Browse > Article
http://dx.doi.org/10.13089/JKIISC.2013.23.2.231

A Length-based File Fuzzing Test Suite Reduction Algorithm for Evaluation of Software Vulnerability  

Lee, Jaeseo (The Attached Institute of ETRI)
Kim, Jong-Myong (The Attached Institute of ETRI)
Kim, SuYong (The Attached Institute of ETRI)
Yun, Young-Tae (The Attached Institute of ETRI)
Kim, Yong-Min (Chonnam National University)
Noh, Bong-Nam (Chonnam National University)
Publication Information
Journal of the Korea Institute of Information Security & Cryptology / v.23, no.2, 2013 , pp. 231-242 More about this Journal
Abstract
Recently, automated software testing methods such as fuzzing have been researched to find software vulnerabilities. The purpose of fuzzing is to disclose software vulnerabilities by providing a software with malformed data. In order to increase the probability of vulnerability discovery by fuzzing, we must solve the test suite reduction problem because the probability depends on the test case quality. In this paper, we propose a new method to solve the test suite reduction problem which is suitable for the long test case such as file. First, we suggested the length of test case as a measure in addition to old measures such as coverage and redundancy. Next we designed a test suite reduction algorithm using the new measure. In the experimental results, the proposed algorithm showed better performance in the size and length reduction ratio of the test suite than previous studies. Finally, results from an empirical study suggested the viability of our proposed measure and algorithm for file fuzzing.
Keywords
Test Suite Reduction; File Fuzzing; Software Vulnerability;
Citations & Related Records
연도 인용수 순위
  • Reference
1 Z. Chen, X. Zhang, B. Xu, "A Degraded ILP Approach for Test Suite Reduction," Proceedings of the 20th International Conference on Software Engineering & Knowledge Engineering, pp. 494-499, Jul. 2008.
2 A. Takaken, J. D. Demott, C. Miller, FUZZING - for Software Security Testing and Quality Assurance, Artech House, 978-1-59693-214-2, 2008.
3 P. Amini, "Fuzzing Frameworks," Blackhat USA, Aug. 2007.
4 Pintool, "A Dynamic Binary Instrumentation Tool," http://pintool.org.
5 P. Godefroid, M.Y. Levin, D. Molnar, "Automated Whitebox Fuzz Testing," In Proceedings of Network and Distributed Systems Security, pp. 151-166, Feb. 2008.
6 P. Uhley, "Advanced Persistent Responses," CanSecWest, Mar. 2012.
7 C. Miller, Z.N.J. Peterson, "Analysis of Mutation and Generation-Based Fuzzing," Independent Security Evaluators, Mar. 2007.
8 fuzzing.info, http://fuzzing.info/papers.
9 CVE-2010-3654, "fuzz-my-life-flash-pla yer-zero-day-vulnerability-cve-2010-36 54," MITRE, 2010.
10 Microsoft Security Bulletin, "Microsoft Security Bulletin MS05-031," Jun. 2005.
11 A. Manion, M. Orlando, "Fuzz Testing for Dummies," Industrial Control Systems Joint Working Group Spring Meeting. May 2011.
12 WIKIPEDIA, "Fuzz testing," http://en.wikipedia. org/wiki/Fuzz_testing.
13 S. Yoo, M. Harman, "Regression testing minimization, selection and prioritization: a survey," Software Testing, Verification, and Reliability, vol. 22, pp. 67-120, Mar. 2010.
14 Jaeseo Lee, SuYong Kim, Young-Tae Yun, Kiwook Sohn, Yong-Min Kim, Bong-Nam Noh, "A New Measure for Test-Suite Noble Reduction under File Fuzzing," International Conference on Smart Convergence Technologies and Applications, pp. 80-82, Aug. 2012.
15 M. J. Harrold, R. Gupta, M. L. Soffa, "A Methodology for Controlling the Size of a Test Suite," ACM Transactions on Software Engineering and Methodology, vol. 2, no. 3, pp. 270-285, Jul. 1993.   DOI
16 T. Y. Chen, M. F. Lau, "A new heuristic for test suite reduction," Information and Software Technology, vol. 40, pp. 347-354, 1998.   DOI   ScienceOn
17 S. Parsa, A. Khalilian, "On the Optimization Approach towards Test Suite Minimization," International Journal of Software Engineering and Its Applications, vol. 4, no. 1, pp. 15-28, Jan. 2010.
18 G. Rothermel, M. J. Harrold, J. Ronne, C. Hong, "Empirical Studies of Test-Suite Reduction," Software Testing, Verification, and Reliability, vol. 4, no. 2, pp. 219-249, Feb. 2002.
19 H. Zhong, L. Zhang, H. Mei, "An experimental study of four typical test suite reduction techniques," Information and Software Technology, vol. 50, pp. 534-546, 2008.   DOI   ScienceOn
20 N. Mansour, K. El-Falkin, "Simulated annealing and genetic algorithms for optimal regression testing," Journal of Software Maintenance, vol. 33, no. 4, pp. 225-237, 1999.
21 J. Black, E. Melachrinoudis and D. Kaeli, "Bi-criteria models for all-uses test suite reduction," Proceedings of 26th International Conference on Software Engineering, pp. 106-115, May 2004.