Chaouki Bekrar scite author profile

Chaouki Bekrar

2Publications

70Citation Statements Received

0Citation Statements Given

How they've been cited

107

How they cite others

Affiliations

Publications

Order By: Most citations

A Taint Based Approach for Smart Fuzzing

Bekrar¹,

Bekrar²,

Groz

et al. 2012

View full text Add to dashboard Cite

International audienceFuzzing is one of the most popular test-based software vulnerability detection techniques. It consists in running the target application with dedicated inputs in order to exhibit potential failures that could be exploited by a malicious user. In this paper we propose a global approach for fuzzing, addressing the main challenges to be faced in an industrial context: large-size applications, without source code access, and with a partial knowledge of the input specifications. This approach integrates several successive steps, and we mostly focus here on an important one which relies on binary-level dynamic taint analysis. We summarize the main problems to be addressed in this step, and we detail the solution we implemented to solve them

show abstract

Finding Software Vulnerabilities by Smart Fuzzing

Bekrar

Bekrar²,

Groz

et al. 2011

View full text Add to dashboard Cite

International audienceNowadays, one of the most effective ways to identify software vulnerabilities by testing is the use of fuzzing, whereby the robustness of software is tested against invalid inputs that play on implementation limits or data boundaries. A high number of random combinations of such inputs are sent to the system through its interfaces. Although fuzzing is a fast technique which detects real errors, its efficiency should be improved. Indeed, the main drawbacks of fuzz testing are its poor coverage which involves missing many errors, and the quality of tests. Enhancing fuzzing with advanced approaches such as: data tainting and coverage analysis would improve its efficiency and make it smarter. This paper will present an idea on how these techniques when combined give better error detection by iteratively guiding executions and generating the most pertinent test cases able to trigger potential vulnerabilities and maximize the coverage of testing

show abstract

scite is a Brooklyn-based organization that helps researchers better discover and understand research articles through Smart Citations–citations that display the context of the citation and describe whether the article provides supporting or contrasting evidence. scite is used by students and researchers from around the world and is funded in part by the National Science Foundation and the National Institute on Drug Abuse of the National Institutes of Health.

Contact Info

customersupport@researchsolutions.com

10624 S. Eastern Ave., Ste. A-614

Henderson, NV 89052, USA

This site is protected by reCAPTCHA and the Google Privacy Policy and Terms of Service apply.

Blog Terms and Conditions API Terms Privacy Policy Contact Cookie Preferences Do Not Sell or Share My Personal Information

Made with 💙 for researchers

Part of the Research Solutions Family.

Chaouki Bekrar

A Taint Based Approach for Smart Fuzzing

Finding Software Vulnerabilities by Smart Fuzzing

Contact Info

Product

Resources

About