OpenSAW: Open Security Analysis Workbench

Ben Henda, Noomene; Johansson, Björn; Lantz, Patrik; Norrman, Karl; Saaranen, Pasi; Segersvärd, Oskar

OpenSAW: Open Security Analysis Workbench

Mark

Ben Henda, Noomene ; Johansson, Björn ; Lantz, Patrik ^LU ; Norrman, Karl ; Saaranen, Pasi and Segersvärd, Oskar (2017) Fundamental Approaches to Software Engineering 10202. p.321-337

Abstract: Software is today often composed of many sourced components, which potentially contain security vulnerabilities, and therefore require testing before being integrated. Tools for automated test case generation, for example, based on white-box fuzzing, are beneficial for this testing task. Such tools generally explore limitations of the specific underlying techniques for solving problems related to, for example, constraint solving, symbolic execution, search heuristics and execution trace extraction. In this article we describe the design of OpenSAW, a more flexible general-purpose white-box fuzzing framework intended to encourage research on new techniques identifying security problems. In addition, we have formalized two unaddressed... (More); Software is today often composed of many sourced components, which potentially contain security vulnerabilities, and therefore require testing before being integrated. Tools for automated test case generation, for example, based on white-box fuzzing, are beneficial for this testing task. Such tools generally explore limitations of the specific underlying techniques for solving problems related to, for example, constraint solving, symbolic execution, search heuristics and execution trace extraction. In this article we describe the design of OpenSAW, a more flexible general-purpose white-box fuzzing framework intended to encourage research on new techniques identifying security problems. In addition, we have formalized two unaddressed technical aspects and devised new algorithms for these. The first relates to generalizing and combining different program exploration strategies, and the second relates to prioritizing execution traces. We have evaluated OpenSAW using both in-house and external programs and identified several bugs.
(Less)

Please use this url to cite or link to this publication: https://lup.lub.lu.se/record/e68b5375-3dfb-48e8-ab41-37c05234488f

author

Ben Henda, Noomene ; Johansson, Björn ; Lantz, Patrik ^LU ; Norrman, Karl ; Saaranen, Pasi and Segersvärd, Oskar

organization

Networks and Security (research group)

publishing date

2017-04-22

type

Chapter in Book/Report/Conference proceeding

publication status

published

subject

Computer Science

host publication

Fundamental Approaches to Software Engineering : 20th International Conference, FASE 2017, Held as Part of the European Joint Conferences on Theory and Practice of Software, ETAPS 2017, Uppsala, Sweden, April 22-29, 2017, Proceedings - 20th International Conference, FASE 2017, Held as Part of the European Joint Conferences on Theory and Practice of Software, ETAPS 2017, Uppsala, Sweden, April 22-29, 2017, Proceedings

editor

Huisman, Marieke and Rubin, Julia

volume

10202

edition

1

pages

16 pages

publisher

Springer

conference name

Fundamental Approaches to Software Engineering

conference location

Uppsala, Sweden

conference dates

2017-04-22 - 2017-04-29

external identifiers

scopus:85016390660

ISBN

978-3-662-54494-5

978-3-662-54493-8

DOI

10.1007/978-3-662-54494-5

language

English

LU publication?

yes

id

e68b5375-3dfb-48e8-ab41-37c05234488f

alternative location

https://link.springer.com/chapter/10.1007/978-3-662-54494-5_18

date added to LUP

2017-07-05 11:09:09

date last changed

2024-02-29 17:59:14

@inproceedings{e68b5375-3dfb-48e8-ab41-37c05234488f,
  abstract     = {{Software is today often composed of many sourced components, which potentially contain security vulnerabilities, and therefore require testing before being integrated. Tools for automated test case generation, for example, based on white-box fuzzing, are beneficial for this testing task. Such tools generally explore limitations of the specific underlying techniques for solving problems related to, for example, constraint solving, symbolic execution, search heuristics and execution trace extraction. In this article we describe the design of OpenSAW, a more flexible general-purpose white-box fuzzing framework intended to encourage research on new techniques identifying security problems. In addition, we have formalized two unaddressed technical aspects and devised new algorithms for these. The first relates to generalizing and combining different program exploration strategies, and the second relates to prioritizing execution traces. We have evaluated OpenSAW using both in-house and external programs and identified several bugs.<br/>}},
  author       = {{Ben Henda, Noomene and Johansson, Björn and Lantz, Patrik and Norrman, Karl and Saaranen, Pasi and Segersvärd, Oskar}},
  booktitle    = {{Fundamental Approaches to Software Engineering : 20th International Conference, FASE 2017, Held as Part of the European Joint Conferences on Theory and Practice of Software, ETAPS 2017, Uppsala, Sweden, April 22-29, 2017, Proceedings}},
  editor       = {{Huisman, Marieke and Rubin, Julia}},
  isbn         = {{978-3-662-54494-5}},
  language     = {{eng}},
  month        = {{04}},
  pages        = {{321--337}},
  publisher    = {{Springer}},
  title        = {{OpenSAW: Open Security Analysis Workbench}},
  url          = {{http://dx.doi.org/10.1007/978-3-662-54494-5}},
  doi          = {{10.1007/978-3-662-54494-5}},
  volume       = {{10202}},
  year         = {{2017}},
}

Lund University Publications

LUND UNIVERSITY LIBRARIES

OpenSAW: Open Security Analysis Workbench