[fuzzing] A proposition : Fuzzers derived from taxonomy

[Yadab Das]

I do not have a pretty good experience in fuzzing but recently i have
started doing research on fuzzing a network protocol and got some idea..
What i have understand is like following:
1) Capability of a fuzzer depends on the Adversarial Model or the attack
model, which is derived from the security model of the system. And from my
perspective, we can improve a lot on this. Most of the fuzzers are generic
by design an taking account of the most common nodes of the attack
classification tree (if we classify all attacks in a tree : classification
tree).
2) There is no specific taxonomy for the attacks for fuzzing. All available
classification taxonomies are generic by there nature and mapping them for
fuzzing domain is realy a hard job. There is a need for a standard taxonomy.

I have prepared a report based on the taxonomy and fuzzers.. If it is ok to
send the report to the community, i can send the report and you can provide
some valuable feedback or can provide some suggestions....

Looking forward for your reponse

Best regards
Yadab Das
-------------- next part --------------
An HTML attachment was scrubbed...
URL: http://www.whitestar.linuxbox.org/pipermail/fuzzing/attachments/20070329/74d115cd/attachment.htm