The IRMA Community
Newsletters
Research IRM
Click a keyword to search titles using our InfoSci-OnDemand powered search:
|
CONFU: Configuration Fuzzing Testing Framework for Software Vulnerability Detection
Abstract
Many software security vulnerabilities only reveal themselves under certain conditions, that is, particular configurations and inputs together with a certain runtime environment. One approach to detecting these vulnerabilities is fuzz testing. However, typical fuzz testing makes no guarantees regarding the syntactic and semantic validity of the input, or of how much of the input space will be explored. To address these problems, the authors present a new testing methodology called Configuration Fuzzing. Configuration Fuzzing is a technique whereby the configuration of the running application is mutated at certain execution points to check for vulnerabilities that only arise in certain conditions. As the application runs in the deployment environment, this testing technique continuously fuzzes the configuration and checks “security invariants’’ that, if violated, indicate vulnerability. This paper discusses the approach and introduces a prototype framework called ConFu (CONfiguration FUzzing testing framework) for implementation. Additionally, the results of case studies that demonstrate the approach’s feasibility are presented along with performance evaluations.
Related Content
|
Babita Srivastava.
© 2024.
21 pages.
|
|
Sakuntala Rao, Shalini Chandra, Dhrupad Mathur.
© 2024.
27 pages.
|
|
Satya Sekhar Venkata Gudimetla, Naveen Tirumalaraju.
© 2024.
24 pages.
|
|
Neeta Baporikar.
© 2024.
23 pages.
|
|
Shankar Subramanian Subramanian, Amritha Subhayan Krishnan, Arumugam Seetharaman.
© 2024.
35 pages.
|
|
Charu Banga, Farhan Ujager.
© 2024.
24 pages.
|
|
Munir Ahmad.
© 2024.
27 pages.
|
|
|