6.1. 参考文献¶
IEEE 2016Black BoxLin Y D, Liao F Z, Huang S K, et al. Browser fuzzing by scheduled mutation and generation of document object models[C]// International Carnahan Conference on Security Technology. IEEE, 2016:1-6.IEEE 2012White BoxHuang S K, Huang M H, Huang P Y, et al. CRAX: Software Crash Analysis for Automatic Exploit Generation by Modeling Attacks as Symbolic Continuations[C]// IEEE Sixth International Conference on Software Security and Reliability. IEEE, 2012:78-87.Usenix 2014Seed GenerationRebert A, Sang K C, Grieco G, et al. Optimizing seed selection for fuzzing[C]// Usenix Conference on Security Symposium. USENIX Association, 2014:861-875.ACM 2013Black BoxWoo M, Sang K C, Gottlieb S, et al. Scheduling black-box mutational fuzzing[C]// ACM Sigsac Conference on Computer & Communications Security. ACM, 2013:511-522.钱文祥. 白帽子讲浏览器安全[M]. 电子工业出版社, 2016.
ACM 2013Paige M. The tangled web: a guide to securing modern web applications by Michal Zalewski[M]. ACM, 2013.IEEE 2013Black BoxGuo T, Zhang P, Wang X, et al. GramFuzz: Fuzzing testing of web browsers based on grammar analysis and structural mutation[C]// Second International Conference on Informatics and Applications. IEEE, 2013:212-215.ACM 2013White BoxAvgerinos T, Sang K C, Rebert A, et al. Automatic exploit generation[J]. Communications of the Acm, 2014, 57(2):74-84.IEEE 2010Symbolic ExecutionSchwartz E J, Avgerinos T, Brumley D. All You Ever Wanted to Know about Dynamic Taint Analysis and Forward Symbolic Execution (but Might Have Been Afraid to Ask)[C]// Security and Privacy. IEEE, 2010:317-331.ACM 2013Symbolic ExecutionCadar C, Sen K. Symbolic execution for software testing: three decades later[J]. Communications of the Acm, 2013, 56(2):82-90.Fuzz PNGMiller C, Peterson Z N J. Analysis of mutation and generation-based fuzzing[J]. Independent Security Evaluators, Tech. Rep, 2007.IEEE 2005Oehlert P. Violating Assumptions with Fuzzing[J]. IEEE Security & Privacy, 2005, 3(2):58-62.Usenix 2012Holler C, Herzig K, Zeller A. Fuzzing with Code Fragments[J]. Proc Usenix Security, 2012:445–458.IEEE CCIS2012Fuzz BMPHou Y, Tao G, Shi Z, et al. Research on Android browser fuzzing based on bitmap structure[M]. 2013.ACM 2017Guo R. MongoDB’s JavaScript Fuzzer[M]. ACM, 2017.Usenix 2018Yun I, Lee S, Xu M, et al. QSYM: A Practical Concolic Execution Engine Tailored for Hybrid Fuzzing[C]//27th USENIX Security Symposium (USENIX Security 18). USENIX Association, 2018.