Systematic bug finding and fault localization enhanced with input data tracking

Fault localization (FL) is the process of debugging erroneous code and directing analysts to the root cause of the bug. With this in mind, we have developed a distributed, end-to-end fuzzing and analysis system that starts with a binary, identifies bugs, and subsequently localizes the bug's roo...

Full description

Saved in:
Bibliographic Details
Published inComputers & security Vol. 32; pp. 130 - 157
Main Authors DeMott, Jared D., Enbody, Richard J., Punch, William F.
Format Journal Article
LanguageEnglish
Published Amsterdam Elsevier Ltd 01.02.2013
Elsevier
Elsevier Sequoia S.A
Subjects
Algorithms
Applied sciences
Computer information security
Computer programs
Computer science; control theory; systems
Computer systems performance. Reliability
Cybersecurity
Debugging
Distributed fuzzing
Error correction & detection
Exact sciences and technology
Fault localization
Faults
Information flow controls
Localization
Memory and file management (including protection and security)
Memory organisation. Data processing
Position (location)
Roots
Software
Software security
Studies
Testing and debugging
Tracking
Fault localization
Testing and debugging
Distributed fuzzing
Information flow controls
Software security
Code generation
Tracking
Debugging
Information control
Information browsing
Program verification
Data flow processing
Data integrity
Storage management
Defect localization
Program proof
Program test
System analysis
Computer security
Online AccessGet full text
ISSN0167-4048
1872-6208
DOI10.1016/j.cose.2012.09.015

Cover

More Information
Summary:Fault localization (FL) is the process of debugging erroneous code and directing analysts to the root cause of the bug. With this in mind, we have developed a distributed, end-to-end fuzzing and analysis system that starts with a binary, identifies bugs, and subsequently localizes the bug's root cause. Our system does not require the test subject's source code, nor do we require a test suite. Our work focuses on an important class of bugs, memory corruption errors, which usually have software security implications. Thus, our approach appeals to software attack researchers as well. In addition to our bug hunting and analysis framework, we have enhanced code-coverage based fault localization by incorporating input data tainting and tracking using a light-weight binary instrumentation technique. By capturing code coverage and select input data usage, our new FL algorithm is able to better localize faults, and therefore better assist analysts. We report the application of our approach on large, real-world applications (Firefox and VLC), as well as the classic Siemens benchmark and other test programs.
Bibliography:SourceType-Scholarly Journals-1
ObjectType-Feature-1
content type line 14
ObjectType-Article-2
content type line 23
ISSN:0167-4048
1872-6208
DOI:10.1016/j.cose.2012.09.015