350 rub
Journal Radioengineering №2 for 2024 г.
Article in number:
Development of a method for fuzz testing of programs for file parsing using the PolyTracker tool
Type of article: scientific article
DOI: https://doi.org/10.18127/j00338486-202402-09
UDC: 621.373.826:315.61
Keywords: Information security fuzzing file parsing
Authors:

N.N. Samarin

Abstract:

The article proposes a method of phasing-testing programs for parsing using the PolyTracker tool. During the research, types of parsers are considered and their disadvantages are revealed. The proposed method eliminates the identified drawbacks, increasing code coverage and leveling the problem of state explosion.

Pages: 62-66
For citation

Samarin N.N. Development of a method for fuzz testing of programs for file parsing using the PolyTracker tool. Radiotekhnika. 2024. V. 88. № 2. P. 62−66. DOI: https://doi.org/10.18127/j00338486-202402-09 (In Russian)

References
  1. File Parsing with Python: How to Parse Files? [Jelektronnyj resurs]. URL: https://www.klippa.com/en/blog/information/file-parsing/ (Data obrashhenija: 10.12.2023).
  2. Pogorelov D.A., Tarazanov A.M., Volkova L.L. Ot LR k GLR: obzor sintaksicheskih analizatorov. Novye informacionnye tehnologii v avtomatizirovannyh sistemah. 2017. № 20. S. 245-250 (in Russian).
  3. Burke M.G., Fisher G.A. A practical method for LR and LL syntactic error diagnosis and recovery. ACM Transactions on Programming Languages and Systems (TOPLAS). 1987. V. 9. № 2. Р. 164-197.
  4. Murching A.M., Prasad Y.V., Srikant Y.N. Incremental recursive descent parsing. Computer Languages. 1990. V. 15. № 4. Р. 193-204.
  5. Tomita M. Efficient parsing for natural language: a fast algorithm for practical systems. Springer Science & Business Media. 2013. V. 8.
  6. De Jonge M. Language-parametric techniques for language-specific editors. Doctoral thesis. Delft University of Technology. Amsterdam. 2014.
  7. PolyTracker [Jelektronnyj resurs]. URL: https://github.com/trailofbits/polytracker/ (Data obrashhenija: 04.12.2023).
  8. Brodin H., Surovič M., Sultanik E. Blind spots: Identifying exploitable program inputs. 2023 IEEE Security and Privacy Workshops (SPW). IEEE. 2023. Р. 175-186.
  9. Brodin H., Sultanik E., Surovič M. Blind Spots: Automatically detecting ignored program inputs //arXiv preprint arXiv:2301.08700. 2023.
  10. How to avoid the aCropalypse [Jelektronnyj resurs]. URL: https://blog.trailofbits.com/2023/03/30/acropalypse-polytracker-blind-spots/ (Data obrashhenija: 10.12.2023).
  11. Dukhan Ye.I., Voyevodin S.V., Sazonov V.Yu., Zvezhinskiy S.S. Obobshchennaya metodika izmereniya kharakteristik kharakteristik obnaruzheniya na osnove metoda mashinnogo eksperimenta. Radiotekhnika. T.86. № 1. 2022. S. 41-48. DOI: https://doi.org/10.18127/j00338486-202201-07 (in Russian).
Date of receipt: 26.12.2023
Approved after review: 10.01.2024
Accepted for publication: 29.01.2024