1. Field of the Invention
The present invention relates to a fuzzing system and method of a distributed computing environment (DCE) remote procedure call (RPC) object, and more particularly, to a fuzzing system and method of a DCE RPC object for automating a process of obtaining necessary information by analyzing an idl file when a fuzzing process is performed on a DCE RPC object.
2. Description of the Related Art
Fuzzing is one of security testing methods. That is, fuzzing is a testing scheme for testing whether a testing object operates properly or not by inputting random values to functions of software or files.
According to the related art, user used distributed computing environment (DCE) remote procedure call (RPC) fuzzing tools to analyze the remote access mechanism of RPC based software. After analyzing, the analyzed access mechanism was embodied and tested. Then, necessary information was collected and revised by analyzing a test packet. After collecting and revising, the necessary information was analyzed, revised, and embodied again. As described above, many processes were performed for the DCE RPC access mechanism because the DCE RPC access mechanism was dependable to an operating system.
However, the DCE RPC fuzzing tools may not access a computer, a target for fuzzing, if the embodied access mechanism was incorrect. In this case, the access mechanism was analyzed through analyzing a packet level, and the access mechanism was revised for  fuzzing. In addition, a set of predetermined processes was performed for fuzzing a DCE RPC related service function. In this case, a user was required to directly find and input information about a universally unique identifier (UUID) and an interface version for fuzzing. In order to find and input such information, a user was required to understand a DCE RPC mechanism and to learn a method and tool for finding necessary information.
As described above, it was very inconvenient for performing a remote DCE RPC fuzzing process according to the related art because the user was required to understand a target object for testing and to modify a fuzzing tool for performing a remote DCE RPC fuzzing process according to the related art. Such a remote DCE RPC fuzzing process has disadvantages, which required an expert to perform and consumed comparatively long time. That is, the efficiency of a fuzzing method according to the related art is deteriorated in a view of a time and a cost. Also, it was required to modify a related fuzzing tool, thereby further lowering the efficiency thereof in a view of a time and a cost.