EvolutionaryInputCrafting-ACSAC07

EvolutionaryInputCrafting-ACSAC07 - 23rd 23rd Annual...

Info iconThis preview shows pages 1–2. Sign up to view the full content.

View Full Document Right Arrow Icon
Automated Vulnerability Analysis: Leveraging Control Flow for Evolutionary Input Crafting Sherri Sparks, Shawn Embleton, Ryan Cunningham, Cliff Zou University of Central Florida {ssparks, embleton, czou}@cs.ucf.edu Abstract We present an extension of traditional "black box" fuzz testing using a genetic algorithm based upon a Dynamic Markov Model fitness heuristic. This heuristic allows us to "intelligently" guide input selection based upon feedback concerning the "success" of past inputs that have been tried. Unlike many software testing tools, our implementation is strictly based upon binary code and does not require that source code be available. Our evaluation on a Windows server program shows that this approach is superior to random black box fuzzing for increasing code coverage and depth of penetration into program control flow logic. As a result, the technique may be beneficial to the development of future automated vulnerability analysis tools. 1. Introduction As the number of households and businesses owning personal computers continues to climb, data and software security are becoming growing concerns. According to the National Vulnerability Database, the number of reported software vulnerabilities has risen from 25 in 1995 to nearly 5000 in 2005 [13]. As a result, there has been a great deal of commercial and academic interest in developing automated software security tools. Vulnerability analysis involves discovering a subset of the input space with which a malicious user can exploit logic errors in an application to drive it into an insecure state. As software becomes larger and more complex, exploring a commercial application’s entire state space for exploitable vulnerabilities becomes an intractable problem. To reduce the scope of exploration, security researchers have developed a number of testing techniques. White box testing, also known as structural or glass box analysis, typically involves detailed, manual analysis of either program source code or a static 1 disassembly. It is based upon This research was supported by NSF Grant CNS-0627318 and Intel research funds. the assumption that the tester has internal knowledge of the system during the test case generation process. In contrast, the black box or functional testing methodology views a program as a “black box”. It does not rely upon either source code or disassembly. Rather, it is based upon injecting random or semi- random external input into a program and then monitoring its output for unexpected behavior. This process is also sometimes referred to as fuzz testing or fault injection [7]. Time and cost are motivating factors in application security. Black box fuzzers have become popular in recent years because they provide a favorable cost / benefit ratio due to their simplicity and potential for automation.
Background image of page 1

Info iconThis preview has intentionally blurred sections. Sign up to view the full version.

View Full DocumentRight Arrow Icon
Image of page 2
This is the end of the preview. Sign up to access the rest of the document.

Page1 / 10

EvolutionaryInputCrafting-ACSAC07 - 23rd 23rd Annual...

This preview shows document pages 1 - 2. Sign up to view the full document.

View Full Document Right Arrow Icon
Ask a homework question - tutors are online