OpenSAW: Open Security Analysis Workbench
(2017) Fundamental Approaches to Software Engineering 10202. p.321-337- Abstract
- Software is today often composed of many sourced components, which potentially contain security vulnerabilities, and therefore require testing before being integrated. Tools for automated test case generation, for example, based on white-box fuzzing, are beneficial for this testing task. Such tools generally explore limitations of the specific underlying techniques for solving problems related to, for example, constraint solving, symbolic execution, search heuristics and execution trace extraction. In this article we describe the design of OpenSAW, a more flexible general-purpose white-box fuzzing framework intended to encourage research on new techniques identifying security problems. In addition, we have formalized two unaddressed... (More)
- Software is today often composed of many sourced components, which potentially contain security vulnerabilities, and therefore require testing before being integrated. Tools for automated test case generation, for example, based on white-box fuzzing, are beneficial for this testing task. Such tools generally explore limitations of the specific underlying techniques for solving problems related to, for example, constraint solving, symbolic execution, search heuristics and execution trace extraction. In this article we describe the design of OpenSAW, a more flexible general-purpose white-box fuzzing framework intended to encourage research on new techniques identifying security problems. In addition, we have formalized two unaddressed technical aspects and devised new algorithms for these. The first relates to generalizing and combining different program exploration strategies, and the second relates to prioritizing execution traces. We have evaluated OpenSAW using both in-house and external programs and identified several bugs.
(Less)
Please use this url to cite or link to this publication:
https://lup.lub.lu.se/record/e68b5375-3dfb-48e8-ab41-37c05234488f
- author
- Ben Henda, Noomene ; Johansson, Björn ; Lantz, Patrik LU ; Norrman, Karl ; Saaranen, Pasi and Segersvärd, Oskar
- organization
- publishing date
- 2017-04-22
- type
- Chapter in Book/Report/Conference proceeding
- publication status
- published
- subject
- host publication
- Fundamental Approaches to Software Engineering : 20th International Conference, FASE 2017, Held as Part of the European Joint Conferences on Theory and Practice of Software, ETAPS 2017, Uppsala, Sweden, April 22-29, 2017, Proceedings - 20th International Conference, FASE 2017, Held as Part of the European Joint Conferences on Theory and Practice of Software, ETAPS 2017, Uppsala, Sweden, April 22-29, 2017, Proceedings
- editor
- Huisman, Marieke and Rubin, Julia
- volume
- 10202
- edition
- 1
- pages
- 16 pages
- publisher
- Springer
- conference name
- Fundamental Approaches to Software Engineering
- conference location
- Uppsala, Sweden
- conference dates
- 2017-04-22 - 2017-04-29
- external identifiers
-
- scopus:85016390660
- ISBN
- 978-3-662-54494-5
- 978-3-662-54493-8
- DOI
- 10.1007/978-3-662-54494-5
- language
- English
- LU publication?
- yes
- id
- e68b5375-3dfb-48e8-ab41-37c05234488f
- alternative location
- https://link.springer.com/chapter/10.1007/978-3-662-54494-5_18
- date added to LUP
- 2017-07-05 11:09:09
- date last changed
- 2025-01-07 16:43:01
@inproceedings{e68b5375-3dfb-48e8-ab41-37c05234488f, abstract = {{Software is today often composed of many sourced components, which potentially contain security vulnerabilities, and therefore require testing before being integrated. Tools for automated test case generation, for example, based on white-box fuzzing, are beneficial for this testing task. Such tools generally explore limitations of the specific underlying techniques for solving problems related to, for example, constraint solving, symbolic execution, search heuristics and execution trace extraction. In this article we describe the design of OpenSAW, a more flexible general-purpose white-box fuzzing framework intended to encourage research on new techniques identifying security problems. In addition, we have formalized two unaddressed technical aspects and devised new algorithms for these. The first relates to generalizing and combining different program exploration strategies, and the second relates to prioritizing execution traces. We have evaluated OpenSAW using both in-house and external programs and identified several bugs.<br/>}}, author = {{Ben Henda, Noomene and Johansson, Björn and Lantz, Patrik and Norrman, Karl and Saaranen, Pasi and Segersvärd, Oskar}}, booktitle = {{Fundamental Approaches to Software Engineering : 20th International Conference, FASE 2017, Held as Part of the European Joint Conferences on Theory and Practice of Software, ETAPS 2017, Uppsala, Sweden, April 22-29, 2017, Proceedings}}, editor = {{Huisman, Marieke and Rubin, Julia}}, isbn = {{978-3-662-54494-5}}, language = {{eng}}, month = {{04}}, pages = {{321--337}}, publisher = {{Springer}}, title = {{OpenSAW: Open Security Analysis Workbench}}, url = {{http://dx.doi.org/10.1007/978-3-662-54494-5}}, doi = {{10.1007/978-3-662-54494-5}}, volume = {{10202}}, year = {{2017}}, }