Dowsing for Overflows: A Guided Fuzzer to Find Buffer Boundary Violations

@inproceedings{Haller2013DowsingFO,
  title={Dowsing for Overflows: A Guided Fuzzer to Find Buffer Boundary Violations},
  author={Istv{\'a}n Haller and Asia Slowinska and Matthias Neugschwandtner and Herbert Bos},
  booktitle={USENIX Security Symposium},
  year={2013}
}
Dowser is a 'guided' fuzzer that combines taint tracking, program analysis and symbolic execution to find buffer overflow and underflow vulnerabilities buried deep in a program's logic. The key idea is that analysis of a program lets us pinpoint the right areas in the program code to probe and the appropriate inputs to do so. Intuitively, for typical buffer overflows, we need consider only the code that accesses an array in a loop, rather than all possible instructions in the program. After… CONTINUE READING

Citations

Publications citing this paper.
SHOWING 1-10 OF 114 CITATIONS

Evaluating Fuzz Testing

  • ACM Conference on Computer and Communications Security
  • 2018
VIEW 9 EXCERPTS
CITES BACKGROUND & RESULTS
HIGHLY INFLUENCED

Evaluating Initial Inputs for Concolic Testing

  • 2015 International Symposium on Theoretical Aspects of Software Engineering
  • 2015
VIEW 5 EXCERPTS
CITES BACKGROUND & METHODS
HIGHLY INFLUENCED

NAUTILUS: Fishing for Deep Bugs with Grammars

VIEW 3 EXCERPTS
CITES BACKGROUND
HIGHLY INFLUENCED

Directed Greybox Fuzzing

  • ACM Conference on Computer and Communications Security
  • 2017
VIEW 4 EXCERPTS
CITES METHODS & BACKGROUND
HIGHLY INFLUENCED

FILTER CITATIONS BY YEAR

2013
2019

CITATION STATISTICS

  • 11 Highly Influenced Citations

  • Averaged 25 Citations per year from 2017 through 2019

References

Publications referenced by this paper.
SHOWING 1-10 OF 41 REFERENCES

CUTE: a concolic unit testing engine for C

VIEW 4 EXCERPTS
HIGHLY INFLUENTIAL

Searching for a Needle in a Haystack: Predicting Security Vulnerabilities for Windows Vista

  • 2010 Third International Conference on Software Testing, Verification and Validation
  • 2010
VIEW 4 EXCERPTS
HIGHLY INFLUENTIAL

AND CADAR, C. make test-zesti: a symbolic execution solution for improving regression testing

P. D. MARINESCU
  • In Proc. of the 2012 International Conference on Software Engineering (June 2012),
  • 2012
VIEW 3 EXCERPTS