JCP 2019 Vol.14(2): 111-118 ISSN: 1796-203X
doi: 10.17706/jcp.14.2.111-118
doi: 10.17706/jcp.14.2.111-118
Discovering Software Vulnerabilities Based on Fuzz Testing
Yu-Ming Chung, Chihli Hung
Chung Yuan Christian University, No. 200 Jongpei Rd., Jongli Dist., Taoyuan City, 32023, Taiwan.
Abstract—In the era of the Internet, information security issues are of paramount importance. Software packages invariably have security vulnerabilities. If exploited by malicious hackers, vulnerabilities can cause substantial losses to software corporations and end users. Due to the increase in Advanced Persistent Threat (APT) attacks, vulnerabilities have to be discovered as rapidly as possible. This research focuses on Microsoft Office Word software and proposes the fuzzing vulnerability digging model. In the field of fuzz testing, the traditional approaches consume considerable time and system resources without analyzing file formats. Therefore, the fuzzing vulnerability digging model proposed in this research examines the file format to identify any possible weaknesses. According to the experiments, our proposed model outperforms two benchmarking models, i.e. the FileFuzz tester and MiniFuzz tester, for a fixed period of time. Finally, we present an example which imitates a Shellcode attack carried out via the weaknesses discovered by the proposed model. According to the comparison results, the proposed model has the potential to identify weaknesses in MS Office Word software more effectively and efficiently.
Index Terms—Fuzz testing, software security, software testing, vulnerability exploiting.
Abstract—In the era of the Internet, information security issues are of paramount importance. Software packages invariably have security vulnerabilities. If exploited by malicious hackers, vulnerabilities can cause substantial losses to software corporations and end users. Due to the increase in Advanced Persistent Threat (APT) attacks, vulnerabilities have to be discovered as rapidly as possible. This research focuses on Microsoft Office Word software and proposes the fuzzing vulnerability digging model. In the field of fuzz testing, the traditional approaches consume considerable time and system resources without analyzing file formats. Therefore, the fuzzing vulnerability digging model proposed in this research examines the file format to identify any possible weaknesses. According to the experiments, our proposed model outperforms two benchmarking models, i.e. the FileFuzz tester and MiniFuzz tester, for a fixed period of time. Finally, we present an example which imitates a Shellcode attack carried out via the weaknesses discovered by the proposed model. According to the comparison results, the proposed model has the potential to identify weaknesses in MS Office Word software more effectively and efficiently.
Index Terms—Fuzz testing, software security, software testing, vulnerability exploiting.
Cite: Yu-Ming Chung, Chihli Hung, "Discovering Software Vulnerabilities Based on Fuzz Testing," Journal of Computers vol. 14, no. 2, pp. 111-118, 2019.
General Information
ISSN: 1796-203X
Abbreviated Title: J.Comput.
Frequency: Bimonthly
Abbreviated Title: J.Comput.
Frequency: Bimonthly
Editor-in-Chief: Prof. Liansheng Tan
Executive Editor: Ms. Nina Lee
Abstracting/ Indexing: DBLP, EBSCO, ProQuest, INSPEC, ULRICH's Periodicals Directory, WorldCat,etc
E-mail: jcp@iap.org
-
Nov 14, 2019 News!
Vol 14, No 11 has been published with online version [Click]
-
Mar 20, 2020 News!
Vol 15, No 2 has been published with online version [Click]
-
Dec 16, 2019 News!
Vol 14, No 12 has been published with online version [Click]
-
Sep 16, 2019 News!
Vol 14, No 9 has been published with online version [Click]
-
Aug 16, 2019 News!
Vol 14, No 8 has been published with online version [Click]
- Read more>>