Dowser: a guided fuzzer for finding buffer overflow vulnerabilities

• Autores: Istvan Haller, Asia Slowinska, Matthias Neugschwandtner, Herbert Bos
• Localización: ;login:: the magazine of USENIX & SAGE, ISSN 1044-6397, Vol. 38, Nº. 6, 2013 (Ejemplar dedicado a: Security), págs. 16-19
• Idioma: inglés
• Texto completo no disponible (Saber más ...)
• Resumen

  • Buffer overflows have long plagued existing software systems, making them vulnerable to attackers. Our tool, Dowser, aims to tackle this issue using efficient and scalable software testing. Dowser builds on a new software testing paradigm, which we call dowsing, that focuses the testing effort around relevant application components. This paradigm proved successful in practice, as Dowser found real bugs in complex applications such as the nginx Web server and the ffmpeg multimedia framework.