Efficient Model-based Fuzz Testing Using Higher-order Attribute Grammars
نویسندگان
چکیده
Format specifications of data input are critical to model-based fuzz testing. Present methods cannot describe the format accurately, which leads to high redundancy in testing practices. In order to improve testing efficiency, we propose a grammar-driven approach to fuzz testing. Firstly, we build a formal model of data format using higher-order attribute grammars, and construct syntax tree on the basis of data samples. Secondly, all nodes in the syntax tree are traversed and mutated to generate test cases according to the attribute rules. Experimental results show that the proposed approach can reduce invalid and redundant test cases, and discover potential vulnerabilities of software implementations effectively.
منابع مشابه
Object - Oriented Attribute Grammars
This paper introduces object-oriented attribute grammars. These can be characterized as a notation for all classes of attribute grammars. Based on a subtype relation between grammar rules, inheritance of attributes and attribute computations are defined. With this approach, attributes local to grammar rules and the elimination of chain rules are possible without any special constructs. We prese...
متن کاملAutomatic and lightweight grammar generation for fuzz testing
Blackbox fuzz testing can only test a small portion of code when rigorously checking the well-formedness of input values. To overcome this problem, blackbox fuzz testing is performed using a grammar that delineates the format information of input values. However, it is almost impossible to manually construct a grammar if the input specifications are not known. We propose an alternative techniqu...
متن کاملJuly 2000 Third Workshop on Attribute Grammars and Their Applications Waga2000 Attribute Grammars as Record Calculus a Structure-oriented Denotational Semantics of Attribute Grammars by Using Cardelli's Record Calculus
In this paper, we present a new denotational semantics of attribute grammars (AGs) by using Cardelli's record calculus. This new denotational semantics is simple, natural and structure-oriented. AGs have been considered useful in describing interactive programming environments as well as in specifying the semantics of programming languages. Using AGs, interactive programming environments are of...
متن کاملDetecting Communication Protocol Security Flaws by Formal Fuzz Testing and Machine Learning
Network-based fuzz testing has become an effective mechanism to ensure the security and reliability of communication protocol systems. However, fuzz testing is still conducted in an ad-hoc manner with considerable manual effort, which is mainly due to the unavailability of protocol model. In this paper we present our on-going work of developing an automated and measurable protocol fuzz testing ...
متن کاملZipper-based Embedding of Modern Attribute Grammar Extensions
This research abstract describes the research plan for a Ph.D project. We plan to define a powerful and elegant embedding of modern extensions to attribute grammars. Attribute grammars are a suitable formalism to express complex, multiple traversal algorithms. In recent years there has been a lot of work in attribute grammars, namely by defining new extensions to the formalism (forwarding and r...
متن کاملذخیره در منابع من
با ذخیره ی این منبع در منابع من، دسترسی به آن را برای استفاده های بعدی آسان تر کنید
برای دانلود متن کامل این مقاله و بیش از 32 میلیون مقاله دیگر ابتدا ثبت نام کنید
ثبت ناماگر عضو سایت هستید لطفا وارد حساب کاربری خود شوید
ورودعنوان ژورنال:
- JSW
دوره 8 شماره
صفحات -
تاریخ انتشار 2013