ETD PDF

Using Grammar Extracted from Sample Input to Generate Effective Fuzzing Files

Citation

Al Salem, Hamad. (2021-12). Using Grammar Extracted from Sample Input to Generate Effective Fuzzing Files. Theses and Dissertations Collection, University of Idaho Library Digital Collections. https://www.lib.uidaho.edu/digital/etd/items/alsalem_idaho_0089e_12234.html

Title:
Using Grammar Extracted from Sample Input to Generate Effective Fuzzing Files
Author:
Al Salem, Hamad
Date:
2021-12
Keywords:
Fuzzing Grammar analysis Software security Software testing
Program:
Computer Science
Subject Category:
Computer science
Abstract:

Software testing is an important step in the software development life cycle. It focuses on testing software functionalities, finding vulnerabilities, and assuring the software is executing as expected. Fuzzing is a software testing technique which feeds random input to programs and monitors for abnormal behaviors such as a program crash. Fuzzing can be automated and does not require access to the source code compared to manually reviewing the source code which requires a huge amount of time and cost. It can trigger vulnerabilities that the programmers overlooked while programming, such as buffer overflow, off by one error, etc. One of the limitations of fuzzing is that most programs require highly structured input or certain input patterns and therefore the fuzz testing may be terminated at an early stage of program execution because of not meeting the input format requirements. Some previous studies resolve this problem by manually creating program specific input grammars to help guide fuzzing, which is tedious, error prone, and time consuming. However, this solution cannot work efficiently when testing multiple programs which require different input patterns. To solve this problem, a general grammar-based fuzzing technique is proposed and developed in this dissertation. The new fuzzer can extract grammar from the sample input files of a program, and then generate effective fuzzing files based on the grammar. This fuzzing tool is able to work with different programs by extracting grammars from them automatically and hence generating program specific fuzzing files. The goal of this research includes developing an algorithm to extract grammars from sample input files, generating effective fuzzing files to test the programs, and implementing a fuzzing tool using Python programming language. The main contribution of this research is helping software developers and security experts in revealing vulnerabilities in various programs automatically by using the developed fuzzing tool.

Description:
doctoral, Ph.D., Computer Science -- University of Idaho - College of Graduate Studies, 2021-12
Major Professor:
Song, Jia
Committee:
Alves-Foss, James; Soule, Terence; Ma, Xiaogang
Defense Date:
2021-12
Identifier:
AlSalem_idaho_0089E_12234
Type:
Text
Format Original:
PDF
Format:
application/pdf

Contact us about this record

Rights
Rights:
In Copyright - Educational Use Permitted. For more information, please contact University of Idaho Library Special Collections and Archives Department at libspec@uidaho.edu.
Standardized Rights:
http://rightsstatements.org/vocab/InC-EDU/1.0/