The Infona portal uses cookies, i.e. strings of text saved by a browser on the user's device. The portal can access those files and use them to remember the user's data, such as their chosen settings (screen view, interface language, etc.), or their login data. By using the Infona portal the user accepts automatic saving and using this information for portal operation purposes. More information on the subject can be found in the Privacy Policy and Terms of Service. By closing this window the user confirms that they have read the information on cookie usage, and they accept the privacy policy and the way cookies are used by the portal. You can change the cookie settings in your browser.
Symbolic execution is one of the most important computational intelligence methods in vulnerability detection, delivering high code coverage. The bottleneck of dynamic symbolic execution is its running speed, and few existing works focus on research of the problem. In the paper, we present a taint-based symbolic execution method to improve its efficiency. The property of our method includes: 1) it...
Security corporations and researchers usually employ fuzzing techniques to find hiding bugs of programs. They collect millions of sample files to test target programs with mutating samples' byte randomly. However, it wastes lots of time and computation resources because the programs mostly repeat same paths with these samples. In the paper, we design a flexible and efficient method to calculate the...
The taint analysis method is usually effective for vulnerabilities detection. Existing works mostly care about the accuracy of taint propagation, not considering the time cost. We proposed a novel method to improve the efficiency of taint propagation with indices. Based our method, we have implemented TWalker, an effective vulnerabilities detection tool that enables easy data flow analysis of the...
Detecting vulnerabilities in binary codes is one of the most difficult problems due to the lack of type information and symbols. We propose a novel tool to perform symbolic execution inside the routines of binary codes, providing easy static analysis for vulnerability detection. Compared with existing systems, our tool has four properties: first, it could work on binary codes without source codes,...
Fuzz testing is an automated black-box testing technique providing random data as input to a software system in the hope to find vulnerability. In order to be effective, the fuzzed input must be common enough to pass elementary consistency checks. Web Browser accepts JavaScript, CSS files as well as the html as input, which must be considered in fuzzing testing, while traditional fuzzing technology...
Network services face various security challenges such as targeted attacks exploiting security vulnerabilities. Fuzz testing plays an important role in security testing of network service. However, current fuzzing approaches focus on protocol syntax and packet structure, more than multi-phase behavioral interactions between client and server of network service. This paper presents a model-based behavioral...
As one of critical components of information infra-structure, database management system (DBMS) faces various security challenges. Although fuzz testing has been used in the security evaluation of DBMS, most of current fuzzers focus on SQL syntax more than multi-phase interaction between the client and server of DBMS. This paper presents a model-based fuzzing approach to discover vulnerabilities of...
The correctness of mission-critical software is an important part of information security and oracle problem[1] is often a great constraint for their testing. Metamorphic testing(MT) is practical for oracle problem, but calls for more executions and only focuses on program's mathematics properties in most situations. This article provides the Path-Combination-Based MT method, which mines the relationships...
Set the date range to filter the displayed results. You can set a starting date, ending date or both. You can enter the dates manually or choose them from the calendar.