Information security – Monitoring or scanning of software or data including attack... – Vulnerability assessment
Reexamination Certificate
2011-04-12
2011-04-12
Jung, David Y (Department: 2431)
Information security
Monitoring or scanning of software or data including attack...
Vulnerability assessment
C726S022000, C726S023000
Reexamination Certificate
active
07926114
ABSTRACT:
Systems and methods to test software applications with schema-based fuzzing are described. In one aspect, the systems and methods automatically generate valid input data for a software application according to a fuzzing data schema. The fuzzing data schema describes characteristics of data format that would be proper or well formed for input into the software application. The systems and methods mutate to the valid input data with one or more fuzzing algorithms to generate corrupted versions, or malformed data. The malformed data is for fuzz testing the software application to identify any security vulnerabilities.
REFERENCES:
patent: 6282526 (2001-08-01), Ganesh
patent: 6530039 (2003-03-01), Yang
patent: 6701460 (2004-03-01), Suwandi et al.
patent: 6889158 (2005-05-01), Penov et al.
patent: 6973560 (2005-12-01), Rice et al.
patent: 7035770 (2006-04-01), Lin et al.
patent: 2004/0128530 (2004-07-01), Isenberg
patent: 2005/0044451 (2005-02-01), Fry et al.
patent: 2005/0273860 (2005-12-01), Chess et al.
Tag-Aware Text File Fuzz Testing for Security of a Software System; YoungHan Choi; HyoungChun Kim; DoHoon Lee; Convergence Information Technology, 2007. International Conference on; Publication Year: 2007 , pp. 2254-2259.
A Model-Based Fuzz Framework to the Security Testing of TCG Software Stack Implementations; Yang Yang; Huanguo Zhang; Mi Pan; Jian Yang; Fan He; Zhide Li; Multimedia Information Networking and Security, 2009. MINES '09. International Conference on; vol. 1; Publication Year: 2009, pp. 14.
An Empirical Study for Security of Windows DLL Files Using Automated API Fuzz Testing; YoungHan Choi; HyoungChun Kim; DoHoon Lee; Advanced Communication Technology, 2008. ICACT 2008. 10th International Conference on vol. 2; Publication Year: 2008, pp. 1473-1475.
Bastani, et al., “Experimental Evaluation of a Fuzzy-Set Based Measure of Software Correctness”, retrieved at <<http://delivery.acm.org/10.1145/260000/257591/p45-bastani.pdf? key1=257591&key2=4148965511&coll=portal&d1=ACM&CFID=15151515&CFTOKEN=6184618>>, IEEE, 1993, pp. 45-54.
Hao, et al., “A Similarity-Aware Approach to Testing Based Fault Localization”, retrieved at <<http://delivery.acm.org/10.1145/1110000/1101953/p291-hao.pdf? key1=1101953&key2=1462075511&coll=GUIDE&d1=GUIDE&CFID=1411144&CFTOKEN=64269402>>, ASE'05, Nov. 7-11, 2005, ACM, 2005, pp. 291-294.
Last, et al., “The Data Mining Approach to Automated Software Testing”, retrieved at <<http://delivery.acm.org/10.1145/960000/956795/p388-last pdf? keyl =956795&key2=0361555511&coll=GUIDE&d1=GUIDE&CFID=3458448&CFTOKEN=89032805>>, SIGKDD'03, Aug. 24-27, 2003, ACM, 2003, pp. 388-396.
Oehlert, “Violating Assumptions with Fuzzing”, retrieved at <<http://ieeexplore.ieee.org/ieI5/8013/30742/01423963.pdf?isNumber=>>, IEEE Computer Society, Mar./Apr. 2005, pp. 58-62.
Natanov Nissim
Neystadt John
Jung David Y
Lee & Hayes PLLC
Microsoft Corporation
LandOfFree
Testing software applications with schema-based fuzzing does not yet have a rating. At this time, there are no reviews or comments for this patent.
If you have personal experience with Testing software applications with schema-based fuzzing, we encourage you to share that experience with our LandOfFree.com community. Your opinion is very important and Testing software applications with schema-based fuzzing will most certainly appreciate the feedback.
Profile ID: LFUS-PAI-O-2698851