Title :
Automatic Fault Localization for Fuzzing
Author :
Lu, Yu ; Lifa, Wu ; Fan, Pan ; Honglin, Zhuang ; Zheng, Hong
Author_Institution :
Inst. of Command Autom., PLA Univ. of Sci. & Technol., Nanjing, China
Abstract :
Fuzzing has proved successful in finding security vulnerabilities in large binary programs. Traditionally, reversing engineering technologies are used to locate codes that may lead to exceptions in Fuzzing, and this may demand a great amount of human efforts and consequently gives rise to low efficiency. In this paper, an automatic fault localization method for Fuzzing is proposed together with an automatic vulnerability analysis system named Fuzz Loc. Fuzz Loc can filter key instructions that may directly cause exceptions. Starting from these key instructions, Fuzz Loc implements automatic fault localization by back tracing. With Fuzz Loc, a great deal of human efforts can be saved. Experiments show that Fuzz Loc can locate fault codes accurately with little human intervention and consequently improves efficiency of fault analysis and vulnerability mining.
Keywords :
fault location; security of data; FuzzLoc; automatic fault localization method; automatic vulnerability analysis system; fault analysis; fault code location; human effort; human intervention; large binary program; reversed engineering technology; security vulnerability mining; Algorithm design and analysis; Bismuth; Heuristic algorithms; Humans; Security; Software; Syntactics; Fuzzing; automatic fault localization; reversing engineering; security vulnerabilities;
Conference_Titel :
Instrumentation, Measurement, Computer, Communication and Control, 2011 First International Conference on
Conference_Location :
Beijing
Print_ISBN :
978-0-7695-4519-6
DOI :
10.1109/IMCCC.2011.104
