Mining Attributed Input Grammars and their Applications in Fuzzing

Undetected errors in software systems are a common cause of vulnerabilities and security holes. Grammar Fuzzing is an effective method for testing these systems, but it has limitations such as lack of knowledge about the semantics of the program and difficulty obtaining grammar for these systems. To...

Full description

Saved in:
Bibliographic Details
Published in2023 IEEE Conference on Software Testing, Verification and Validation (ICST) pp. 493 - 495
Main Author Pointner, Andreas
Format Conference Proceeding
LanguageEnglish
Published IEEE 01.04.2023
Subjects
Data mining
Fuzzing
Grammar
Grammar Fuzzing
Input Grammar Mining
Security
Semantic Grammar Enrichment
Semantics
Software systems
Online AccessGet full text

Cover

More Information
Summary:Undetected errors in software systems are a common cause of vulnerabilities and security holes. Grammar Fuzzing is an effective method for testing these systems, but it has limitations such as lack of knowledge about the semantics of the program and difficulty obtaining grammar for these systems. To address these limitations, we propose an approach to automatically mine grammars, and enhance it with semantic rules and contextual constraints to create attribute grammars. These attribute grammars can then be used for fuzzing. Our preliminary results show that this automated extraction process is feasible, as we successfully applied it to an expression parser and were able to extract an attribute grammar representing the parser's functionality.
DOI:10.1109/ICST57152.2023.00059