Journal ArticleDOI
An empirical study of the reliability of UNIX utilities
Reads0
Chats0
TLDR
The following section describes the tools built to test the utilities, including the fuzz (random character) generator, ptyjig (to test interactive utilities), and scripts to automate the testing process.Abstract:
The following section describes the tools we built to test the utilities. These tools include the fuzz (random character) generator, ptyjig (to test interactive utilities), and scripts to automate the testing process. Next, we will describe the tests we performed, giving the types of input we presented to the utilities. Results from the tests will follow along with an analysis of the results, including identification and classification of the program bugs that caused the crashes. The final section presents concluding remarks, including suggestions for avoiding the types of problems detected by our study and some commentary on the bugs we found. We include an Appendix with the user manual pages for fuzz and ptyjig.read more
Citations
More filters
Proceedings ArticleDOI
Privacy oracle: a system for finding application leaks with black box differential testing
TL;DR: The design and implementation of Privacy Oracle, a system that reports on application leaks of user information via the network traffic that they send are described, and a differential testing technique in which perturbations in the application inputs are mapped to perturbation in theApplication outputs to discover likely leaks is developed.
Book ChapterDOI
SNOOZE: toward a stateful network protocol fuzZEr
Greg Banks,Marco Cova,Viktoria Felmetsger,Kevin C. Almeroth,Richard A. Kemmerer,Giovanni Vigna +5 more
TL;DR: SNOOZE as discussed by the authors is a tool for building flexible, security-oriented, network protocol fuzzers that can be used to effectively identify security flaws in network protocol implementations, which is a stateful fuzzing approach that allows a tester to describe the stateful operation of a protocol and the messages that need to be generated in each state.
Proceedings ArticleDOI
Finding errors in .net with feedback-directed random testing
TL;DR: A team of test engineers at Microsoft applied a feedback-directed random testing tool to a critical component of the .NET architecture, finding errors in the component that eluded previous testing.
Journal ArticleDOI
Model-based security testing: a taxonomy and systematic classification
TL;DR: An overview of the state of the art in model‐based security testing is provided and promising research directions with regard to security properties, coverage criteria and the feasibility and return on investment of model‐ based security testing are discussed.
Proceedings ArticleDOI
KameleonFuzz: evolutionary fuzzing for black-box XSS detection
TL;DR: KameleonFuzz is proposed, a black-box Cross Site Scripting (XSS) fuzzer for web applications that can not only generate malicious inputs to exploit XSS, but also detect how close it is revealing a vulnerability.
References
More filters
Journal ArticleDOI
On the criteria to be used in decomposing systems into modules
TL;DR: In this paper, the authors discuss modularization as a mechanism for improving the flexibility and comprehensibility of a system while allowing the shortening of its development time, and the effectiveness of modularization is dependent upon the criteria used in dividing the system into modules.
Journal ArticleDOI
Letters to the editor: go to statement considered harmful
TL;DR: My considerations are that, although the programmer's activity ends when he has constructed a correct program, the process taking place under control of his program is the true subject matter of his activity, and that his intellectual powers are rather geared to master static relations and his powers to visualize processes evolving in time are relatively poorly developed.
Book
Go to statement considered harmful
TL;DR: In form and content, Dijkstra's letter is similar to his 1965 paper, and the last few paragraphs underscore once again why the subject of structured programming stayed out of the mainstream of the data processing industry for so long.
Journal ArticleDOI
Efficient learning of context-free grammars from positive structural examples
TL;DR: It is shown that the class of reversible context-free grammars can be identified in the limit frompositive samples of structural descriptions and there exists an efficient algorithm to identify them from positive samples ofStructural descriptions, where a structural description of a context- free grammar is an unlabelled derivation tree of the grammar.
Journal ArticleDOI
Crisis and aftermath
TL;DR: Last November the Internet was infected with a worm program that eventually spread to thousands of machines, disrupting normal activities and Internet connectivity for many days.