Mostrar el registro sencillo del ítem

dc.contributor.author
Grieco, Gustavo  
dc.contributor.author
Ceresa, Martin Arnaldo  
dc.contributor.author
Mista, Agustín  
dc.contributor.author
Buiras, Pablo  
dc.date.available
2018-06-28T15:01:32Z  
dc.date.issued
2017-12  
dc.identifier.citation
Grieco, Gustavo; Ceresa, Martin Arnaldo; Mista, Agustín; Buiras, Pablo; QuickFuzz testing for fun and profit; Elsevier Science Inc; Journal Of Systems And Software; 134; 12-2017; 340-354  
dc.identifier.issn
0164-1212  
dc.identifier.uri
http://hdl.handle.net/11336/50343  
dc.description.abstract
Fuzzing is a popular technique to find flaws in programs using invalid or erroneous inputs but not without its drawbacks. At one hand, mutational fuzzers require a set of valid inputs as a starting point, in which modifications are then introduced. On the other hand, generational fuzzing allows to synthesize somehow valid inputs according to a specification. Unfortunately, this requires to have a deep knowledge of the file formats under test to write specifications of them to guide the test case generation process. In this paper we introduce an extended and improved version of QuickFuzz, a tool written in Haskell designed for testing unexpected inputs of common file formats on third-party software, taking advantage of off-the-self well known fuzzers. Unlike other generational fuzzers, QuickFuzz does not require to write specifications for the file formats in question since it relies on existing file-format-handling libraries available on the Haskell code repository. It supports almost 40 different complex file-types including images, documents, source code and digital certificates. In particular, we found QuickFuzz useful enough to discover many previously unknown vulnerabilities on real-world implementations of web browsers and image processing libraries among others.  
dc.format
application/pdf  
dc.language.iso
eng  
dc.publisher
Elsevier Science Inc  
dc.rights
info:eu-repo/semantics/openAccess  
dc.rights.uri
https://creativecommons.org/licenses/by-nc-sa/2.5/ar/  
dc.subject
Fuzzing  
dc.subject
Haskell  
dc.subject
Quickcheck  
dc.subject
Testing  
dc.subject.classification
Ciencias de la Computación  
dc.subject.classification
Ciencias de la Computación e Información  
dc.subject.classification
CIENCIAS NATURALES Y EXACTAS  
dc.title
QuickFuzz testing for fun and profit  
dc.type
info:eu-repo/semantics/article  
dc.type
info:ar-repo/semantics/artículo  
dc.type
info:eu-repo/semantics/publishedVersion  
dc.date.updated
2018-06-28T14:15:28Z  
dc.journal.volume
134  
dc.journal.pagination
340-354  
dc.journal.pais
Estados Unidos  
dc.description.fil
Fil: Grieco, Gustavo. Consejo Nacional de Investigaciones Científicas y Técnicas. Centro Científico Tecnológico Conicet - Rosario. Centro Internacional Franco Argentino de Ciencias de la Información y de Sistemas. Universidad Nacional de Rosario. Centro Internacional Franco Argentino de Ciencias de la Información y de Sistemas; Argentina  
dc.description.fil
Fil: Ceresa, Martin Arnaldo. Consejo Nacional de Investigaciones Científicas y Técnicas. Centro Científico Tecnológico Conicet - Rosario. Centro Internacional Franco Argentino de Ciencias de la Información y de Sistemas. Universidad Nacional de Rosario. Centro Internacional Franco Argentino de Ciencias de la Información y de Sistemas; Argentina  
dc.description.fil
Fil: Mista, Agustín. Universidad Nacional de Rosario; Argentina  
dc.description.fil
Fil: Buiras, Pablo. Harvard University; Estados Unidos  
dc.journal.title
Journal Of Systems And Software  
dc.relation.alternativeid
info:eu-repo/semantics/altIdentifier/url/https://www.sciencedirect.com/science/article/pii/S0164121217302066  
dc.relation.alternativeid
info:eu-repo/semantics/altIdentifier/doi/http://dx.doi.org/10.1016/j.jss.2017.09.018