Research on Fuzz Testing Framework based on Concolic Execution

Multi-trace Concolic Execution Framework

CAB-Fuzz: Practical Concolic Testing Techniques for COTS Operating Systems

Discovering the security vulnerabilities of commercial off-the-shelf (COTS) operating systems (OSes) is challenging because they not only are huge and complex, but also lack detailed debug information. Concolic testing, which generates all feasible inputs of a program by using symbolic execution and tests the program with the generated inputs, is one of the most promising approaches to solve th...

Concolic Execution for Django Applications

Concolic execution systems allow developers to verify that invariants in their applications are not violated no matter what input is given by a user. This was demonstrated in Lab 3, where the Z3 solver was used to find inputs that would trigger inconsistencies in Zoobar balances. Unfortunately, the lab’s framework is written specifically for Zoobar, and would therefore not work for other applic...

Virtualization Based Secure Execution and Testing Framework

Computer security aims at protecting confidentiality, integrity, and availability of sensitive information that are processed, used, or stored by computing systems. Computer scientists working in the field of computer security have successfully designed and developed software and hardware mechanisms to provide security in modern day computing devices. As compared to hardware security mechanisms...

Automated Whitebox Fuzz Testing

Fuzz testing is an effective technique for finding security vulnerabilities in software. Traditionally, fuzz testing tools apply random mutations to well-formed inputs and test the program on the resulting values. We present an alternative whitebox fuzz testing approach inspired by recent advances in symbolic execution and dynamic test generation. Our approach records an actual run of a program...