Advanced

OpenSAW: Open Security Analysis Workbench

Ben Henda, Noomene; Johansson, Björn ; Lantz, Patrik LU ; Norrman, Karl; Saaranen, Pasi and Segersvärd, Oskar (2017) Fundamental Approaches to Software Engineering In Fundamental Approaches to Software Engineering 10202. p.321-337
Abstract (Swedish)
Software is today often composed of many sourced components, which potentially contain security vulnerabilities, and therefore require testing before being integrated. Tools for automated test case generation, for example, based on white-box fuzzing, are beneficial for this testing task. Such tools generally explore limitations of the specific underlying techniques for solving problems related to, for example, constraint solving, symbolic execution, search heuristics and execution trace extraction. In this article we describe the design of OpenSAW, a more flexible general-purpose white-box fuzzing framework intended to encourage research on new techniques identifying security problems. In addition, we have formalized two unaddressed... (More)
Software is today often composed of many sourced components, which potentially contain security vulnerabilities, and therefore require testing before being integrated. Tools for automated test case generation, for example, based on white-box fuzzing, are beneficial for this testing task. Such tools generally explore limitations of the specific underlying techniques for solving problems related to, for example, constraint solving, symbolic execution, search heuristics and execution trace extraction. In this article we describe the design of OpenSAW, a more flexible general-purpose white-box fuzzing framework intended to encourage research on new techniques identifying security problems. In addition, we have formalized two unaddressed technical aspects and devised new algorithms for these. The first relates to generalizing and combining different program exploration strategies, and the second relates to prioritizing execution traces. We have evaluated OpenSAW using both in-house and external programs and identified several bugs.
(Less)
Please use this url to cite or link to this publication:
author
organization
publishing date
type
Chapter in Book/Report/Conference proceeding
publication status
published
subject
in
Fundamental Approaches to Software Engineering
editor
Huisman, Marieke; Rubin, Julia; and
volume
10202
pages
16 pages
publisher
Springer Verlag
conference name
Fundamental Approaches to Software Engineering
external identifiers
  • scopus:85016390660
ISBN
978-3-662-54494-5
978-3-662-54493-8
DOI
10.1007/978-3-662-54494-5
language
English
LU publication?
yes
id
e68b5375-3dfb-48e8-ab41-37c05234488f
alternative location
https://link.springer.com/chapter/10.1007/978-3-662-54494-5_18
date added to LUP
2017-07-05 11:09:09
date last changed
2018-01-29 11:05:00
@inproceedings{e68b5375-3dfb-48e8-ab41-37c05234488f,
  abstract     = {Software is today often composed of many sourced components, which potentially contain security vulnerabilities, and therefore require testing before being integrated. Tools for automated test case generation, for example, based on white-box fuzzing, are beneficial for this testing task. Such tools generally explore limitations of the specific underlying techniques for solving problems related to, for example, constraint solving, symbolic execution, search heuristics and execution trace extraction. In this article we describe the design of OpenSAW, a more flexible general-purpose white-box fuzzing framework intended to encourage research on new techniques identifying security problems. In addition, we have formalized two unaddressed technical aspects and devised new algorithms for these. The first relates to generalizing and combining different program exploration strategies, and the second relates to prioritizing execution traces. We have evaluated OpenSAW using both in-house and external programs and identified several bugs.<br/>},
  author       = {Ben Henda, Noomene and Johansson, Björn  and Lantz, Patrik and Norrman, Karl and Saaranen, Pasi  and Segersvärd, Oskar},
  booktitle    = {Fundamental Approaches to Software Engineering},
  editor       = {Huisman, Marieke and Rubin, Julia},
  isbn         = { 978-3-662-54494-5},
  language     = {eng},
  month        = {04},
  pages        = {321--337},
  publisher    = {Springer Verlag},
  title        = {OpenSAW: Open Security Analysis Workbench},
  url          = {http://dx.doi.org/10.1007/978-3-662-54494-5},
  volume       = {10202},
  year         = {2017},
}