OpenSAW: Open Security Analysis Workbench

Noomene Ben Henda, Björn Johansson, Patrik Lantz, Karl Norrman, Pasi Saaranen, Oskar Segersvärd

Research output: Chapter in Book/Report/Conference proceedingPaper in conference proceedingpeer-review

Abstract

Software is today often composed of many sourced components, which potentially contain security vulnerabilities, and therefore require testing before being integrated. Tools for automated test case generation, for example, based on white-box fuzzing, are beneficial for this testing task. Such tools generally explore limitations of the specific underlying techniques for solving problems related to, for example, constraint solving, symbolic execution, search heuristics and execution trace extraction. In this article we describe the design of OpenSAW, a more flexible general-purpose white-box fuzzing framework intended to encourage research on new techniques identifying security problems. In addition, we have formalized two unaddressed technical aspects and devised new algorithms for these. The first relates to generalizing and combining different program exploration strategies, and the second relates to prioritizing execution traces. We have evaluated OpenSAW using both in-house and external programs and identified several bugs.
Original languageEnglish
Title of host publicationFundamental Approaches to Software Engineering
Subtitle of host publication20th International Conference, FASE 2017, Held as Part of the European Joint Conferences on Theory and Practice of Software, ETAPS 2017, Uppsala, Sweden, April 22-29, 2017, Proceedings
EditorsMarieke Huisman, Julia Rubin
Place of PublicationBerlin Heidelberg
PublisherSpringer
Pages321-337
Number of pages16
Volume10202
Edition1
ISBN (Electronic) 978-3-662-54494-5
ISBN (Print)978-3-662-54493-8
DOIs
Publication statusPublished - 2017 Apr 22
EventFundamental Approaches to Software Engineering: 20th International Conference, FASE 2017 - Uppsala, Sweden
Duration: 2017 Apr 222017 Apr 29
Conference number: 20
https://www.etaps.org/index.php/2017/fase

Conference

ConferenceFundamental Approaches to Software Engineering
Abbreviated titleFASE'17
Country/TerritorySweden
CityUppsala
Period2017/04/222017/04/29
Internet address

Subject classification (UKÄ)

  • Computer Science

Fingerprint

Dive into the research topics of 'OpenSAW: Open Security Analysis Workbench'. Together they form a unique fingerprint.

Cite this