UDC 004.05, 004.42
FUZZING TECHNIQUE AND ITS USAGE IN CYBERSECURITY TASKS
Abstract. The paper considers the technology of fuzzy testing, which involves testing software systems with the operating of critical or unexpected input data. An overview of the current state of the problem is made and the main systems of fuzzy testing are presented. The approach to the technology of fuzzy testing with the use of algebraic methods, in particular symbolic modeling, is considered. The “light weight” algorithm, which is designed to reduce the generation time of tests, is considered. The algorithm is implemented in the environment of the insertion modeling system and applied in testing older versions of systems developed in Linux.
Keywords: fuzzing, vulnerabily of software, symbolic modeling, behavior algebra, insertion model.
FULL TEXT
REFERENCES
- American Fuzzy Lop. URL: https://lcamtuf.blogspot.com/2014/10/bash-bug-how-we-finally -cracked.html.
- Synopsis. URL: https://www.synopsys.com/software-integrity/security-testing/fuzz-testing.html.
- Peach. URL: https://medium.com/csg-govtech/lifes-a-peach-fuzzer-how-to-build-and-use-gitlab -s-open-source-protocol-fuzzer-fd78c9caf05e.
- Syzkaller. URL: https://github.com/google/syzkaller/blob/master/docs/research.md.
- SAGE. URL: https://queue.acm.org/detail.cfm?id=2094081.
- Csmith. URL: https://srg.doc.ic.ac.uk/files/papers/compilerbugs-oopsla-19.pdf.
- Letychevsky O.O., Hryniuk Ya.V., Yakovlev V.M. Algebraic approach in formalizing vulnerabilities in binary code. Control Systems and Computers. 2019. N 6. P. 5–20.
- Letichevsky A. Algebra of behavior transformations and its applications. Structural Theory of Automata, Semigroups, and Universal Algebra. NATO Science Series II. Mathematics, Physics and Chemistry. Kudryavtsev V.B., Rosenberg I.G. (Eds.). 2005. Vol. 207. P. 241–272.
- Letychevskyi O., Peschanenko V., Radchenko V., Hryniuk Y., Yakovlev V. Algebraic patterns of vulnerabilities in binary code. Conference Proceedings of 2019 10th International Conference on Dependable Systems, Services and Technologies (DESSERT’2019) (June 5–7, 2019, Leeds, United Kingdom). IEEE, 2019. P. 70–73.
- Potienko S.V. Methods for forward and backward symbolic modeling of systems specified by basic protocols. Problemy programuvannya. 2008. N 4. p. 39–45.
- Letichevsky A.Ad., Letichevsky A.A., Godlevsky A.B., Peschanenko V.S., Potienko S.V. Properties of the predicate transformer of the VRS system. Kibernetika i sistemnyj analiz. 2010. N 4. P. 3–16.
- Letichevsky A., Letychevskyi O., Peschanenko V. Insertion modeling and its applications. Computer Science Journal of Moldova. 2016. Vol. 24, Iss. 3. P. 357–370.