QuickFuzz testing for fun and profit
Artikel i vetenskaplig tidskrift, 2017
In this paper we introduce an extended and improved version of QuickFuzz, a tool written in Haskell designed for testing unexpected inputs of common file formats on third-party software, taking advantage of off-the-self well known fuzzers.
Unlike other generational fuzzers, QuickFuzz does not require to write specifications for the file formats in question since it relies on existing file-format-handling libraries available on the Haskell code repository. It supports almost 40 different complex file-types including images, documents, source code and digital certificates.
In particular, we found QuickFuzz useful enough to discover many previously unknown vulnerabilities on real-world implementations of web browsers and image processing libraries among others.
Haskell
QuickCheck
Testing
Fuzzing
Författare
Gustavo Grieco
CIFASIS-CONICET
Martín Ceresa
CIFASIS-CONICET
Claudio Agustin Mista
Informationssäkerhet
Pablo Buiras
Harvard University
Journal of Systems and Software
0164-1212 (ISSN)
Vol. 134 December 2017 340-354Styrkeområden
Informations- och kommunikationsteknik
Ämneskategorier
Datorsystem
DOI
10.1016/j.jss.2017.09.018