Automatically identifying critical input regions and code in applications

ISSTA'10 - Proceedings of the 2010 International Symposium on Software Testing and Analysis

Volumn , Issue , 2010, Pages 37-47

  Carbin, Michael ^a   Rinard, Martin C ^a  

^a USA   (United States)

Author keywords

Critical code; Critical input; Forgiving code; Forgiving input

Indexed keywords

COMPLEX INPUTS; CRITICAL CODES; CRITICAL INPUTS; CRITICAL REGION; DYNAMIC EXECUTION; EXPERIMENTAL EVALUATION; FORGIVING CODE; FORGIVING INPUT; INPUT FIELD;

SOFTWARE ENGINEERING; SOFTWARE TESTING;

COMPUTER SOFTWARE SELECTION AND EVALUATION;

EID: 77955883088     PISSN: None     EISSN: None     Source Type: Conference Proceeding    
DOI: 10.1145/1831708.1831713     Document Type: Conference Paper

References (28)

1. Dave Aitel. The advantages of block-based protocol analysis for security testing. Technical report, Immunity, Inc., 2002.
2. Juan Caballero, Heng Yin, Zhenkai Liang, and Dawn Xiaodong Song. Polyglot: automatic extraction of protocol message format using dynamic binary analysis. In CCS, pages 317-329, 2007.
3. Jim Chow, Ben Pfaff, Tal Garfinkel, and Mendel Rosenblum. Shredding your garbage: reducing data lifetime through secure deallocation. In Security, pages 22-22, 2005.
4. James Clause, Wanchun Li, and Ro Orso. Dytan: A generic dynamic taint analysis framework. In ISSTA, pages 196-206, 2007.
5. James A. Clause and Alessandro Orso. Penumbra: automatically identifying failure-relevant inputs using dynamic tainting. In ISSTA, pages 249-260, 2009.
6. Paolo Milani Comparetti, Gilbert Wondracek, Christopher Krügel, and Engin Kirda. Prospex: Protocol specification extraction. In IEEE Symposiivm on Security and Privacy, pages 110-125, 2009.
7. Weidong Cui, Marcus Peinado, Karl Chen, Helen J. Wang, and Luis Irún-Briz. Tupni: automatic reverse engineering of input formats. In CCS, 2008.
8. Will Drewry and Tavis Ormandy. Flayer: exposing application internals. In WOOT, pages 1-9, 2007.
9. Vijay Ganesh, Tim Leek, and Martin Rinard. Taint-based directed whitebox fuzzing. In ICSE, 2009.
10. Henry Hoffmann, Sasa Misailovic, Stelios Sidiroglou Anant Agarwal, and Martin Rinard. Using Code Perforation to Improve Performance, Reduce Energy Consumption, and Respond to Failures. Technical Report MIT-CSAIL-TR-2009-042, MIT, September 2009.
11. Chris Lattner and Vikram S. Adve. LLVM: A compilation framework for lifelong program analysis & transformation. In CGO, pages 75-88, 2004.
12. Zhiqiang Lin, Xuxian Jiang, Dongyan Xu, and Xiangyu Zhang. Automatic protocol format reverse engineering through context-aware monitored execution. In NDSS, 2008.
13. Barton P. Miller, Louis Fredriksen, and Bryan So. An empirical study of the reliability of unix utilities. CACM, 33(12):32-44, 1990.
14. Sasa Misailovic, Deokhwan Kim, and Martin Rinard. Automatic Parallelization with Automatic Accuracy Bounds. Technical Report MIT-CSAIL-TR-2010-007, 2010.
15. Sasa Misailovic, Stelios Sidiroglou, Henry Hoffman, and Martin C. Rinard. Quality of service profiling. In ICSE, 2010.
16. James Newsome and Dawn Song. Dynamic Taint Analysis for Automatic Detection, Analysis, and Signature Generation of Exploits on Commodity Software. In NDSS, 2005.
17. Huu Hai Nguyen and Martin C. Rinard. Detecting and eliminating memory leaks using cyclic memory allocation. In ISMM, pages 15-30, 2007.
18. Carlos Pacheco, Shuvendu K. Lahiri, Michael D. Ernst, and Thomas Ball. Feedback-directed random test generation. In ICSE, pages 75-84, 2007.
19. Karthik Pattabiraman, Vinod Grover, and Benjamin G. Zorn. Samurai: protecting critical data in unsafe languages. In EuroSys, pages 219-232, 2008.
20. Jeff H. Perkins, Sunghun Kim, Samuel Larsen, Saman P. Amarasinghe, Jonathan Bachrach, Michael Carbin, Carlos Pacheco, Frank Sherwood, Stelios Sidiroglou, Greg Sullivan, Weng-Fai Wong, Yoav Zibin, Michael D. Ernst, and Martin C. Rinard. Automatically patching errors in deployed software. In SOSP, pages 87-102, 2009.
21. Feng Qin, Cheng Wang, Zhenmin Li, Ho-Seop Kim, Yuanyuan Zhou, and Youfeng Wu. Lift: A low-overhead practical information flow tracking system for detecting security attacks. In MICRO, pages 135-148, 2006.
22. Martin C. Rinard. Probabilistic accuracy bounds for fault-tolerant computations that discard tasks. In ICS, pages 324-334, 2006.
23. Martin C. Rinard. Living in the comfort zone. In OOPSLA, pages 611-622, 2007.
24. Martin C. Rinard. Using early phase termination to eliminate load imbalances at barrier synchronization points. In OOPSLA, pages 369-386, 2007.
25. Martin C. Rinard, Cristian Cadar, Daniel Dumitran, Daniel M. Roy, Tudor Leu, and William S. Beebee. Enhancing server availability and security through failure-oblivious computing. In OSDI, pages 303-316, 2004.
26. Martin C. Rinard, Cristian Cadar, and Huu Hai Nguyen. Exploring the acceptability envelope. In OOPSLA Companion, pages 21-30, 2005.
27. G. Edward Suh, Jae W. Lee, David Zhang, and Srinivas Devadas. Secure program execution via dynamic information flow tracking. In ASPLOS, pages 85-96, 2004.
28. Pang-Ning Tan, Michael Steinbach, and Vipin Kumar. Introduction to Data Mining. Addison Wesley, 2005.