Automatic Fault Localization for Fuzzing
Fuzzing has proved successful in finding security vulnerabilities in large binary programs.Traditionally,reversing engineering technologies are used to locate codes that may lead to exceptions in Fuzzing,and this may demand a great amount of human efforts and consequently gives rise to low efficiency.In this paper,an automatic fault localization method for Fuzzing is proposed together with an automatic vulnerability analysis system named FuzzLoc.FuzzLoc can filter key instructions that may directly cause exceptions.Starting from these key instructions,FuzzLoc implements automatic fault localization by backtracing.With FuzzLoc,a great deal of human efforts can be saved.Experiments show that FuzzLoc can locate fault codes accurately with little human intervention and consequently improves efficiency of fault analysis and vulnerability mining.
Fuzzing security vulnerabilities reversing engineering automatic fault localization
YU Lu WU Lifa PAN Fan ZHUANG Honglin HONG Zheng
Institute of Command Automation PLA University of Science & Technology Nanjing, China
国际会议
北京
英文
388-391
2011-10-21(万方平台首次上网日期,不代表论文的发表时间)