Digital Library[ Search Result ]
Effective Fuzzing Technique with Command Line Option Mutation/Selection
Ahcheong Lee, Yunho Kim, Moonzoo Kim
http://doi.org/10.5626/JOK.2022.49.11.981
Command line option determines how Command Line Interface (CLI) program executes. Therefore, selecting and using proper command line options determines the performance and effectiveness of testing in terms of coverage and bug detection power. In this paper, we propose PAW (Program option-AWare fuzzer) which automatically selects useful command line options to improve the effectiveness of fuzz testing. In the first 10% of fuzzing time, PAW generates diverse command line options by mutating existing options, and it decides which options are useful ones using branch coverage. For the remaining 90% of the time, PAW focuses on executing the selected, useful options for effective testing. We implemented PAW on top of AFL++ which is the state-of-the-art fuzzer, and we evaluated PAW on ten real-world C programs by comparing coverage with AFL++ and Angora. PAW showed higher branch coverage results and crash detection power on the ten C programs.
Dynamic Function Relevance based Fuzzing for High Coverage
Ahcheong Lee, Yunho Kim, Moonzoo Kim
http://doi.org/10.5626/JOK.2021.48.4.391
Coverage Guided Fuzzing (CGF) is one of the famous test case generation technique. The technique is actively researched and used based on its simplicity and scalability for large real software. However, most of the fuzzing techniques do not utilize valuable semantic information of target programs. This paper presents two new heuristics that use dynamic function relevance to select the appropriate input bytes which can be mutated to increase the coverage. The function relevance between the two functions is defined as the number of test cases that execute the functions together, and the high relevance means the two functions executing high dependency on each other. To improve coverage of a target function, the new heuristics determines bytes that are used by functions that are highly relevant to the target function, and only the valuable bytes are mutated. As these bytes have high data dependency on the variables in the target function, mutating them improves the coverage of the target function. We implemented the two heuristics on the top of the state-of-the-art fuzzers, Angora and FairFuzz, and evaluated on real-world C programs that are used by recent fuzzing works. The heuristics showed 17.88% and 11.03% path coverage improvement, respectively.
Automatic Test Case Generation through Concolic Testing to Improve SW Quality of Defense Weapon System
Kunwoo Park, Joohyun Lee, Hyunggon Song, Kyu Tae Cho, Yunho Kim, Moonzoo Kim
http://doi.org/10.5626/JOK.2019.46.9.926
To improve SW quality of defense weapon system, automatic and systematic generation of test cases is necessary; however, that is not the case in the traditional practice of labor-intensive and manual SW testing. The paper applies concolic testing to the defense weapon system SW, effectively generates test cases that achieve high coverage, and discovers defects which contributes to the improvement in SW quality. Also, two methods are proposed using 4 search strategies in concolic testing and using LIA logic, to increase the efficiency of concolic testing for a program with high complexity. In addition, a symbolic modeling method is proposed as an example to extend concolic testing for practitioners.
Improving Applicability and Usability of a Concolic Testing Tool CROWN
Hyunwoo Kim, Yunho Kim, Moonzoo Kim
http://doi.org/10.5626/JOK.2018.45.10.1071
The paper presents an extension of the Concolic testing tool CROWN(Concolic testing for Real-wOrld softWare aNalysis) for improving the applicability and usability of Concolic testing. The existing CROWN tool is limited to Linux platforms and the Concolic testing results generated from CROWN are hard for users to understand. We extend CROWN to run on Windows OS to increase the running platforms and improve user interface with CROWN and its applicability to help users analyze Concolic testing results in an easier way.
Automated Capturing and Replaying Unit Inputs of C Programs from System Executions through Static and Dynamic Analysis
Hyunsu Lim, Yunho Kim, Moonzoo Kim
http://doi.org/10.5626/JOK.2018.45.10.1035
Despite the high testing power of unit testing, it has an infeasible input problem, which is an impossible input for a unit in a real system. There is a technique known as Carving and Replay (CR) that serializes the state of the program when a target function is called in system execution and uses it as unit test case by deserializing it, to solve this infeasible input problem. However, unlike programming languages like Java, the C programming language does not provide a serialization method. Also, because of the C programming language’s features such as structure, union, and pointer, it has its own challenges for applying the CR technique. In this paper, we examine the challenges and suggest a CR tool for C programs by solving such problems with tracking the memory usage of the program, using run-time information from dynamic analysis, and inserting a probe code by static analysis.
A Comparative Study of C Program Mutation Tools for Effective Mutation Analysis: A Case Study of Proteum and Milu
Yunho Kim, Hyunwoo Kim, Woong-gyu Yang, Moonzoo Kim
http://doi.org/10.5626/JOK.2018.45.4.342
Mutation analysis generates mutants of a target program by applying syntactic changes to the source code and analyzes the difference of execution results of the mutants from those of the original program. For effective mutation analysis, mutant generation tools should be able to generate effective program mutants. For example, a mutant that is semantically equivalent to the original program or another mutant is not an effective mutant, because it does not generate an execution result different from that of the original program or another existing mutant. This paper presents a comparative study of two mutant generation tools for C programs, Proteum and Milu. To generate effective mutants effectively, we generated a canonical form of mutated expressions and removed duplicated mutants that have the same canonical form as that of other mutants. We applied Proteum and Milu to four Linux/Unix utilities in the SIR benchmark and showed that 48.7% and 46.4% of mutants generated by Proteum and Milu were effective mutants on average, respectively.
Video Quality Maintenance Scheme for Improve QoE of HTTP Adaptive Streaming Service
Yunho Kim, Heekwang Kim, Kwangsue Chung
http://doi.org/10.5626/JOK.2018.45.2.187
Recently, Hypertext Transfer Protocol (HTTP) adaptive streaming service is attracting attention. The existing quality adaptive scheme of HTTP adaptive streaming service adjusts the video quality according to the network bandwidth or the client buffer size. However, the problem with the existing quality adaptive scheme is the QoE (Quality of Experience) degradation caused by the unnecessary quality change that occurs due to frequent bandwidth change or fixed buffer threshold. We propose a video quality maintenance scheme that improves average video quality and minimizes unnecessary quality change in order to improve the QoE of HTTP adaptive streaming service in the changing network environment. The proposed scheme maintains high quality for a long time by setting the quality maintenance duration to be long when buffer occupancy and video quality are high. The experimental results show that the proposed scheme improves QoE by improving the average video quality and minimizing the quality change.
Jitter-based Rate Control Scheme for Seamless HTTP Adaptive Streaming in Wireless Networks
Yunho Kim, Jiwoo Park, Kwangsue Chung
http://doi.org/10.5626/JOK.2017.44.6.628
HTTP adaptive streaming is a technique that improves the quality of experience by storing various quality videos on the server and requesting files of the appropriate quality based on network bandwidth. However, it is difficult to measure the actual bandwidth in wireless networks with frequent bandwidth changes and high loss rate. Frequent quality changes and playback interruptions due to bandwidth measurement errors degrade the quality of experience. We propose a technique to estimate the available bandwidth by measuring the jitter, which is the derivation of delay, on a packet basis and assigning a weight according to jitter. The proposed scheme reduces the number of quality changes and mitigates the buffer underflow by reflecting less bandwidth change when high jitter occurs due to rapid bandwidth change. The experimental results show that the proposed scheme improves the quality of experience by mitigating buffer underflow and reducing the number of quality changes in wireless networks.
Automated Unit-test Generation for Detecting Vulnerabilities of Android Kernel Modules
In this study, we propose an automated unit test generation technique for detecting vulnerabilities of Android kernel modules. The technique automatically generates unit test drivers/stubs and unit test inputs for each function of Android kernel modules by utilizing dynamic symbolic execution. To reduce false alarms caused by function pointers and missing pre-conditions of automated unit test generation technique, we develop false alarm reduction techniques that match function pointers by utilizing static analysis and generate pre-conditions by utilizing def-use analysis. We showed that the proposed technique could detect all existing vulnerabilities in the three modules of Android kernel 3.4. Also, the false alarm reduction techniques removed 44.9% of false alarms on average.
Mutagen4J : Effective Mutant Generation Tool for Java Programs
Yiru Jeon, Yunho Kim, Shin Hong, Moonzoo Kim
Mutation analysis (or software mutation analysis) generates variants of a target program by injecting systematic code changes to the target program, and utilizes the variants to analyze the target program behaviors. Effective mutation analyses require adequate mutation operators that generate diverse variants for use in the analysis. However, the current mutation analysis tools for Java programs have limitations, since they support only limited types of mutation operators and do not support recent language features such as Java8. In this study, we present Mutagen4J, a new mutant generation tool for Java programs. Mutagen4J additionally supports mutation operators recently shown to generate various mutants and fully supports recent Java language features. The experimental results show that Mutagen4J generates useful mutants for analyses 2.3 times more than the existing Java mutation tools used for the study.
Search
Journal of KIISE
- ISSN : 2383-630X(Print)
- ISSN : 2383-6296(Electronic)
- KCI Accredited Journal
Editorial Office
- Tel. +82-2-588-9240
- Fax. +82-2-521-1352
- E-mail. chwoo@kiise.or.kr