Empirical Analysis and Modeling of Black-Box Mutational Fuzzing

Capítulo de livro Revisado por pares

Empirical Analysis and Modeling of Black-Box Mutational Fuzzing

2016; Springer Science+Business Media; Linguagem: Inglês

10.1007/978-3-319-30806-7_11

ISSN

1611-3349

Autores

Mingyi Zhao, Peng Liu,

Tópico(s)

Software Engineering Research

Resumo

Black-box mutational fuzzing is a simple yet effective method for finding software vulnerabilities. In this work, we collect and analyze fuzzing campaign data of 60,000 fuzzing runs, 4,000 crashes and 363 unique bugs, from multiple Linux programs using CERT Basic Fuzzing Framework. Motivated by the results of empirical analysis, we propose a stochastic model that captures the long-tail distribution of bug discovery probability and exploitability. This model sheds light on practical questions such as what is the expected number of bugs discovered in a fuzzing campaign within a given time, why improving software security is hard, and why different parties (e.g., software vendors, white hats, and black hats) are likely to find different vulnerabilities. We also discuss potential generalization of this model to other vulnerability discovery approaches, such as recently emerged bug bounty programs.

Ver no editor

Altmetric

PlumX

Entrar

Lembrar minha senha

Receber meu e-mail de confirmação

Empirical Analysis and Modeling of Black-Box Mutational Fuzzing