research-article

Open access

SAGE: Whitebox Fuzzing for Security Testing: SAGE has had a remarkable impact at Microsoft.

Authors:

Patrice Godefroid,

Michael Y. Levin,

David MolnarAuthors Info & Claims

Queue, Volume 10, Issue 1

Pages 20 - 27

https://doi.org/10.1145/2090147.2094081

Published: 11 January 2012 Publication History

All formats PDF

Abstract

Most ACM Queue readers might think of "program verification research" as mostly theoretical with little impact on the world at large. Think again. If you are reading these lines on a PC running some form of Windows (like 93-plus percent of PC users--that is, more than a billion people), then you have been affected by this line of work--without knowing it, which is precisely the way we want it to be.

References

[1]

Bhansali, S., Chen, W., De Jong, S., Edwards, A., Drinic, M. 2006. Framework for instruction-leveltracing and analysis of programs. In Second International Conference on Virtual ExecutionEnvironments.

Digital Library

Google Scholar

[2]

de Moura, L., Bjorner, N. 2008. Z3: an efficient SMT solver. In Proceedings of TACAS (Tools andAlgorithms for the Construction and Analysis of Systems), volume 4963 of Lecture Notes in ComputerScience: 337-340. Springer-Verlag.

Digital Library

Google Scholar

[3]

Forrester, J. E., Miller, B. P. 2000. An empirical study of the robustness of Windows NT applicationsusing random testing. In Proceedings of the 4th Usenix Windows System Symposium, Seattle (August).

Digital Library

Google Scholar

[4]

Godefroid, P., Klarlund, N., Sen, K. 2005. DART: Directed Automated Random Testing. InProceedings of PLDI (Programming Language Design and Implementation): 213-223.

Digital Library

Google Scholar

[5]

Godefroid, P., Levin, M. Y., Molnar, D. 2008. Automated whitebox fuzz testing. In Proceedings ofNDSS (Network and Distributed Systems Security): 151-166.

Google Scholar

[6]

Howard, M. 2007. Lessons learned from the animated cursor security bug; http://blogs.msdn.com/sdl/archive/2007/04/26/lessons-learned-fromthe-animated-cursor-security-bug.aspx.

Google Scholar

[7]

Howard, M., Lipner, S. 2006. The Security Development Lifecycle. Microsoft Press.

Digital Library

Google Scholar

[8]

Narayanasamy, S.,Wang, Z., Tigani, J., Edwards, A., Calder, B. 2007. Automatically classifyingbenign and harmful data races using replay analysis. In Programming Languages Design andImplementation (PLDI).

Digital Library

Google Scholar

[9]

Sotirov, A. 2007. Windows animated cursor stack overflow vulnerability; http://www.determina.com/security.research/vulnerabilities/ani-header.html.

Google Scholar

Cited By

View all

Lee ELeeroy GLeeroy W(2024)Impact of Blockchain on Improving Taxpayers’ Compliance: Empirical Evidence from Panel Data Model and Agent-Based SimulationJournal of Emerging Technologies in Accounting10.2308/JETA-2022-04621:1(89-109)Online publication date: 14-Mar-2024
https://doi.org/10.2308/JETA-2022-046
Botacin M(2024)Fuzzing and Symbolic Execution for Multipath Malware Tracing: Bridging Theory and Practice via Survey and ExperimentsDigital Threats: Research and Practice10.1145/37001475:4(1-33)Online publication date: 11-Oct-2024
https://dl.acm.org/doi/10.1145/3700147
Alshmrany KAldughaim MBhayat ACordeiro L(2024)FuSeBMC v4: Improving Code Coverage with Smart Seeds via BMC, Fuzzing and Static AnalysisFormal Aspects of Computing10.1145/366533736:2(1-25)Online publication date: 20-May-2024
https://dl.acm.org/doi/10.1145/3665337
Show More Cited By

Index Terms

SAGE: Whitebox Fuzzing for Security Testing: SAGE has had a remarkable impact at Microsoft.

Recommendations

Grammar-based whitebox fuzzing
PLDI '08: Proceedings of the 29th ACM SIGPLAN Conference on Programming Language Design and Implementation

Whitebox fuzzing is a form of automatic dynamic test generation, based on symbolic execution and constraint solving, designed for security testing of large applications. Unfortunately, the current effectiveness of whitebox fuzzing is limited when ...
Grammar-based whitebox fuzzing
PLDI '08

Whitebox fuzzing is a form of automatic dynamic test generation, based on symbolic execution and constraint solving, designed for security testing of large applications. Unfortunately, the current effectiveness of whitebox fuzzing is limited when ...
KLUZZER: Whitebox Fuzzing on Top of LLVM
Automated Technology for Verification and Analysis
Abstract
Whitebox fuzzing (a.k.a. concolic testing) has been shown to be an effective bug finding technique on its own as well as in combination with coverage-guided greybox fuzzing. However, there is currently a lack of whitebox fuzzers operating above ...

Comments

Information & Contributors

Information

Published In

Queue Volume 10, Issue 1

Networks

January 2012

24 pages

ISSN:1542-7730

EISSN:1542-7749

DOI:10.1145/2090147

Issue’s Table of Contents

Permission to make digital or hard copies of all or part of this work for personal or classroom use is granted without fee provided that copies are not made or distributed for profit or commercial advantage and that copies bear this notice and the full citation on the first page. Copyrights for components of this work owned by others than ACM must be honored. Abstracting with credit is permitted. To copy otherwise, or republish, to post on servers or to redistribute to lists, requires prior specific permission and/or a fee. Request permissions from [email protected]

Publisher

Association for Computing Machinery

New York, NY, United States

Publication History

Published: 11 January 2012

Published in QUEUE Volume 10, Issue 1

Permissions

Request permissions for this article.

Request Permissions

Check for updates

Qualifiers

Research-article
Popular
Editor picked

Contributors

Other Metrics

View Article Metrics

Bibliometrics & Citations

Bibliometrics

Article Metrics

260
Total Citations
View Citations
50,605
Total Downloads

Downloads (Last 12 months)4,932
Downloads (Last 6 weeks)491

Reflects downloads up to 04 Jan 2025

Other Metrics

View Author Metrics

Citations

Cited By

View all

Lee ELeeroy GLeeroy W(2024)Impact of Blockchain on Improving Taxpayers’ Compliance: Empirical Evidence from Panel Data Model and Agent-Based SimulationJournal of Emerging Technologies in Accounting10.2308/JETA-2022-04621:1(89-109)Online publication date: 14-Mar-2024
https://doi.org/10.2308/JETA-2022-046
Botacin M(2024)Fuzzing and Symbolic Execution for Multipath Malware Tracing: Bridging Theory and Practice via Survey and ExperimentsDigital Threats: Research and Practice10.1145/37001475:4(1-33)Online publication date: 11-Oct-2024
https://dl.acm.org/doi/10.1145/3700147
Alshmrany KAldughaim MBhayat ACordeiro L(2024)FuSeBMC v4: Improving Code Coverage with Smart Seeds via BMC, Fuzzing and Static AnalysisFormal Aspects of Computing10.1145/366533736:2(1-25)Online publication date: 20-May-2024
https://dl.acm.org/doi/10.1145/3665337
Rumpe BStachon MStüber SVoufo VCombemale BWimmer MChechik MEgyed A(2024)Semantic Difference Analysis with Invariant Tracing for Class Diagrams Extended by OCLProceedings of the ACM/IEEE 27th International Conference on Model Driven Engineering Languages and Systems10.1145/3652620.3687818(1066-1075)Online publication date: 22-Sep-2024
https://dl.acm.org/doi/10.1145/3652620.3687818
Gruner BRoychoudhury APaiva AAbreu RStorey M(2024)Accurate Architectural Threat Elicitation From Source Code Through Hybrid Information Flow AnalysisProceedings of the 2024 IEEE/ACM 46th International Conference on Software Engineering: Companion Proceedings10.1145/3639478.3639795(139-141)Online publication date: 14-Apr-2024
https://dl.acm.org/doi/10.1145/3639478.3639795
Guo YZhu SCai YHe LZhang JRoychoudhury APaiva AAbreu RStorey M(2024)Reorder Pointer Flow in Sound Concurrency Bug PredictionProceedings of the IEEE/ACM 46th International Conference on Software Engineering10.1145/3597503.3623300(1-13)Online publication date: 20-May-2024
https://dl.acm.org/doi/10.1145/3597503.3623300
Barakat RWeiß PVon Blanckenburg JKraus RSchneider M(2024)Enhancing Software Security Analysis: Targeted Test Case Generation through Constraint Solving in Interactive Application Security Testing2024 IEEE 24th International Conference on Software Quality, Reliability, and Security Companion (QRS-C)10.1109/QRS-C63300.2024.00018(57-63)Online publication date: 1-Jul-2024
https://doi.org/10.1109/QRS-C63300.2024.00018
Chawla V(2024)Enhancing Security and Performance in PyTorch: A Hybrid Fuzzing Approach2024 International Symposium on Parallel Computing and Distributed Systems (PCDS)10.1109/PCDS61776.2024.10743720(1-8)Online publication date: 21-Sep-2024
https://doi.org/10.1109/PCDS61776.2024.10743720
Zhang AZhang YXu YWang CLi S(2024)Machine Learning-Based Fuzz Testing Techniques: A SurveyIEEE Access10.1109/ACCESS.2023.334765212(14437-14454)Online publication date: 2024
https://doi.org/10.1109/ACCESS.2023.3347652
Meisel FSpang CVolz DKoch A(2024)TaPaFuzz: Hardware-accelerated RISC-V bare-metal firmware fuzzing using rapid job launchesJournal of Systems Architecture10.1016/j.sysarc.2024.103288156(103288)Online publication date: Nov-2024
https://doi.org/10.1016/j.sysarc.2024.103288
Show More Cited By

View Options

View options

PDF

View or Download as a PDF file.

PDF

eReader

View online with eReader.

eReader

Magazine Site

View this article on the magazine site (external)

Magazine Site

Login options

Check if you have access through your login credentials or your institution to get full access on this article.

Abstract

References

Cited By

Index Terms

Recommendations

Grammar-based whitebox fuzzing

Grammar-based whitebox fuzzing

KLUZZER: Whitebox Fuzzing on Top of LLVM

Comments

Information

Published In

Publisher

Publication History

Permissions

Check for updates

Qualifiers

Contributors

Other Metrics

Bibliometrics

Article Metrics

Other Metrics

Citations

Cited By

View options

PDF

eReader

Magazine Site

Login options

Full Access

Figures

Other

Share

Share this Publication link

Share on social media

Affiliations