Mining input grammars from dynamic taints

Knowing which part of a program processes which parts of an input can reveal the structure of the input as well as the structure of the program. In a URL http://www.example.com/path/, for instance, the protocol http, the host www.example.com, and the path path would be handled by different functions...

Celý popis

Uloženo v:
Podrobná bibliografie
Vydáno v:Proceedings of the 31st IEEE/ACM International Conference on Automated Software Engineering s. 720 - 725
Hlavní autoři: Hoschele, Matthias, Zeller, Andreas
Médium: Konferenční příspěvek
Jazyk:angličtina
Vydáno: ACM 01.09.2016
Témata:
context-free grammars
dynamic tainting
fuzzing
Grammar
Input formats
Instruments
Java
Ports (Computers)
Protocols
Software
Uniform resource locators
On-line přístup:Získat plný text
Tagy: Přidat tag
Žádné tagy, Buďte první, kdo vytvoří štítek k tomuto záznamu!
Popis
Shrnutí:Knowing which part of a program processes which parts of an input can reveal the structure of the input as well as the structure of the program. In a URL http://www.example.com/path/, for instance, the protocol http, the host www.example.com, and the path path would be handled by different functions and stored in different variables. Given a set of sample inputs, we use dynamic tainting to trace the data flow of each input character, and aggregate those input fragments that would be handled by the same function into lexical and syntactical entities. The result is a context-free grammar that reflects valid input structure. In its evaluation, our AUTOGRAM prototype automatically produced readable and structurally accurate grammars for inputs like URLs, spreadsheets or configuration files. The resulting grammars not only allow simple reverse engineering of input formats, but can also directly serve as input for test generators.
DOI:10.1145/2970276.2970321