research-article

SunDew: systematic automated security testing (keynote)

Author:

Domagoj BabicAuthors Info & Claims

SPIN 2017: Proceedings of the 24th ACM SIGSOFT International SPIN Symposium on Model Checking of Software

Page 10

https://doi.org/10.1145/3092282.3092314

Published: 13 July 2017 Publication History

Get Access

Abstract

SunDew is a new automated test generation framework developed at Google, focused on finding security bugs in C/C++ code. It combines the strengths of multiple test generation techniques under a single cohesive platform. It leverages the vast amount of computational resources available at Google to massively parallelize the automated test generation and triage. By using a portfolio of test generation techniques, SunDew aims to overcome the coverage saturation (or plateau) that occurs with any individual technique. This saturation manifests as the inability of the technique to discover unexplored parts of a program after a certain number of generated tests. A portfolio of techniques, on the other hand, provides a diversity of test generation strategies that complement each other. SunDew embeds the most recent advances in automated test case generation, which provide precision and thoroughness. For example, symbolic execution uses powerful constraint solvers to generate tests that precisely follow desired program branches. This approach allows symbolic execution to reach code executed under very specific input preconditions that would be difficult to discover randomly. At the same time, recent improvements to coverage guided automated fuzzing, such as AFL or LibFuzzer, generates tests faster than symbolic execution. Thus, SunDew alternates these approaches by using coverage-guided fuzzing to quickly bring the coverage to a first saturation level, then using symbolic execution to refine the search for harder-to-reach code. This, in turn, may provide additional inputs for coverage-guided fuzzers, etc. As part of SunDew, we also developed a number of format-aware fuzzers, that rely on, amongst other things, machine learning to generate language-aware fuzzers. The SunDew architecture follows a distributed continuous pipeline pattern. It allows a performance-based dynamic resource allocation for the various test generation techniques. This allows us to maximize the combined output of the test suite generation and avoid long plateaus in the coverage growth of the test suite. We discuss the application of SunDew on a variety of fuzzing targets of interest.

Cited By

View all

Brandt CCastelluccio MHoller CKratzer JZaidman ABacchelli ARoychoudhury APaiva AAbreu RStorey MAniche MNagappan N(2024)Mind the Gap: What Working With Developers on Fuzz Tests Taught Us About Coverage GapsProceedings of the 46th International Conference on Software Engineering: Software Engineering in Practice10.1145/3639477.3639721(157-167)Online publication date: 14-Apr-2024
https://dl.acm.org/doi/10.1145/3639477.3639721
Liang HPei XJia XShen WZhang J(2018)Fuzzing: State of the ArtIEEE Transactions on Reliability10.1109/TR.2018.283447667:3(1199-1218)Online publication date: Sep-2018
https://doi.org/10.1109/TR.2018.2834476

Index Terms

SunDew: systematic automated security testing (keynote)
1. Software and its engineering
  1. Software creation and management
    1. Software verification and validation
      1. Formal software verification
      2. Software defect analysis
        Software testing and debugging

Recommendations

An orchestrated survey of methodologies for automated software test case generation

Test case generation is among the most labour-intensive tasks in software testing. It also has a strong impact on the effectiveness and efficiency of software testing. For these reasons, it has been one of the most active research topics in software ...
Improving function coverage with munch: a hybrid fuzzing and directed symbolic execution approach
SAC '18: Proceedings of the 33rd Annual ACM Symposium on Applied Computing

Fuzzing and symbolic execution are popular techniques for finding vulnerabilities and generating test-cases for programs. Fuzzing, a blackbox method that mutates seed input values, is generally incapable of generating diverse inputs that exercise all ...
Combined Symbolic and Concrete Execution of TTCN-3 for Automated Testing
ISISE '08: Proceedings of the 2008 International Symposium on Information Science and Engieering - Volume 01

Testing procedure can be described by the Testing and Test Control Notation-version 3(TTCN-3). The automatic execution of TTCN-3 test scripts is transformed to automatic testing of system under test (SUT). We propose a framework, which uses combined ...

Comments

Please enable JavaScript to view thecomments powered by Disqus.

Information & Contributors

Information

Published In

SPIN 2017: Proceedings of the 24th ACM SIGSOFT International SPIN Symposium on Model Checking of Software

July 2017

199 pages

ISBN:9781450350778

DOI:10.1145/3092282

Program Chairs:
Hakan Erdogmus
Carnegie Mellon University, USA
,
Klaus Havelund
NASA, USA / Jet Propulsion Laboratory, USA

Permission to make digital or hard copies of all or part of this work for personal or classroom use is granted without fee provided that copies are not made or distributed for profit or commercial advantage and that copies bear this notice and the full citation on the first page. Copyrights for components of this work owned by others than the author(s) must be honored. Abstracting with credit is permitted. To copy otherwise, or republish, to post on servers or to redistribute to lists, requires prior specific permission and/or a fee. Request permissions from [email protected].

Publisher

Association for Computing Machinery

New York, NY, United States

Publication History

Published: 13 July 2017

Permissions

Request permissions for this article.

Request Permissions

Check for updates

Author Tags

Qualifiers

Research-article

Conference

ISSTA '17

Sponsor:

SIGSOFT

ISSTA '17: International Symposium on Software Testing and Analysis

July 13 - 14, 2017

CA, Santa Barbara, USA

Upcoming Conference

ICSE 2025

2025 IEEE/ACM 46th International Conference on Software Engineering

April 26 - May 3, 2025

Ottawa , ON , Canada

Contributors

Other Metrics

View Article Metrics

Bibliometrics & Citations

Bibliometrics

Article Metrics

2
Total Citations
View Citations
232
Total Downloads

Downloads (Last 12 months)2
Downloads (Last 6 weeks)0

Reflects downloads up to 18 Dec 2024

Other Metrics

View Author Metrics

Citations

Cited By

View all

Brandt CCastelluccio MHoller CKratzer JZaidman ABacchelli ARoychoudhury APaiva AAbreu RStorey MAniche MNagappan N(2024)Mind the Gap: What Working With Developers on Fuzz Tests Taught Us About Coverage GapsProceedings of the 46th International Conference on Software Engineering: Software Engineering in Practice10.1145/3639477.3639721(157-167)Online publication date: 14-Apr-2024
https://dl.acm.org/doi/10.1145/3639477.3639721
Liang HPei XJia XShen WZhang J(2018)Fuzzing: State of the ArtIEEE Transactions on Reliability10.1109/TR.2018.283447667:3(1199-1218)Online publication date: Sep-2018
https://doi.org/10.1109/TR.2018.2834476

View Options

Login options

Check if you have access through your login credentials or your institution to get full access on this article.

Cited By

Index Terms

Recommendations

An orchestrated survey of methodologies for automated software test case generation

Improving function coverage with munch: a hybrid fuzzing and directed symbolic execution approach

Combined Symbolic and Concrete Execution of TTCN-3 for Automated Testing