Well There's Your Problem: Isolating the Crash-Inducing Bits in a Fuzzed File

Abstract

Mutational input testing (fuzzing, and in particular dumb fuzzing) is an effective technique for discovering vulnerabilities in software. However, many of the bitwise changes in fuzzed input files are not relevant to the actual software crashes found. In this report, we describe an algorithm that efficiently reverts bits from the fuzzed file to those found in the original seed file, keeping only the minimal bits required to recreate the crash under investigation. This technique reduces the complexity of analyzing a crashing test case by eliminating the changes to the seed file that are not essential to the crash being evaluated.

Open PDF

Document Details

Document Type
Technical Report
Publication Date
Oct 01, 2012
Accession Number
ADA611235

Entities

People

  • Allen D. Householder

Organizations

  • Carnegie Mellon University

Tags

Communities of Interest

  • Energy and Power Technologies

DTIC Thesaurus Topics

  • Algorithms
  • Computer Programs
  • Debugging
  • Department Of Defense
  • Equations
  • Guarantees
  • Iterations
  • Materials
  • Operating Systems
  • Probability
  • Software Development
  • Software Development Tools
  • Software Testing
  • United States
  • Universities

Fields of Study

  • Computer science

Readers

  • Computer Programming and Software Development.
  • Computer Science.
  • Explosive Engineering.