Scalable Greybox Fuzzing for Effective Vulnerability Management

Ognawala, Saahil

User: Guest

mediaTUM Content

University Bibliography

Electronic Examination Papers

Open Access Publikationen

Research Data

TUM.University Press

Collections

Projects

Institutions

TUM Board of Management

Academic Departments

Department of Mathematics

Physics Department

TUM School of Governance

Department of Chemistry

TUM School of Management

TUM Department of Civil, Geo and Environmental Engineering

Department of Architecture

Faculty of Mechanical Engineering

Department of Electrical and Computer Engineering

Faculty of Informatics

Examination Papers (1185)

Dissertations (1161)

Habilitations (21)

Weitere Prüfungsarbeiten (1)

Masterarbeiten (2)

Institute of Informatics (7925)

Technical Reports

Center of Life and Food Sciences Weihenstephan

TUM School of Medicine

Faculty of Sport and Health Science

TUM School of Education

Academic department Aerospace and Geodesy

TUM Campus Straubing für Biotechnologie und Nachhaltigkeit

Research Centers

Service Facilities

TUM Institute for Life Long Learning

Partnerschaftliche Einrichtungen

Jahrbuch 1989 - 2007

mediaTUM GesamtbestandElektronische PrüfungsarbeitenFachgebietDatenverarbeitung, InformatikSaahil Ognawala

If you experience problems opening the document, please try this link.

Original title:

Scalable Greybox Fuzzing for Effective Vulnerability Management

Translated title:

Skalierbares Greybox Fuzzing zum effektiven Management von Schwachstellen

Author:

Ognawala, Saahil

Year:

2020

Document type:

Dissertation

Institution:

Fakultät für Informatik

Advisor:

Pretschner, Alexander (Prof. Dr.)

Referee:

Pretschner, Alexander (Prof. Dr.); Cadar, Cristian (Prof., Ph.D.)

Language:

Subject group:

DAT Datenverarbeitung, Informatik

Keywords:

software engineering, software testing, dynamic analysis

TUM classification:

DAT 310d

Abstract:

We describe a dynamic analysis technique for discovering vulnerabilities where we, first, analyse isolated components of a program for vulnerabilities with three modes – symbolic execution, fuzzing and a novel greybox fuzzing method. To determine the feasibility of vulnerabilities, we propose a compositional analysis method using targeted symbolic execution. Finally, we discuss an adaptable assessment method based on heuristics from bug-repository- and code-mining, to assist in bug triage.

Translated abstract:

Wir stellen eine Analysetechnik zum Auffinden von Schwachstellen in Softwaresysteme vor. Isolierte Komponenten eines Programs werden zunächst mit drei Modi untersucht - symbolische Ausführung, Fuzzing und eine neuartiges Greybox-Fuzzing. Um die Erreichbarkeit der Schwachstellen zu zeigen, schlagen wir eine kompositionelle Analysetechnik vor. Wir beschreiben auch ein Framework zur Schwachstellenbewertung, das Entwicklern bei der Priorisierung unterstützt.

WWW:

http://mediatum.ub.tum.de/?id=1509837

Date of submission:

03.07.2019

Oral examination:

04.02.2020

File size:

2348669 bytes

Pages:

170

Urn (citeable URL):

http://nbn-resolving.de/urn/resolver.pl?urn:nbn:de:bvb:91-diss-20200204-1509837-1-9