Stochastic software testing for vulnerability analysis
Journal: Scientific and Technical Journal of Information Technologies, Mechanics and Optics (Vol.21, No. 6)Publication Date: 2021-12-24
Authors : Maneev A.O. Spivak A.I.;
Page : 895-902
Keywords : testing; dynamic testing; stochastic testing; vulnerability; fuzzing;
Abstract
Stochastic testing by fuzzing tools is one of the approaches to software vulnerability analysis. A testing process usually generates random input data for a tested program and takes a significant period of time. Reducing testing time is an important task. One of the areas of research for improving testing is to define only those sets of data sequences, which have an impact on the execution path of the tested program. Thus, a new approach of input data generation that reduces total testing time allows finding more program vulnerabilities. The paper suggests a modification of a genetic algorithm, which is used by fuzzer afl (American Fuzzy Lop). The promising positions model is introduced to improve the efficiency of input data generation. With this model, the most promising position in input data is chosen by the fuzzer genetic algorithm from the viewpoint of vulnerability analysis for next mutation steps. Compared to existing solutions, the suggested model pays attention to the perspective position of a data element to increase code coverage and directs the genetic algorithm to change it. The model was evaluated with the popular fuzzer afl and its modifications (aflfast, symfuzz, afl-rb). During the evaluation study, the suggested model reached 21 % more code coverage than existing solutions. Edge coverage between base program blocks is increased from 20897.3 up to 17267.4. The developed model can be used during software testing, which implies an input and processing of user data. The model can be integrated into stochastic testing tools. The modification should be done only, in the random generator component and does not require redesigning the whole testing tool.
Other Latest Articles
- An approach to the identification of the state of elements in cyber-physical systems based on principal component analysis
- Measurements of heat capacity and thermal conductivity of β-Ga2O3 and β-(AlxGa1–x)2O3 bulk crystals grown by the Czochralski method
- Impact of magnesium oxide concentration and yttrium-aluminum garnet stoichiometry deviation on the microstructure and optical transmission of YAG-based ceramics
- Different III-V semiconductor nanowires with quantum dots on silicon: growth by molecular-beam epitaxy and properties
- An algorithm of trajectory control for the movement of a mobile robot without measuring the position coordinates
Last modified: 2022-01-10 19:54:56