SAGE: Whitebox fuzzing for security testing

Communications of the ACM

Volumn 55, Issue 3, 2012, Pages 40-44

  Godefroid, Patrice ^a   Levin, Michael Y ^b   Molnar, David ^a  

^a MICROSOFT RESEARCH   (United States)

^b Windows Azure Engineering Infrastructure Team   (United States)

Author keywords

[No Author keywords available]

Indexed keywords

MICROSOFT; REMARKABLE IMPACT; SECURITY TESTING;

COMPUTER APPLICATIONS;

COMPUTER SCIENCE;

EID: 84857600799     PISSN: 00010782     EISSN: 15577317     Source Type: Journal    
DOI: 10.1145/2093548.2093564     Document Type: Article

References (9)

1. Bhansali, S., Chen, W., De Jong, S., Edwards, A. and Drinic, M. Framework for instruction-level tracing and analysis of programs. In Proceedings of the 2nd International Conference on Virtual Execution Environments (2006).
2. de Moura, L. and Bjorner, N. Z3: an efficient sMT solver. In Proceedings of Tools and Algorithms for the Construction and Analysis of Systems; Lecture Notes in Computer Science. Springer-Verlag, 2008, 337-340.
3. Forrester, J.E. and Miller, B.P. An empirical study of the robustness of Windows NT applications using random testing. In Proceedings of the 4th Usenix Windows System Symposium (Seattle, WA, Aug. 2000).
4. Godefroid, P., Klarlund, N. and Sen, K. DART: Directed Automated Random Testing. In Proceedings of Programming Language Design and Implementation (2005), 213-223.
5. Godefroid, P., Levin, M. Y. and Molnar, D. Automated whitebox fuzz testing. In Proceedings of Network and Distributed Systems Security, (2008), 151-166.
6. Howard, M. Lessons learned from the animated cursor security bug; http://blogs.msdn.com/sdl/archive/2007/04/26/lessons-learned-fromthe- animated-cursor-security-bug.aspx.
7. Howard, M. and Lipner, S. The Security Development Lifecycle. Microsoft Press, 2006.
8. Narayanasamy, S., Wang, Z., Tigani, J., Edwards, A. and Calder, B. Automatically classifying benign and harmful data races using replay analysis. In Programming Languages Design and Implementation (2007).
9. Sotirov, A. Windows animated cursor stack overflow vulnerability, 2007; http://www.determina.com/security.research/vulnerabilities/ani-header.html.