Detecting buffer overflow via automatic test input data generation

Grosso, C. Del; Antoniol, G.; Merlo, Ettore; Galinier, P.

doi:10.1016/j.cor.2007.01.013

Cited by 53 publications

(34 citation statements)

References 13 publications

Supporting

Mentioning

Contrasting

Order By: Relevance

“…Del Grosso et al [12] used SBST to exercise statements statically detected as vulnerable. By rewarding multiple execution of such vulnerable statements, the search is led towards filling buffers, likely finding buffer overflows.…”

Section: Sbst and Automated Oraclesmentioning

confidence: 99%

1600 faults in 100 projects: automatically finding faults while achieving high coverage with EvoSuite

Fraser

Arcuri

2013

Empir Software Eng

View full text Add to dashboard Cite

Automated unit test generation techniques traditionally follow one of two goals: Either they try to find violations of automated oracles (e.g., assertions, contracts, undeclared exceptions), or they aim to produce representative test suites (e.g., satisfying branch coverage) such that a developer can manually add test oracles. Search-based testing (SBST) has delivered promising results when it comes to achieving coverage, yet the use in conjunction with automated oracles has hardly been explored, and is generally hampered as SBST does not scale well when there are too many testing targets. In this paper we present a search-based approach to handle both objectives at the same time, implemented in the EVOSUITE tool. An empirical study applying EVOSUITE on 100 randomly selected open source software projects (the SF100 corpus) reveals that SBST has the unique advantage of being well suited to perform both traditional goals at the same time -efficiently triggering faults, while producing representative test sets for any chosen coverage criterion. In our study, EVOSUITE detected twice as many failures in terms of undeclared exceptions as a traditional random testing approach, witnessing thousands of real faults in the 100 open source projects. Two out of every five classes with undeclared exceptions have actual faults, but these are buried within many failures that are caused by implicit preconditions. This "noise" can be interpreted as either a call for further research in improving automated oracles -or to make tools like EVOSUITE an integral part of software development to enforce clean program interfaces.

show abstract

Section: Sbst and Automated Oraclesmentioning

confidence: 99%

1600 faults in 100 projects: automatically finding faults while achieving high coverage with EvoSuite

Fraser

Arcuri

2013

Empir Software Eng

View full text Add to dashboard Cite

show abstract

“…Parameters of the genetic algorithm have been set up according to what proposed in literature [8]. In particular an elitist approach has been adopted, with the 10% of the best individuals kept alive across generations.…”

Section: Methodsmentioning

confidence: 99%

“…This approach has been extended [19] to test object oriented code, by searching not only for input values, but also for a method invocation sequence. Del Grosso et al [8] applied genetic algorithms to identify tests to expose buffer overflows using a complex fitness function. Tests are searched with high statement coverage, that execute lots of vulnerable statements and deeply nested code, and that write data as near as possible to the buffer boundary.…”

Section: Related Workmentioning

confidence: 99%

Towards security testing with taint analysis and genetic algorithms

Avancini

Ceccato

2010

Proceedings of the 2010 ICSE Workshop on Software Engineering for Secure Systems

View full text Add to dashboard Cite

Cross site scripting is considered the major threat to the security of web applications. Removing vulnerabilities from existing web applications is a manual expensive task that would benefit from some level of automatic assistance. Static analysis represents a valuable support for security review, by suggesting candidate vulnerable points to be checked manually. However, potential benefits are quite limited when too many false positives, safe portions of code classified as vulnerable, are reported.In this paper, we present a preliminary investigation on the integration of static analysis with genetic algorithms. We show that this approach can suggest candidate false positives reported by static analysis and provide input vectors that expose actual vulnerabilities, to be used as test cases in security testing.

show abstract

“…Furthermore, static heuristic solutions may not by applicable in practice. It has been recognized that despite the considerable effort to statically and automatically tackle buffer overflow defects, in many cases concretely executing the program under test is the only way to address this problem [60], [115]. In our proposed approach, we use static analysis, particularly static runtime verification approaches such as DEPUTY [31] and CCURED [97], to pinpoint potential overflow vulnerabilities on buffer operations.…”

Section: Approachmentioning

confidence: 99%