Please use this identifier to cite or link to this item:
Title: Script fuzzing with an attacker’s mind-set
Authors: Galea, John
Vella, Mark Joseph
Keywords: Computer networks -- Security measures
Computer crimes
Computer networks
Issue Date: 2015
Publisher: Springer
Citation: Galea, J, & Vella, M. (2015, August). Script fuzzing with an attacker’s mind-set. Trust and Trustworthy Computing: 8th International Conference (TRUST), Greece. 317–318.
Abstract: Attackers primarily target memory corruption vulnerabilities inside script engine-hosting application, e.g. web browsers or most PDF viewers. Such applications are widely popular, and the discovery of vulnerabilities made by attackers ahead of security researchers diminishes the trustworthiness of their deployment. Typically, fuzzers are employed to generate unexpected inputs, with the aim of crashing applications and exposing errors. State-of-the-art fuzzers produce random byte sequences that comply with file/protocol formats. In the case of script fuzzers, random inputs need to constitute strings that are parse-able statements with respect to the scripting language used [1]. However, focusing solely on syntax-based randomness does not reflect the attacker’s mind-set, as generated inputs are not optimized for narrowing in on vulnerabilities. A demand exists for smarter fuzzers in order to accelerate the process of finding exploitable errors.
Appears in Collections:Scholarly Works - FacICTCS

Files in This Item:
File Description SizeFormat 
  Restricted Access
102.96 kBAdobe PDFView/Open Request a copy

Items in OAR@UM are protected by copyright, with all rights reserved, unless otherwise indicated.