scholarly journals Recycling Test Cases to Detect Security Vulnerabilities

2012 ◽  
Author(s):  
Joao Antunes ◽  
Nuno Neves
Keyword(s):  
Test Cases ◽  
Security Vulnerabilities

scholarly journals ESRFuzzer: an enhanced fuzzing framework for physical SOHO router devices to discover multi-Type vulnerabilities

Cybersecurity ◽  
2021 ◽  
Vol 4 (1) ◽  
Author(s):  
Yu Zhang ◽  
Wei Huo ◽  
Kunpeng Jian ◽  
Ji Shi ◽  
Longquan Liu ◽  
...  
Keyword(s):  
Web Server ◽  
Test Cases ◽  
Communication Model ◽  
Home Office ◽  
Security Vulnerabilities ◽  
Testing Environment ◽  
Semantic Models ◽  
Recovery Mechanisms ◽  
General Mode ◽  
Soho Router

AbstractSOHO (small office/home office) routers provide services for end devices to connect to the Internet, playing an important role in cyberspace. Unfortunately, security vulnerabilities pervasively exist in these routers, especially in the web server modules, greatly endangering end users. To discover these vulnerabilities, fuzzing web server modules of SOHO routers is the most popular solution. However, its effectiveness is limited due to the lack of input specification, lack of routers’ internal running states, and lack of testing environment recovery mechanisms. Moreover, existing works for device fuzzing are more likely to detect memory corruption vulnerabilities.In this paper, we propose a solution ESRFuzzer to address these issues. It is a fully automated fuzzing framework for testing physical SOHO devices. It continuously and effectively generates test cases by leveraging two input semantic models, i.e., KEY-VALUE data model and CONF-READ communication model, and automatically recovers the testing environment with power management. It also coordinates diversified mutation rules with multiple monitoring mechanisms to trigger multi-type vulnerabilities. With the guidance of the two semantic models, ESRFuzzer can work in two ways: general mode fuzzing and D-CONF mode fuzzing. General mode fuzzing can discover both issues which occur in the CONF and READ operation, while D-CONF mode fuzzing focus on the READ-op issues especially missed by general mode fuzzing.We ran ESRFuzzer on 10 popular routers across five vendors. In total, it discovered 136 unique issues, 120 of which have been confirmed as 0-day vulnerabilities we found. As an improvement of SRFuzzer, ESRFuzzer have discovered 35 previous undiscovered READ-op issues that belong to three vulnerability types, and 23 of them have been confirmed as 0-day vulnerabilities by vendors. The experimental results show that ESRFuzzer outperforms state-of-the-art solutions in terms of types and number of vulnerabilities found.

scholarly journals FuSeBMC: A White-Box Fuzzer for Finding Security Vulnerabilities in C Programs (Competition Contribution)

2021 ◽  
pp. 363-367 ◽  
Author(s):  
Kaled M. Alshmrany ◽  
Rafael S. Menezes ◽  
Mikhail R. Gadelha ◽  
Lucas C. Cordeiro
Keyword(s):  
Model Checking ◽  
Symbolic Execution ◽  
Bounded Model Checking ◽  
Test Cases ◽  
Security Vulnerabilities ◽  
C Programs ◽  
Code Coverage

AbstractWe describe and evaluate a novel white-box fuzzer for C programs named , which combines fuzzing and symbolic execution, and applies Bounded Model Checking (BMC) to find security vulnerabilities in C programs. explores and analyzes C programs (1) to find execution paths that lead to property violations and (2) to incrementally inject labels to guide the fuzzer and the BMC engine to produce test-cases for code coverage. successfully participates in Test-Comp’21 and achieves first place in the category and second place in the category.

A Database of Existing Vulnerabilities to Enable Controlled Testing Studies

2017 ◽  
Vol 8 (3) ◽  
pp. 1-23
Author(s):  
Sofia Rei ◽  
Rui Abreu
Keyword(s):  
Distributed Systems ◽  
Software Testing ◽  
Test Cases ◽  
Security Attacks ◽  
Security Vulnerabilities ◽  
The Real ◽  
Testing Techniques ◽  
Real Test

From holding worldwide companies' information hostage to keeping several distributed systems down for hours, the last years were marked by several security attacks which are the result of complex software and its fast production. There are already tools which can be used to help companies detect vulnerabilities responsible for such attacks. However, their reliability is still not the best and well discriminated. In software testing, researchers tend to use hand-seeded test cases or mutations due to the challenges involved in the extraction or reproduction of real test cases which might not be suitable for testing techniques, since both approaches can create samples that inadvertently differ from the real vulnerabilities and thus might lead to misleading assessments of the tools' capabilities. The lack of databases of real security vulnerabilities is an issue since it hampers the tools' evaluation and categorization. To study these tools, the researchers created a database of 682 real test cases which is the outcome of mining 248 repositories for 16 different vulnerability patterns.

Linear Visco-Resistive Computations of Magnetohydrodynamic Waves: I. The Code and Test Cases

1994 ◽  
Vol 144 ◽  
pp. 503-505
Author(s):  
R. Erdélyi ◽  
M. Goossens ◽  
S. Poedts
Keyword(s):  
Resonant Absorption ◽  
Numerical Code ◽  
Mhd Waves ◽  
Test Cases ◽  
Numerical Accuracy ◽  
Element Discretization ◽  
Flux Tubes ◽  
Magnetohydrodynamic Waves ◽  
Viscosity Coefficients ◽  
Magnetic Flux Tubes

AbstractThe stationary state of resonant absorption of linear, MHD waves in cylindrical magnetic flux tubes is studied in viscous, compressible MHD with a numerical code using finite element discretization. The full viscosity tensor with the five viscosity coefficients as given by Braginskii is included in the analysis. Our computations reproduce the absorption rates obtained by Lou in scalar viscous MHD and Goossens and Poedts in resistive MHD, which guarantee the numerical accuracy of the tensorial viscous MHD code.

Application of Backside Photo and Thermal Emission Microscopy Techniques to Advanced Memory Devices

1997 ◽  
Author(s):  
S.-S. Lee ◽  
J.-S. Seo ◽  
N.-S. Cho ◽  
S. Daniel
Keyword(s):  
Thermal Emission ◽  
Test Cases ◽  
Memory Devices ◽  
Front Side ◽  
Emission Analysis ◽  
Intensity Attenuation ◽  
Analysis Techniques ◽  
Defect Sites ◽  
Emission Microscopy ◽  
Microscopy Techniques

Abstract Both photo- and thermal emission analysis techniques are used from the backside of the die colocate defect sites. The technique is important in that process and package technologies have made front-side analysis difficult or impossible. Several test cases are documented. Intensity attenuation through the bulk of the silicon does not compromise the usefulness of the technique in most cases.

The Plot Twist in TV Serial Narratives

Projections ◽  
2020 ◽  
Vol 14 (1) ◽  
pp. 58-74
Author(s):  
Héctor J. Pérez
Keyword(s):  
Test Cases ◽  
Narrative Tradition ◽  
Unexplored Area ◽  
The Aesthetic ◽  
Viewing Experience ◽  
Game Of Thrones

AbstractThis article explores the use of the plot twist in screen fictions. This is a largely unexplored area, as interest in this phenomenon has largely focused on the so-called “plot twist movie,” which is an older narrative tradition. In order to explain this aesthetic phenomenon, it draws on the model of surprise originally proposed by the cognitive psychologists Wulf Meyer, Rainer Reisenzein, and Achim Schützwohl. Plot twists are characterized by three distinct but intimately intertwined temporal segments and their corresponding functions, which are explained by this model. The objective of this article is to explore how cognitive-emotional interactions shape the aesthetic viewing experience and to identify how that experience relates to shows’ artistic qualities. Game of Thrones (S01 and S03), Homeland (S01), and Westworld (S01) will be used as test cases. In each of the three plot segments, there are specific processes that distinguish the experience of surprise as an aesthetic phenomenon.

Sign in / Sign up

Export Citation Format

Share Document