Sciweavers

IEEEARES
2010
IEEE

Configuration Fuzzing for Software Vulnerability Detection

14 years 4 months ago
Configuration Fuzzing for Software Vulnerability Detection
Many software security vulnerabilities only reveal themselves under certain conditions, i.e., particular configurations of the software together with its particular runtime environment. One approach to detecting these vulnerabilities is fuzz testing, which feeds a range of randomly modified inputs to a software application while monitoring it for failures. However, typical fuzz testing makes no guarantees regarding the syntactic and semantic validity of the input, or of how much of the input space will be explored. To address these problems, in this paper we present a new testing methodology called configuration fuzzing. Configuration fuzzing is a technique whereby the configuration of the running application is randomly modified at certain execution points, in order to check for vulnerabilities that only arise in certain conditions. As the application runs in the deployment environment, this testing technique continuously fuzzes the configuration and checks "security invariants&q...
Huning Dai, Christian Murphy, Gail E. Kaiser
Added 02 Aug 2010
Updated 02 Aug 2010
Type Conference
Year 2010
Where IEEEARES
Authors Huning Dai, Christian Murphy, Gail E. Kaiser
Comments (0)