Mostrar el registro sencillo del ítem
dc.contributor.author
Grieco, Gustavo
dc.contributor.author
Ceresa, Martin Arnaldo
dc.contributor.author
Mista, Agustín
dc.contributor.author
Buiras, Pablo
dc.date.available
2018-06-28T15:01:32Z
dc.date.issued
2017-12
dc.identifier.citation
Grieco, Gustavo; Ceresa, Martin Arnaldo; Mista, Agustín; Buiras, Pablo; QuickFuzz testing for fun and profit; Elsevier Science Inc; Journal Of Systems And Software; 134; 12-2017; 340-354
dc.identifier.issn
0164-1212
dc.identifier.uri
http://hdl.handle.net/11336/50343
dc.description.abstract
Fuzzing is a popular technique to find flaws in programs using invalid or erroneous inputs but not without its drawbacks. At one hand, mutational fuzzers require a set of valid inputs as a starting point, in which modifications are then introduced. On the other hand, generational fuzzing allows to synthesize somehow valid inputs according to a specification. Unfortunately, this requires to have a deep knowledge of the file formats under test to write specifications of them to guide the test case generation process. In this paper we introduce an extended and improved version of QuickFuzz, a tool written in Haskell designed for testing unexpected inputs of common file formats on third-party software, taking advantage of off-the-self well known fuzzers. Unlike other generational fuzzers, QuickFuzz does not require to write specifications for the file formats in question since it relies on existing file-format-handling libraries available on the Haskell code repository. It supports almost 40 different complex file-types including images, documents, source code and digital certificates. In particular, we found QuickFuzz useful enough to discover many previously unknown vulnerabilities on real-world implementations of web browsers and image processing libraries among others.
dc.format
application/pdf
dc.language.iso
eng
dc.publisher
Elsevier Science Inc
dc.rights
info:eu-repo/semantics/openAccess
dc.rights.uri
https://creativecommons.org/licenses/by-nc-sa/2.5/ar/
dc.subject
Fuzzing
dc.subject
Haskell
dc.subject
Quickcheck
dc.subject
Testing
dc.subject.classification
Ciencias de la Computación
dc.subject.classification
Ciencias de la Computación e Información
dc.subject.classification
CIENCIAS NATURALES Y EXACTAS
dc.title
QuickFuzz testing for fun and profit
dc.type
info:eu-repo/semantics/article
dc.type
info:ar-repo/semantics/artículo
dc.type
info:eu-repo/semantics/publishedVersion
dc.date.updated
2018-06-28T14:15:28Z
dc.journal.volume
134
dc.journal.pagination
340-354
dc.journal.pais
Estados Unidos
dc.description.fil
Fil: Grieco, Gustavo. Consejo Nacional de Investigaciones Científicas y Técnicas. Centro Científico Tecnológico Conicet - Rosario. Centro Internacional Franco Argentino de Ciencias de la Información y de Sistemas. Universidad Nacional de Rosario. Centro Internacional Franco Argentino de Ciencias de la Información y de Sistemas; Argentina
dc.description.fil
Fil: Ceresa, Martin Arnaldo. Consejo Nacional de Investigaciones Científicas y Técnicas. Centro Científico Tecnológico Conicet - Rosario. Centro Internacional Franco Argentino de Ciencias de la Información y de Sistemas. Universidad Nacional de Rosario. Centro Internacional Franco Argentino de Ciencias de la Información y de Sistemas; Argentina
dc.description.fil
Fil: Mista, Agustín. Universidad Nacional de Rosario; Argentina
dc.description.fil
Fil: Buiras, Pablo. Harvard University; Estados Unidos
dc.journal.title
Journal Of Systems And Software
dc.relation.alternativeid
info:eu-repo/semantics/altIdentifier/url/https://www.sciencedirect.com/science/article/pii/S0164121217302066
dc.relation.alternativeid
info:eu-repo/semantics/altIdentifier/doi/http://dx.doi.org/10.1016/j.jss.2017.09.018
Archivos asociados