Change search
CiteExportLink to record
Permanent link

Direct link
Cite
Citation style
  • apa
  • harvard1
  • ieee
  • modern-language-association-8th-edition
  • vancouver
  • Other style
More styles
Language
  • de-DE
  • en-GB
  • en-US
  • fi-FI
  • nn-NO
  • nn-NB
  • sv-SE
  • Other locale
More languages
Output format
  • html
  • text
  • asciidoc
  • rtf
OpenSAW: Open security analysis workbench
Show others and affiliations
2017 (English)In: 20th International Conference on Fundamental Approaches to Software Engineering, FASE 2017 Held as Part of the European Joint Conferences on Theory and Practice of Software, ETAPS 2017, Springer Verlag , 2017, 321-337 p.Conference paper, Published paper (Refereed)
Abstract [en]

Software is today often composed of many sourced componets, which potentially contain security vulnerabilities, and therefore require testing before being integrated. Tools for automated test case generation, for example, based on white-box fuzzing, are beneficial for this testing task. Such tools generally explore limitations of the specific underlying techniques for solving problems related to, for example, constraint solving, symbolic execution, search heuristics and execution trace extraction. In this article we describe the design of OpenSAW, a more flexible general-purpose white-box fuzzing framework intended to encourage research on new techniques identifying security problems. In addition, we have formalized two unaddressed technical aspects and devised new algorithms for these. The first relates to generalizing and combining different program exploration strategies, and the second relates to prioritizing execution traces. We have evaluated OpenSAW using both in-house and external programs and identified several bugs.

Place, publisher, year, edition, pages
Springer Verlag , 2017. 321-337 p.
Keyword [en]
Heuristic algorithms, Software engineering, Software testing, Automated test case generation, Constraint Solving, Exploration strategies, Security analysis, Security problems, Security vulnerabilities, Symbolic execution, Technical aspects, Program debugging
National Category
Computer Science
Identifiers
URN: urn:nbn:se:kth:diva-207388DOI: 10.1007/978-3-662-54494-5_18Scopus ID: 2-s2.0-85016390660ISBN: 9783662544938 (print)OAI: oai:DiVA.org:kth-207388DiVA: diva2:1107485
Conference
22 April 2017 through 29 April 2017
Note

QC 20170609

Available from: 2017-06-09 Created: 2017-06-09 Last updated: 2017-06-09Bibliographically approved

Open Access in DiVA

No full text

Other links

Publisher's full textScopus

Search in DiVA

By author/editor
Segersvärd, Oskar
By organisation
School of Computer Science and Communication (CSC)
Computer Science

Search outside of DiVA

GoogleGoogle Scholar

doi
isbn
urn-nbn

Altmetric score

doi
isbn
urn-nbn
Total: 44 hits
CiteExportLink to record
Permanent link

Direct link
Cite
Citation style
  • apa
  • harvard1
  • ieee
  • modern-language-association-8th-edition
  • vancouver
  • Other style
More styles
Language
  • de-DE
  • en-GB
  • en-US
  • fi-FI
  • nn-NO
  • nn-NB
  • sv-SE
  • Other locale
More languages
Output format
  • html
  • text
  • asciidoc
  • rtf