원문정보
초록
영어
File fuzzing(or file fuzz testing) is a software testing technique that checks the response of a target program against abnormal file inputs. It is simply random testing but powerful. Especially, it is worth as security testing. However, file fuzzing is inefficient in the sense that it takes too much time, nearly endless, and so on. For even one input file, it takes several seconds to execute. Besides, most input files that are generated randomly are invalid.
We propose the advanced file fuzzing system applying field information and fault-injection rule. For a file, field information represents the starting position, size, unique name, and valid data type of each field. And fault-injection rule is the formalized expression to describe generating and injecting a fault. These enable us to make effective input files and to distribute fuzzing works to several machines. In addition, our system provides the independent random fuzzing.
목차
1. Introduction
2. File fuzzing
3. Advanced file fuzzing system
3.1. Field information
3.2. Fault-injection rule
3.3. Defining &Distributing
3.4. User-defined fuzzing
3.5. Random fuzzing
4. Improvements
5. Conclusion
6. References