11 research outputs found
Improving Function Coverage with Munch: A Hybrid Fuzzing and Directed Symbolic Execution Approach
Fuzzing and symbolic execution are popular techniques for finding
vulnerabilities and generating test-cases for programs. Fuzzing, a blackbox
method that mutates seed input values, is generally incapable of generating
diverse inputs that exercise all paths in the program. Due to the
path-explosion problem and dependence on SMT solvers, symbolic execution may
also not achieve high path coverage. A hybrid technique involving fuzzing and
symbolic execution may achieve better function coverage than fuzzing or
symbolic execution alone. In this paper, we present Munch, an open source
framework implementing two hybrid techniques based on fuzzing and symbolic
execution. We empirically show using nine large open-source programs that
overall, Munch achieves higher (in-depth) function coverage than symbolic
execution or fuzzing alone. Using metrics based on total analyses time and
number of queries issued to the SMT solver, we also show that Munch is more
efficient at achieving better function coverage.Comment: To appear at 33rd ACM/SIGAPP Symposium On Applied Computing (SAC). To
be held from 9th to 13th April, 201
UA77/1 Western Alumnus, Vol. 39, No. 4
WKU alumni magazine. This issue contains the following articles: College Heights Foundation Begins Special Appeal Campaign Conway, Sheila. The McChesneys Administrative Reorganization: Regents Confirm Appointments Given, Ed. Jim McDaniels Tells About Life & People on the Other Side of the Globe Armstrong, Don. Dear Alum: You Wouldn\u27t Recognize Freshman Physics Downing, Dero. Charting the Course Boling, Edward. Symbolism & Certainty Page, Tate. The Environment for Man Faculty Awards - Elmer Gray, George Masannat Conway, Sheila. Student Centers on the Hill Homecoming: Western - Spirit of the \u2770\u27s Structured Progress Sagabiel, Jack. Honor Societies Build for Excellence Scholars - Plus - Beverly Harmon, John Taulbee Conway, Sheila. Western\u27s Outstanding Teen-Ager - Jane Barton New Alumni President - Robert Preston Joseph Iracane New Director L.W. Jones New Director Kenneth Henry New Director Alumni Notes In Memoriam - William Pearce, William Solle
SMRL: A Metamorphic Security Testing Tool for Web Systems
We present a metamorphic testing tool that alleviates the oracle problem in security testing. The tool enables engineers to specify metamorphic relations that capture security properties of Web systems. It automatically tests Web systems to detect vulnerabilities based on those relations. We provide a domain-specific language accompanied by an Eclipse editor to facilitate the specification of metamorphic relations. The tool automatically collects the input data and transforms the metamorphic relations into executable Java code in order to automatically perform security testing based on the collected data. The tool has been successfully evaluated on a commercial system and a leading open source system (Jenkins). Demo video: https://youtu.be/9kx6u9LsGxs
Fast feedback cycles in empirical software engineering research
Background/Context: Gathering empirical knowledge is a time consuming task and the results from empirical studies often are soon outdated by new technological solutions. As a result, the impact of empirical results on software engineering practice is often not guaranteed.
Objective/Aim: In this paper, we summarize the ongoing discussion on "Empirical Software Engineering 2.0" as a way to improve the impact of empirical results on industrial practices. We propose a way to combine data mining and analysis with domain knowledge to enable fast feedback cycles in empirical software engineering research.
Method: We identify the key concepts on gathering fast feedback in empirical software engineering by following an experience-based line of reasoning by argument. Based on the identified key concepts, we design and execute a small proof of concept with a company to demonstrate potential benefits of the approach.
Results: In our example, we observed that a simple double feedback mechanism notably increased the precision of the data analysis and improved the quality of the knowledge gathered.
Conclusion: Our results serve as a basis to foster discussion and collaboration within the research community for a development of the idea