Mining input grammars from dynamic taints
Knowing which part of a program processes which parts of an input can reveal the structure of the input as well as the structure of the program. In a URL http://www.example.com/path/, for instance, the protocol http, the host www.example.com, and the path path would be handled by different functions...
Uloženo v:
| Vydáno v: | Proceedings of the 31st IEEE/ACM International Conference on Automated Software Engineering s. 720 - 725 |
|---|---|
| Hlavní autoři: | , |
| Médium: | Konferenční příspěvek |
| Jazyk: | angličtina |
| Vydáno: |
ACM
01.09.2016
|
| Témata: | |
| On-line přístup: | Získat plný text |
| Tagy: |
Přidat tag
Žádné tagy, Buďte první, kdo vytvoří štítek k tomuto záznamu!
|
| Abstract | Knowing which part of a program processes which parts of an input can reveal the structure of the input as well as the structure of the program. In a URL http://www.example.com/path/, for instance, the protocol http, the host www.example.com, and the path path would be handled by different functions and stored in different variables. Given a set of sample inputs, we use dynamic tainting to trace the data flow of each input character, and aggregate those input fragments that would be handled by the same function into lexical and syntactical entities. The result is a context-free grammar that reflects valid input structure. In its evaluation, our AUTOGRAM prototype automatically produced readable and structurally accurate grammars for inputs like URLs, spreadsheets or configuration files. The resulting grammars not only allow simple reverse engineering of input formats, but can also directly serve as input for test generators. |
|---|---|
| AbstractList | Knowing which part of a program processes which parts of an input can reveal the structure of the input as well as the structure of the program. In a URL http://www.example.com/path/, for instance, the protocol http, the host www.example.com, and the path path would be handled by different functions and stored in different variables. Given a set of sample inputs, we use dynamic tainting to trace the data flow of each input character, and aggregate those input fragments that would be handled by the same function into lexical and syntactical entities. The result is a context-free grammar that reflects valid input structure. In its evaluation, our AUTOGRAM prototype automatically produced readable and structurally accurate grammars for inputs like URLs, spreadsheets or configuration files. The resulting grammars not only allow simple reverse engineering of input formats, but can also directly serve as input for test generators. |
| Author | Zeller, Andreas Hoschele, Matthias |
| Author_xml | – sequence: 1 givenname: Matthias surname: Hoschele fullname: Hoschele, Matthias email: hoeschele@cs.uni-saarland.de organization: Saarland Inf. Campus, Saarland Univ., Saarbrucken, Germany – sequence: 2 givenname: Andreas surname: Zeller fullname: Zeller, Andreas email: zeller@cs.uni-saarland.de organization: Saarland Inf. Campus, Saarland Univ., Saarbrucken, Germany |
| BookMark | eNotjj1PwzAUAI0EElAyM7B4ZUh5frZje0QVX1IRC8zVs_NSGRG3isPQf08RTDecdLpLcVp2hYW4VrBUytg7DA7QdctfalQnognOHwVo7Y2156Kp9RMAELugES_E7WsuuWxlLvvvWW4nGkeaqhym3Sj7Q6ExJzlTLnO9EmcDfVVu_rkQH48P76vndv329LK6X7eExs0tBRsDhKRUiga1ZU7kiawK7JMfXGe0NmD7EBUM0TNb3yMkNIyaI_V6IW7-upmZN_spH4cOG2c9enD6B1cXQWA |
| ContentType | Conference Proceeding |
| DBID | 6IE 6IL CBEJK RIE RIL |
| DOI | 10.1145/2970276.2970321 |
| DatabaseName | IEEE Electronic Library (IEL) Conference Proceedings IEEE Xplore POP ALL IEEE Xplore All Conference Proceedings IEEE Electronic Library (IEL) IEEE Proceedings Order Plans (POP All) 1998-Present |
| DatabaseTitleList | |
| Database_xml | – sequence: 1 dbid: RIE name: IEEE Electronic Library (IEL) url: https://ieeexplore.ieee.org/ sourceTypes: Publisher |
| DeliveryMethod | fulltext_linktorsrc |
| EISBN | 9781450338455 1450338453 |
| EndPage | 725 |
| ExternalDocumentID | 7582807 |
| Genre | orig-research |
| GroupedDBID | 6IE 6IL ACM ALMA_UNASSIGNED_HOLDINGS APO CBEJK GUFHI LHSKQ RIE RIL |
| ID | FETCH-LOGICAL-a247t-a95b909c11cb4235eeca8aa519e8c8f76433405d9b10fb8ee58d20c24e23ebad3 |
| IEDL.DBID | RIE |
| ISICitedReferencesCount | 81 |
| ISICitedReferencesURI | http://www.webofscience.com/api/gateway?GWVersion=2&SrcApp=Summon&SrcAuth=ProQuest&DestLinkType=CitingArticles&DestApp=WOS_CPL&KeyUT=000390237000071&url=https%3A%2F%2Fcvtisr.summon.serialssolutions.com%2F%23%21%2Fsearch%3Fho%3Df%26include.ft.matches%3Dt%26l%3Dnull%26q%3D |
| IngestDate | Wed Aug 27 01:41:41 EDT 2025 |
| IsPeerReviewed | false |
| IsScholarly | false |
| Language | English |
| LinkModel | DirectLink |
| MergedId | FETCHMERGED-LOGICAL-a247t-a95b909c11cb4235eeca8aa519e8c8f76433405d9b10fb8ee58d20c24e23ebad3 |
| PageCount | 6 |
| ParticipantIDs | ieee_primary_7582807 |
| PublicationCentury | 2000 |
| PublicationDate | 2016-Sept. |
| PublicationDateYYYYMMDD | 2016-09-01 |
| PublicationDate_xml | – month: 09 year: 2016 text: 2016-Sept. |
| PublicationDecade | 2010 |
| PublicationTitle | Proceedings of the 31st IEEE/ACM International Conference on Automated Software Engineering |
| PublicationTitleAbbrev | ASE |
| PublicationYear | 2016 |
| Publisher | ACM |
| Publisher_xml | – name: ACM |
| SSID | ssj0002269322 |
| Score | 2.0113978 |
| Snippet | Knowing which part of a program processes which parts of an input can reveal the structure of the input as well as the structure of the program. In a URL... |
| SourceID | ieee |
| SourceType | Publisher |
| StartPage | 720 |
| SubjectTerms | context-free grammars dynamic tainting fuzzing Grammar Input formats Instruments Java Ports (Computers) Protocols Software Uniform resource locators |
| Title | Mining input grammars from dynamic taints |
| URI | https://ieeexplore.ieee.org/document/7582807 |
| WOSCitedRecordID | wos000390237000071&url=https%3A%2F%2Fcvtisr.summon.serialssolutions.com%2F%23%21%2Fsearch%3Fho%3Df%26include.ft.matches%3Dt%26l%3Dnull%26q%3D |
| hasFullText | 1 |
| inHoldings | 1 |
| isFullTextHit | |
| isPrint | |
| link | http://cvtisr.summon.serialssolutions.com/2.0.0/link/0/eLvHCXMwlZ09T8MwEIZPpWJgAtQivuWBBQm3iZ3E9oyoGKDqAKhb5Y-r1IG0ahN-P-ckKgwsTLa8WJYl-zn73nsB7lTi02Bz5JJomBOBe-68kNx4Z6yiE7Mt1_TxoqZTPZ-bWQ8e9loYRGySz3AUu81fflj7Oj6VjVX844nS8QOlilartX9PIYwgFBFd9Z40y8fCKIq5ilFsZawF-ss-pbk9Jsf_m_cEhj8yPDbbXzCn0MNyAPevjaUDW5WbumIxt-qTYlMWZSIstPbyLIb71W4I75Ont8dn3vkdcCsyVXFrcmcS49PUO6KcHNFbbS0xFmqvl4rgQRJfBePSZOk0Yq6DSLzIUEh0Nsgz6JfrEs-BZSG6UHmiISuz3BqnCqf0skgtJp5CjgsYxGUuNm1Ji0W3wsu_h6_giDihaFOrrqFfbWu8gUP_Va1229tmH74BefCIpA |
| linkProvider | IEEE |
| linkToHtml | http://cvtisr.summon.serialssolutions.com/2.0.0/link/0/eLvHCXMwlZ1NSwMxEIaHUgU9qbTitzl4EUy7m-xukrNYKralhyq9lXxMoQe3pd3195vsLtWDF08JuYQQSJ5J5p0X4EFENnY6Rco9DVNP4JYayzhV1igt_IlZl2v6GInJRM7natqCp70WBhGr5DPshW71l-_WtgxPZX0R_niCdPwgOGc1aq39i4oHCQ8jrKnfEydpnynho66sF1oeqoH-MlCp7o_Byf9mPoXujxCPTPdXzBm0MO_A47gydSCrfFMWJGRXffrolAShCHG1wTwJAX-x68L74GX2PKSN4wHVLBEF1So1KlI2jq3xnJMiWi219pSF0sql8PjAPWE5ZeJoaSRiKh2LLEuQcTTa8XNo5-scL4AkLvhQWc9DmiepVkZkRshlFmuMrA86LqETlrnY1EUtFs0Kr_4evoej4Ww8WoxeJ2_XcOypIasTrW6gXWxLvIVD-1Wsdtu7ak--Aczei-0 |
| openUrl | ctx_ver=Z39.88-2004&ctx_enc=info%3Aofi%2Fenc%3AUTF-8&rfr_id=info%3Asid%2Fsummon.serialssolutions.com&rft_val_fmt=info%3Aofi%2Ffmt%3Akev%3Amtx%3Abook&rft.genre=proceeding&rft.title=Proceedings+of+the+31st+IEEE%2FACM+International+Conference+on+Automated+Software+Engineering&rft.atitle=Mining+input+grammars+from+dynamic+taints&rft.au=Hoschele%2C+Matthias&rft.au=Zeller%2C+Andreas&rft.date=2016-09-01&rft.pub=ACM&rft.spage=720&rft.epage=725&rft_id=info:doi/10.1145%2F2970276.2970321&rft.externalDocID=7582807 |