Abstract
Recently, cyber attacks on clients and servers have rapidly increased. Most of these attacks have exploited the underlying vulnerabilities in the target software. Unfortunately, identifying and correcting these vulnerabilities has become extremely difficult and time consuming since (1) most security analyses are based on hard to understand binary representation of the software, (2) most binary codes are too large to be analyzed by a human being, and (3) most software updates or patches are done either regularly or frequently, each of which requires security analysis. Therefore, what we need is a more efficient approach to software security analysis. In response to this concern, experts are now examining tainting and fuzzing techniques as viable alternatives to improve software security. In this article, we present an efficient method for software security analysis using tainting and fuzzing techniques.
Access this chapter
Tax calculation will be finalised at checkout
Purchases are for personal use only
Preview
Unable to display preview. Download preview PDF.
References
Veracode, State of software security report, vol. 3, http://www.veracode.com
SANS, CWE/SANS TOP 25 Most Dangerous Software Errors (2011), http://www.sans.org/top25-software-errors
Sutton, M., Greene, A., Amini, P.: Fuzzing Brute Force Vulnerability Discovery. Addison-Wesley (2008)
Edgar, B.: Taint Analysis. In: Hackers to Hackers Conference (2009)
IDA Pro, http://www.hexblog.com
Corelan, In Memory Fuzzing (2010), http://www.corelan.be/index.php/2010/10/20/in-memory-fuzzing
DynamoRio, http://www.dynamorio.org
Bitblaze, http://bitblaze.cs.berkeley.edu
Author information
Authors and Affiliations
Editor information
Editors and Affiliations
Rights and permissions
Copyright information
© 2012 Springer-Verlag Berlin Heidelberg
About this paper
Cite this paper
Hwang, S.O. (2012). Finding Vulnerabilities in Binary Codes Using Tainting/Fuzzing Analysis. In: Lee, G., Howard, D., Ślęzak, D., Hong, Y.S. (eds) Convergence and Hybrid Information Technology. ICHIT 2012. Communications in Computer and Information Science, vol 310. Springer, Berlin, Heidelberg. https://doi.org/10.1007/978-3-642-32692-9_36
Download citation
DOI: https://doi.org/10.1007/978-3-642-32692-9_36
Publisher Name: Springer, Berlin, Heidelberg
Print ISBN: 978-3-642-32691-2
Online ISBN: 978-3-642-32692-9
eBook Packages: Computer ScienceComputer Science (R0)