expected to be easy to reach and beneficial for the discovery of software vulnerabilities. Evaluation of the design shows that the suggested approach provides no obvious advantage over existing solutions, but also indicates that the performance advantage could be dependent on the structure of the system under test. However, analysis of the design itself highlights several design decisions that could benefit from more extensive research. While the design proposed in this thesis work is insufficient for replacing current state of the art fuzz testing software, it provides a solid foundation for future research within the field. With the many insights gained from the design and implementation work, this thesis work aims to both inspire others and showcase the challenges of creating a probability-based approach to grey-box fuzz testing.

Place, publisher, year, edition, pages
2019. , p. 58
Keywords [en]
Fuzz Testing, Fuzzing, Grey-box Fuzz Testing, Vulnerability Testing, Probabilities, Security, ROI, SpareFuzz
National Category
Computer Engineering
Identifiers
URN: urn:nbn:se:liu:diva-161893ISRN: LIU-IDA/LITH-EX-A--19/087--SEOAI: oai:DiVA.org:liu-161893DiVA, id: diva2:1369396
External cooperation
Sectra Imaging IT Solutions AB
Subject / course
Computer Engineering
Presentation
2019-10-22, Muhammad al-Khwarizmi, B-Huset, Linköpings Universitet, Linköping, 10:15 (English)
Supervisors
Examiners
Available from: 2019-11-18 Created: 2019-11-11 Last updated: 2019-11-18Bibliographically approved

Open Access in DiVA

fulltext(798 kB)6 downloads
File information
File name FULLTEXT01.pdfFile size 798 kBChecksum SHA-512
a30853c7f47c0b343889e6e5f7a3611a5c50e4fe825feb5a57849a507b0b0ab2bf59ffdfa434fbdcef188d135c685d2ccd4ef51407ab3bc0694b9dc7c8516337
Type fulltextMimetype application/pdf

By organisation
Database and information techniques
Computer Engineering

Search outside of DiVA

GoogleGoogle Scholar
Total: 6 downloads
The number of downloads is the sum of all downloads of full texts. It may include eg previous versions that are now no longer available

urn-nbn

Altmetric score

urn-nbn
Total: 42 hits
CiteExportLink to record
Permanent link

Direct link
Cite
Citation style
  • apa
  • ieee
  • modern-language-association-8th-edition
  • vancouver
  • Other style
More styles
Language
  • de-DE
  • en-GB
  • en-US
  • fi-FI
  • nn-NO
  • nn-NB
  • sv-SE
  • Other locale
More languages
Output format
  • html
  • text
  • asciidoc
  • rtf