Software Engineering Institute | Carnegie Mellon University
Software Engineering Institute | Carnegie Mellon University

Digital Library

Javascript is currently disabled for your browser. For an optimal search experience, please enable javascript.

Advanced Search

Basic Search

Content Type

Topics

Publication Date

Technical Note

Well There’s Your Problem: Isolating the Crash-Inducing Bits in a Fuzzed File

  • October 2012
  • By Allen D. Householder
  • In this 2012 report, Allen Householder describes an algorithm for reverting bits from a fuzzed file to those found in the original seed file to recreate the crash.
  • Vulnerability Analysis
  • Publisher: Software Engineering Institute
    CMU/SEI Report Number: CMU/SEI-2012-TN-018
  • Abstract

    Mutational input testing (fuzzing, and in particular dumb fuzzing) is an effective technique for discovering vulnerabilities in software. However, many of the bitwise changes in fuzzed input files are not relevant to the actual software crashes found. This report describes an algorithm that efficiently reverts bits from the fuzzed file to those found in the original seed file, keeping only the minimal bits required to recreate the crash under investigation. This technique reduces the complexity of analyzing a crashing test case by eliminating the changes to the seed file that are not essential to the crash being evaluated.

  • Download

Cite This Report

SEI

Householder, Allen. Well There’s Your Problem: Isolating the Crash-Inducing Bits in a Fuzzed File. CMU/SEI-2012-TN-018. Software Engineering Institute, Carnegie Mellon University. 2012. http://resources.sei.cmu.edu/library/asset-view.cfm?AssetID=28043

IEEE

Householder. Allen, "Well There’s Your Problem: Isolating the Crash-Inducing Bits in a Fuzzed File," Software Engineering Institute, Carnegie Mellon University, Pittsburgh, Pennsylvania, Technical Note CMU/SEI-2012-TN-018, 2012. http://resources.sei.cmu.edu/library/asset-view.cfm?AssetID=28043

APA

Householder, Allen. (2012). Well There’s Your Problem: Isolating the Crash-Inducing Bits in a Fuzzed File (CMU/SEI-2012-TN-018). Retrieved November 19, 2017, from the Software Engineering Institute, Carnegie Mellon University website: http://resources.sei.cmu.edu/library/asset-view.cfm?AssetID=28043

CHI

Allen Householder. Well There’s Your Problem: Isolating the Crash-Inducing Bits in a Fuzzed File (CMU/SEI-2012-TN-018). Pittsburgh, PA: Software Engineering Institute, Carnegie Mellon University, 2012. http://resources.sei.cmu.edu/library/asset-view.cfm?AssetID=28043

MLA

Householder, Allen. 2012. Well There’s Your Problem: Isolating the Crash-Inducing Bits in a Fuzzed File (Technical Report CMU/SEI-2012-TN-018). Pittsburgh: Software Engineering Institute, Carnegie Mellon University. http://resources.sei.cmu.edu/library/asset-view.cfm?AssetID=28043

BibTex

@techreport{HouseholderWellThere’s2012,
title={Well There’s Your Problem: Isolating the Crash-Inducing Bits in a Fuzzed File},
author={Allen Householder},
year={2012},
number={CMU/SEI-2012-TN-018},
institution={Software Engineering Institute, Carnegie Mellon University},
address={Pittsburgh, PA},
url={http://resources.sei.cmu.edu/library/asset-view.cfm?AssetID=28043} }