Now There are some specific rules to input the

Now a days software technology is increasing day by
day and the risks prone to it are also increasing exponentially. So, there is need
to think about the security for the software. According to one survey report
there is loss of several thousands of dollars for one security breach. In order
to overcome these security risks there should be some testing software to test
the vulnerabilities and report them, one of them is fuzz testing.

Fuzz testing is a technique which inputs random data
to a particular software, in order to know the vulnerabilities of that
software. There are some specific rules to input the code so that it works in a
expected manner, that is code should be some what similar so that it passes
consistency checks, it also should be variant so that it causes exceptional
behaviour and leads to crash of the interpreter. LangFuzz is the technique that
follows the above specified rules. LangFuzz has a speciality that it is
flexible and takes the grammar as input, generates programs according to the
given input, it also requires 3 inputs, a language grammar, a sample code and a
test suite. There are also language specific fuzzers like CSmith, which
operates on C-programming language grammar. When we compare these both we
recognise that unlike LangFuzz, CSmith aims on correctness of the bugs,
alternative for security bugs.  

We Will Write a Custom Essay Specifically
For You For Only $13.90/page!


order now

           There
is another fuzzing tool called jsfunfuzz, which is used on javascript, is very
effective tool and discovered many bugs in java script engine web browsers. It
is a black box testing tool, like LangFuzz, so it also identifies correctness
errors. There are many fuzzers which targets specific functionalities in web
browsers and find the bugs. e.g., crossfuzz, ref fuzz,
mangleme, canvas fuzzer and transfuzz.

                        If observed, the working of LangFuzz, it uses
the two methods of approaches called Generative approach and Mutative approach.
Though it is language independent, it should follow some language semantic
rules in order to be implemented effectively. In code generation, language
grammar is used to generate code fragments, these code fragments should be
adjusted to the environment in order that there is no error even if identified
by the identifiers. There are two phases in the code mutation, a learning phase
where set of files are processed with help of parser, then non terminals are
generated, so the aim to identify bugs becomes easier, in main mutation phase a
particular file is processed several times by a parser. After this LangFuzz
starts the implementation process, here to parse the input code ANTLR framework
is used. Next is code generation, in this a step wise elaboration algorithm is
used to produce code fragments and these fragments are to adjusted to present environment.
Later mapping is done with names of identifiers. If identifiers maps one object
to another object, all the properties of first object are transferred to later
one.

            To run a mutation test, LangFuzz should run the test on
its proper test harness. For example Mozilla test suite has a file shell.js
with all properties and to run it, javascript engine  should execute all shell files in particular
order. LangFuzz implements this test suite effectively  for different test frameworks. Here there is
a problem, process of starting the javascript engines is very slow and if we
repeat the same process several times, it consumes large amount of computation
time. For this LangFuzz uses a javascript program called driver, when started
with test harness, it reduces the number of scripting engines and gives a sign
when finished. LangFuzz also have several parameters that implements decisions
during the running process, these parameters have default values and the
evaluation of definite parameter set consumes huge amounts of time nearly 3-4
days per set and this set has to be repeated several hundred times.

To know the
effectiveness of LangFuzz, three types of evaluation process is done. 1.
External validation, 2. Internal validation and 3. Field study. Here we compare
LangFuzz and jsfunfuzz, when the both tools are run on the same environment,
i.e., same windows, same time and the CPU and RAM are distributed equally. Some
defects found are common in both, so we can say they overlap and effectiveness
is calculated as the ratio of defects found by LangFuzz to the defects found by
jsfunfuzz. This is compared by Mozilla’s TraceMonkey, because it is publicly
available and data is provided by Mozilla team, can be used directly. In
testing for example, a bug is introduced in a testing window after few minutes
bug is detected by jsfunfuzz and that bug is fixed at a point of stage, process
is repeated several times. In external validation jsfunfuzz detected 23 defects
of which 15 were present in the testing window. Langfuzz detected 26 defects of
which 8 were present in the same testing window. It is clear that LangFuzz has
detected more number of defects outside the testing window. By the output result
it is clear that Langfuzz is 53% as effective as jsfunfuzz. In internal
validation 2 testing windows are taken to compare the results, it is observed
that for generation configuration in one window identified the defects 6 times
more than the other window, whereas the defects identified by mutation
configuration is almost same for the both windows. But both methods together
detect more defects, so if done together LangFuzz will be very effective.

  

In
field tests, for real time defects, LangFuzz is applied to 3 different
interpreter engines namely Mozilla
TraceMonkey, Google V8 and the PHP engine. LangFuzz has detected 39% security
issues for Mozilla TraceMonkey, 19% for Google V8 and defects for PHP were not
security related. Within time period of 120 days, Langfuzz identified 164 real
world bugs and 31 security related defects in javascript engines, while on PHP
it identified 20 defects in 14 days. Some adaptations for LangFuzz are
necessary so that it also be effective for PHP for this generation of parser
using ANTLR has to be done.

 

            There is no generalization that
LangFuzz identifies the defects in every interpreter, every language and sometimes
it may not meet the particular properties and might not be effective. There is
also case that all the defects identified by it are not real and there might be
some duplicates.

 

To
conclude, Fuzz testing is the process which is very easy to implement, if
provided with particular language and particular semantic rules it is very
effective. In this Langfuzz is method which is adaptable easily. It identifies
the potential software vulnerabilities very quickly. As it works very well for
real time implementations several web browsers use this technique. It uses the
simple and small algorithms like ‘Shortest terminal string’ and once the run test
is triggered then there is no need of manual interaction, it automatically
identifies the bug and reports the defects.