TaintScope: A Checksum-Aware Directed Fuzzing Tool for Automatic Software Vulnerability Detection

  title={TaintScope: A Checksum-Aware Directed Fuzzing Tool for Automatic Software Vulnerability Detection},
  author={Tielei Wang and Tao Wei and G. Gu and W. Zou},
  journal={2010 IEEE Symposium on Security and Privacy},
  • Tielei Wang, Tao Wei, +1 author W. Zou
  • Published 2010
  • Computer Science
  • 2010 IEEE Symposium on Security and Privacy
  • Fuzz testing has proven successful in finding security vulnerabilities in large programs. However, traditional fuzz testing tools have a well-known common drawback: they are ineffective if most generated malformed inputs are rejected in the early stage of program running, especially when target programs employ checksum mechanisms to verify the integrity of inputs. In this paper, we present TaintScope, an automatic fuzzing system using dynamic taint analysis and symbolic execution techniques, to… CONTINUE READING
    273 Citations
    CAFA: A Checksum-Aware Fuzzing Assistant Tool for Coverage Improvement
    • 2
    • Highly Influenced
    • PDF
    T-Fuzz: Fuzzing by Program Transformation
    • 129
    • PDF
    WhirlingFuzzwork: a taint-analysis-based API in-memory fuzzing framework
    • 3
    CRAXfuzz: Target-Aware Symbolic Fuzz Testing
    • 1
    Statically-Directed Dynamic Taint Analysis ∗
    • 1
    RankFuzz: Fuzz Testing Based on Comprehensive Evaluation
    • Cheng Li, Qiang Wei, Q. Wang
    • Computer Science
    • 2012 Fourth International Conference on Multimedia Information Networking and Security
    • 2012
    • 1
    Effective Fuzzing Based on Dynamic Taint Analysis
    • 9
    adapting software testing techniques to enhance software security
    • PDF
    Impeding Fuzzing Audits of Binary Executables
    • PDF
    AntiFuzz: Impeding Fuzzing Audits of Binary Executables
    • 6
    • PDF


    Automated Whitebox Fuzz Testing
    • 1,083
    • PDF
    Impeding Malware Analysis Using Conditional Code Obfuscation
    • 227
    • PDF
    Dytan: a generic dynamic taint analysis framework
    • 465
    • PDF
    Taint-based directed whitebox fuzzing
    • 279
    • PDF
    Grammar-based whitebox fuzzing
    • 401
    • PDF
    Static Detection of Vulnerabilities in x86 Executables
    • 70
    • PDF
    Exploring Multiple Execution Paths for Malware Analysis
    • 537
    • PDF