N.N. Samarin1

1 Federal State Unitary Enterprise «Research Institute «Kvant» (Moscow, Russia)

1 samarin_nik@mail.ru

The paper describes the architecture and principles of operation of the software complex that provides detection of errors in software using spot fuzzing, presented in earlier works of the author. The functions and interrelationship of the modules that make up the software complex are described, and the results of experimental studies in terms of operability and efficiency of the complex are presented.

Samarim N.N. Software framework for error detection in software using the spot fuzzing method. Radiotekhnika. 2024. V. 88. № 6. P. 130−136. DOI: https://doi.org/10.18127/j00338486-202406-16 (In Russian)

1. PVS-Studio: Статический анализ кода [Jelektronnyj resurs]. URL: https://pvs-studio.ru/ru/blog/terms/0046/. (Data obrashhenija: 28.05.2024).
2. РТ Солар: Динамический анализ кода [Jelektronnyj resurs]. URL: https://rt-solar.ru/products/solar_appscreener/blog/3974/. (Data obrashhenija: 28.05.2024).
3. Самарин Н.Н. Модель для поиска ошибок в программном обеспечении методом точечного фаззинга. Проблемы информационной безопасности. Компьютерные системы. 2024. № 1. С. 134–141.
4. Самарин Н.Н. Метод поиска ошибок в программном коде на базе фаззинга «в памяти». Проблемы информационной безопасности. Компьютерные системы. 2024. No 2. С. 130–137.VulHawk: Cross-architecture Vulnerability Detection with Entropy-based Binary Code Search [Jelektronnyj resurs]. URL: https://www.ndss-symposium.org/wp-content/uplo-ads/2023/02/ndss2023_f415_paper.pdf. (Data obrashhenija: 30.05.2024).
5. VulHawk: Cross-architecture Vulnerability Detection with Entropy-based Binary Code Search [site]. URL: https://www.ndss-sym-posium.org/wp-content/uploads/2023/02/ndss2023_f415_paper.pdf. (Data obrashhenija: 30.05.2024).
6. Arxiv: Dynamic Neural Control Flow Execution: An Agent-Based Deep Equilibrium Approach for Binary Vulnerability Detection [Электронный ресурс]. URL: https://arxiv.org/pdf/2404.08562. (Data obrashhenija: 01.06.2024).
7. B. Xia, C. Tang, W. Liu, S. Chu, Y. Dong. A Firmware Vulnerability Detection Method Based on Feature Filtering. 2023 IEEE Intl Conf on Parallel & Distributed Processing with Applications, Big Data & Cloud Computing, Sustainable Computing & Communications, Social Computing & Networking (ISPA/BDCloud/SocialCom/SustainCom). Wuhan. China. 2023. Р. 1069-1076. DOI: 10.1109/ISPA-BDCloud-SocialCom-SustainCom59178.2023.00172.
8. Yeming Gu, Hui Shu, Fei Kang. BinAIV. Semantic-enhanced vulnerability detection for Linux x86 binaries, Computers & Security. 2023. V. 135. Р. 103508. https://doi.org/10.1016/j.cose.2023.103508.
9. Python release 3.12.0 [Jelektronnyj resurs]. URL: https://www.python.org/downloads/release/python-3120/. (Data obrashhenija: 03.06.2024).
10. Grumpy Coder: Headless Analyzer README [Электронный ресурс]. URL: https://static.grumpy-coder.net/pixel/support/ana-lyzeHeadlessREADME.html. (Data obrashhenija: 04.06.2024).
11. Github: unicorn-engine/unicorn [Jelektronnyj resurs]. URL: https://github.com/unicorn-engine/unicorn. (Data obrashhenija: 05.06.2024).
12. Github: Z3Prover/z3 [Jelektronnyj resurs]. URL: https://github.com/Z3Prover/z3. (Data obrashhenija: 05.06.2024).
13. Juliet C/C++ 1.3.1 with extra support - NIST Software Assurance Reference Dataset [Jelektronnyj resurs]. URL: https://sama-te.nist.gov/SARD/test-suites/116. (Data obrashhenija: 06.06.2024).