A5051865705- Software Testing and Debugging Techniques
- Software Reliability and Analysis Research
- Advanced Malware Detection Techniques
- Formal Methods in Verification
- VLSI and Analog Circuit Testing
- Radiation Effects in Electronics
- Engineering and Test Systems
- Software Engineering Research
- Embedded Systems Design Techniques
Russian-Armenian University
2019-2024
Yerevan State University
2018-2019
In this paper we introduce ISP-Fuzzer, an extendable fuzzing framework. The framework supports plugins which makes possible to tune it for any task. ISP-Fuzzer capable of performing for: files, standard input, network, network protocols. As well can generate BNF structured data compilers and interpreters fuzzing. number performing: code static analysis, dynamic symbolic execution, directed etc. designed run on multiprocessor distributed systems. During experimental setup the tool has...
This article presents new method for fuzzing programs accepting complex structured data based on BNF grammars. The majority of existing methods do not take into account the structure inputs target program. Existing generating tools have various restrictions: rules must be specified program, they are scalable, generated is fully compatible with rules, etc. We propose algorithm generation which uses ANTLR platform's descriptions more than 120 languages and formats. Every rule grammar designed...
In this paper we present a new approach for directed fuzzing. It enables faster generation of the input data target program's specific instructions execution. Existing fuzzing tools randomly generate or mutate to increase code coverage. This is not effective analysis special regions. The basic idea behind instrument program in such way that interesting fragments were executed as soon possible. For propose detect all paths which are connecting entry point considered instructions. Then apply...
This article presents novel method for efficient fuzzing of programs accepting complex structured data. It generates input data based on formal grammar description. Data generator is periodically autoconfigured target code coverage. means that the type generated dynamically changed to increase uses descriptions BNF (Backus-Naur Form) rules in ANTLR (ANother Tool Language Recognition) platform. More than 250 languages and formats are supported. Every rule designed as universal pushdown...
Randomized testing (fuzzing) is a well-known approach for finding bugs in programs. Fuzzing typically performed during the finishing stage of quality assurance order to check stability target program face malformed or unexpected input data. Modern software more than often provides an API extending its functionality by third-party developers; since entry point internals, and usage scenarios must be tested as well. Thorough involve checking large number possible it fairly obvious that fuzzing...
In this paper we present a novel code analysis platform referred as "GENESISP". Its aim is to collect vast database of open source software and apply several integrated analyses. This allows understand relations within binary code, well detect existing defects. All the analyses are compatible with each other can be combined, which provides more robust possibilities. first stage framework tries collect, process store related data into database. Various resources used for that purpose. For...
This paper presents a novel approach of generation effective inputs for fuzz testing. Most applications check input format before performing basic calculations. That kind usually parse service information file to decide whether it is supported or not. Input formats which are not discarded and the application finishes its execution immediately. For example, ELF (Extensible Linking Format) should start with following data: "0x7f 'E' 'L' 'F'". If does contain this in header section then will be...