You are here

IMPLEMENTATION AND TESTING OF A BLACKBOX AND A WHITEBOX FUZZER FOR FILE COMPRESSION ROUTINES

Download pdf | Full Screen View

Date Issued:
2013
Abstract/Description:
Fuzz testing is a software testing technique that has risen to prominence over the past two decades. The unifying feature of all fuzz testers (fuzzers) is their ability to somehow automatically produce random test cases for software. Fuzzers can generally be placed in one of two classes: black-box or white-box. Blackbox fuzzers do not derive information from a program's source or binary in order to restrict the domain of their generated input while white-box fuzzers do. A tradeoff involved in the choice between blackbox and whitebox fuzzing is the rate at which inputs can be produced; since blackbox fuzzers need not do any "thinking" about the software under test to generate inputs, blackbox fuzzers can generate more inputs per unit time if all other factors are equal. The question of how blackbox and whitebox fuzzing should be used together for ideal economy of software testing has been posed and even speculated about, however, to my knowledge, no publically available study with the intent of characterizing an answer exists. The purpose of this thesis is to provide an initial exploration of the bug-finding characteristics of blackbox and whitebox fuzzers. A blackbox fuzzer is implemented and extended with a concolic execution program to make it whitebox. Both versions of the fuzzer are then used to run tests on some small programs and some parts of a file compression library.
Title: IMPLEMENTATION AND TESTING OF A BLACKBOX AND A WHITEBOX FUZZER FOR FILE COMPRESSION ROUTINES.
16 views
10 downloads
Name(s): Tobkin, Toby, Author
Guha, Ratan, Committee Chair
University of Central Florida, Degree Grantor
Type of Resource: text
Date Issued: 2013
Publisher: University of Central Florida
Language(s): English
Abstract/Description: Fuzz testing is a software testing technique that has risen to prominence over the past two decades. The unifying feature of all fuzz testers (fuzzers) is their ability to somehow automatically produce random test cases for software. Fuzzers can generally be placed in one of two classes: black-box or white-box. Blackbox fuzzers do not derive information from a program's source or binary in order to restrict the domain of their generated input while white-box fuzzers do. A tradeoff involved in the choice between blackbox and whitebox fuzzing is the rate at which inputs can be produced; since blackbox fuzzers need not do any "thinking" about the software under test to generate inputs, blackbox fuzzers can generate more inputs per unit time if all other factors are equal. The question of how blackbox and whitebox fuzzing should be used together for ideal economy of software testing has been posed and even speculated about, however, to my knowledge, no publically available study with the intent of characterizing an answer exists. The purpose of this thesis is to provide an initial exploration of the bug-finding characteristics of blackbox and whitebox fuzzers. A blackbox fuzzer is implemented and extended with a concolic execution program to make it whitebox. Both versions of the fuzzer are then used to run tests on some small programs and some parts of a file compression library.
Identifier: CFH0004463 (IID), ucf:45110 (fedora)
Note(s): 2013-05-01
B.S.
Engineering and Computer Science, Dept. of Electrical Engineering and Computer Science
Bachelors
This record was generated from author submitted information.
Subject(s): fuzzing
whitebox testing
software testing
concolic execution
Persistent Link to This Record: http://purl.flvc.org/ucf/fd/CFH0004463
Restrictions on Access: public
Host Institution: UCF

In Collections