afl
play

AFL++ Combining Incremental Steps of Fuzzing Research Andrea - PowerPoint PPT Presentation

Jul 24, 2023 •717 likes •994 views

AFL++ Combining Incremental Steps of Fuzzing Research Andrea Fioraldi, Dominik Maier, Heiko Eifeldt, Marc Heuse @andreafioraldi, @domenuk {andrea, dominik}@aflplus.plus American Fuzzy Lop American Fuzzy Lop A legendary tool that proved

  1. AFL++ Combining Incremental Steps of Fuzzing Research Andrea Fioraldi, Dominik Maier, Heiko Eißfeldt, Marc Heuse @andreafioraldi, @domenuk {andrea, dominik}@aflplus.plus

  2. American Fuzzy Lop

  3. American Fuzzy Lop ● A legendary tool that proved its effectiveness ● A baseline for a wide range of academic and industrial research ● No new features after 2017

  4. American Fuzzy Lop ● A legendary tool that proved its effectiveness ● A baseline for a wide range of academic and industrial research ● No new features after 2017 Fork it!

  5. ● AFLFast A lot of ● AFLSmart ● AFL LAF-Intel Research ● AFL MOpt Based on AFL ● kAFL ● … ● Whatever-AFL

  6. Works On Fuzzer Scheduling ● Seed scheduling [AFLFast] ⇒ How much time should we fuzz a test case? ● Mutation scheduling [MOpt] ⇒ Probability for each mutational operator

  7. Works On Bypassing Roadblocks ● Feedback for comparisons [LAF-Intel] ⇒ Split multi-byte comparisons ● Input-to-state replacement [Redqueen (kAFL)] ⇒ Guess the input bytes that affect a comparison and replace it with the extracted token

  8. Structured Mutators ● Take input structure into account [AFLSmart] ○ Avoid to generate almost always invalid inputs ○ Stress more deep paths

  9. Speed Enhancements ● Reduce the number of instrumented program points while maintaining the same coverage [Instrim] ● Get rid of fork() and fuzz with snapshots [Opt-AFL] ● Inline instrumentation and re-enable TB linking in QEMU mode [abiondo-AFL]

  10. What if I Want to Use X AND Y? ● Orthogonal techniques not easy to combine ● Research fuzzers often unmaintained ● Some techniques are not implemented on top of the original AFL

  11. I created Z AND I want X ● If you peak one of the derived fuzzers as baseline you may be incompatible with other orthogonal techniques ● Hard to evaluate techniques without the relation with others (e.g. a new type of coverage without having a roadblock bypassing technique)

  12. Here comes

  13. The AFL++ Project ● Integrates and reimplements fuzzing techniques in a single framework, AFL++ ● Ongoing research and new insights about fuzzing using such framework ● We improve the state of the art combining techniques and tuning the implementations

  14. Usability ● All techniques are integrated in afl-fuzz ● Best-effort defaults ● Users familiar with AFL benefit from cutting-edge research without pain

  15. Extensibility ● To enable further research to do cross-comparisons with a reduced effort, we defined a set of API to extend AFL++, the Custom Mutator API

  16. Custom Mutator API afl_custom_fuzz afl_custom_post_process afl_custom_trim afl_custom_havoc_mutation afl_custom_havoc_mutation_probability afl_custom_queue_get afl_custom_queue_new_entry

  17. INSTRUMENT ALL THE THINGS ● We extended techniques to work with other instrumentation backends. ● For Example: QEMU & Unicorn modes can split comparisons in a similar way to LLVM LAF-Intel ● Currently supported instrumentations are LLVM, QEMU, Unicorn, QBDI, GCC plugin, afl-gcc

  18. Runs on Everything ● AFL++ builds and runs on GNU/Linux, Android, iOS, macOS, FreeBSD, OpenBSD, NetBSD, IllumOS, Haiku, Solaris ● It is packaged in popular distributions like Debian, Ubuntu, NixOS, Arch Linux, FreeBSD, Kali Linux, ...

  19. Cross Evaluations Examples: ● [Default] Using AFL++ as baseline ● Ngram4 gives you immediate access to cross evaluation of ● MOpt your technique combined ● Redqueen with pre-existing works

  20. Cross-Evaluations (libpcap) ● Redqueen ● Redqueen+MOpt ● MOpt ● Ngram4 ● Ngram4+Rare ● [Default]

  21. Cross-Evaluations (bloaty) ● Redqueen ● Redqueen+MOpt ● MOpt ● Ngram4 ● Ngram4+Rare ● [Default]

  22. Optimal Configuration ● Observe several runs of AFL++ in different configuration on the same target for a while ● Try to catch blind spots and select the best combination of features ● Profit

  23. Future work ● Static analysis for optimal fuzz settings ● Multicore linear scaling ● Plugin system (executors, queues, feedbacks, … ) ● Collision-free instrumentation

  24. Conclusion ● AFL++ enhances comparability of research ● We further improve the state-of-the-art with speed, usability, new features ● AFL++’s custom mutator API can be used to implement novel research in a maintainable way

  25. AFL++ is FOSS! https://aflplus.plus/ https://github.com/AFLplusplus

  26. Thank you for your attention.

Download Presentation
Download Policy: The content available on the website is offered to you 'AS IS' for your personal information and use only. It cannot be commercialized, licensed, or distributed on other websites without prior consent from the author. To download a presentation, simply click this link. If you encounter any difficulties during the download process, it's possible that the publisher has removed the file from their server.

Recommend

Abstract classes, Interfaces & Comparators See also Java Precisely, section Classes

Abstract classes, Interfaces & Comparators See also Java Precisely, section Classes

Abstract classes, Interfaces & Comparators See also Java Precisely, section Classes and Interfaces Read more about Java interfaces here: http://docs.oracle.com/javase/tutorial/java/ concepts/interface.html This lecture

391 views • 20 slides
interfaces (Comparable, Iterable & Iterator) Nov. 22/23, 2017 1 Java Comparable interface

interfaces (Comparable, Iterable & Iterator) Nov. 22/23, 2017 1 Java Comparable interface

COMP 250 Lecture 32 interfaces (Comparable, Iterable & Iterator) Nov. 22/23, 2017 1 Java Comparable interface Suppose you want to define an ordering on objects of some class. Sorted lists, binary search trees, priority queues all

377 views • 33 slides
What drives female labor force participation? Comparable micro-level evidence from eight

What drives female labor force participation? Comparable micro-level evidence from eight

What drives female labor force participation? Comparable micro-level evidence from eight developing and emerging economies Stephan Klasen 1 , 3 , Tu Thi Ngoc Le 1 , Janneke Pieters 2 , 3 , Manuel Santos Silva 1 1 University of G ottingen 2

605 views • 39 slides
Comparability- how to Q&C skills Workshop 1 2 Some examples of normalisation

Comparability- how to Q&C skills Workshop 1 2 Some examples of normalisation

1 Comparability- how to Q&C skills Workshop 1 2 Some examples of normalisation Proportions comparing relative content or rescaling between a minimum and maximum (unity-based) Standardisation (z scores) to

426 views • 7 slides
Interfaces 2D shapes such as Circle , Rectangle , and Triangle . There are certain attributes

Interfaces 2D shapes such as Circle , Rectangle , and Triangle . There are certain attributes

Relatedness of types Consider the task of writing classes to represent Interfaces 2D shapes such as Circle , Rectangle , and Triangle . There are certain attributes or operations that are common to all shapes: perimeter,area By being

526 views • 7 slides
Planarity for Partially Ordered Sets William T. Trotter trotter@math.gatech.edu Challenge

Planarity for Partially Ordered Sets William T. Trotter trotter@math.gatech.edu Challenge

May 14, 2011 24 th Cumberland Conference Planarity for Partially Ordered Sets William T. Trotter trotter@math.gatech.edu Challenge Problem For a Glass of Wine Problem Find the dimension of this poset.

962 views • 68 slides
JTED Cost Reporting May 16, 2017 Cris Cable Amanda Winn JTED Cost Reporting Requirement A.R.S.

JTED Cost Reporting May 16, 2017 Cris Cable Amanda Winn JTED Cost Reporting Requirement A.R.S.

5/16/2017 JTED Cost Reporting May 16, 2017 Cris Cable Amanda Winn JTED Cost Reporting Requirement A.R.S. 15-393.01(D) The Office of the Auditor General, in consultation with the Department of Education, shall develop and establish uniform

277 views • 13 slides
8/17/2017 Blair Johanson Johanson Group $ History of Pay Equity and Comparable Worth $ Federal

8/17/2017 Blair Johanson Johanson Group $ History of Pay Equity and Comparable Worth $ Federal

8/17/2017 Blair Johanson Johanson Group $ History of Pay Equity and Comparable Worth $ Federal and State Legislative Activity $ Internal Value Proposition $ External Value Proposition $ Synergistic Value for Both Same Job Same Employer Means

272 views • 9 slides
Unavoided crossing of energy levels in PT -symmetric Natanzon-class potentials G eza L evai

Unavoided crossing of energy levels in PT -symmetric Natanzon-class potentials G eza L evai

. Unavoided crossing of energy levels in PT -symmetric Natanzon-class potentials G eza L evai Institute for Nuclear Research, Hungarian Academy of Sciences (MTA Atomki), Debrecen, Hungary AAMP19, Prague, 6-9 June 2016 Important novelties

344 views • 32 slides
Geography, History and Institutions October 2007 () Institutions October 2007 1 / 22

Geography, History and Institutions October 2007 () Institutions October 2007 1 / 22

Geography, History and Institutions October 2007 () Institutions October 2007 1 / 22 Background The evidence is roughly consistent with Solow model in that once countries achieve , ! high rates of technology adoption , ! high rates of

754 views • 48 slides
Investigating the factors affecting employee motivation towards the organizational performance of

Investigating the factors affecting employee motivation towards the organizational performance of

Investigating the factors affecting employee motivation towards the organizational performance of IDs Finance Company PLC, Sri - Lanka Submitted in the partial fulfillment for the award of Graduate Diploma in Management Indika Dissanayake

800 views • 78 slides
Pipelining and Vector Processing Chapter 8 S. Dandamudi Outline Basic concepts Vector

Pipelining and Vector Processing Chapter 8 S. Dandamudi Outline Basic concepts Vector

Pipelining and Vector Processing Chapter 8 S. Dandamudi Outline Basic concepts Vector processors Handling resource Architecture conflicts Advantages Data hazards Cray X-MP Handling branches Vector length

904 views • 88 slides
the GRLIB IP Library Johan Klockars Cobham Gaisler info@gaisler.com Agenda 01 03 04

the GRLIB IP Library Johan Klockars Cobham Gaisler info@gaisler.com Agenda 01 03 04

Development of an RV64GC IP core for the GRLIB IP Library Johan Klockars Cobham Gaisler info@gaisler.com Agenda 01 03 04 Background What is NOEL-V? For who is NOEL-V? Development 05 06 07 08 05 Verification Pipeline 2

708 views • 49 slides
The Effects of Influencer Advertising Disclosure Regulations: Evidence from Instagram Daniel

The Effects of Influencer Advertising Disclosure Regulations: Evidence from Instagram Daniel

The Effects of Influencer Advertising Disclosure Regulations: Evidence from Instagram Daniel Ershov 1 Matthew Mitchell 2 1 Toulouse School of Economics 2 University of Toronto 2020 This Project Research Question: What are the effects of

494 views • 4 slides
Fast Mobile IP Handoffs in Cellular Systems Presented by: Karim El Malki (karim@dcs.shef.ac.uk) (

Fast Mobile IP Handoffs in Cellular Systems Presented by: Karim El Malki (karim@dcs.shef.ac.uk) (

Fast Mobile IP Handoffs in Cellular Systems Presented by: Karim El Malki (karim@dcs.shef.ac.uk) ( draft-elmalki-mobileip-fast-handoffs-00.txt by K. El Malki, N. Fikouras and S. Cvetkovic) X MIP Handoff performance can cause excessive packet loss

168 views • 6 slides
Timely Time Extensions: The Owners Duty John Orr, PSP URS Corporation Construction CPM

Timely Time Extensions: The Owners Duty John Orr, PSP URS Corporation Construction CPM

Timely Time Extensions: The Owners Duty John Orr, PSP URS Corporation Construction CPM Conference New Orleans, LA January 27 th to 30 th , 2013 Author Biography: John P. Orr, PSP Degrees / Certifications: BS Chemical Engineering

470 views • 30 slides
Supporting the mental health of people November 12, 2008 returning to work after a long term

Supporting the mental health of people November 12, 2008 returning to work after a long term

Webinar DATE: Supporting the mental health of people November 12, 2008 returning to work after a long term injury Monday, 10 th October 2016 Supported by The Royal Australian College of General Practitioners, the Australian Psychological

544 views • 31 slides
Documenting and Prosecuting COVID-19 Delays Friday, May 8, 2020 Presenters: Rob Remington,

Documenting and Prosecuting COVID-19 Delays Friday, May 8, 2020 Presenters: Rob Remington,

Presented to the Ohio Contractors Association Documenting and Prosecuting COVID-19 Delays Friday, May 8, 2020 Presenters: Rob Remington, Aaron Evenchik, Jeff Roush and Chad Van Arnam Hahn Loeser & Parks LLP Stay Updated on Industry

759 views • 51 slides
What is Direct Assessment Competency Based Education? A dynamic innovation in the field of

What is Direct Assessment Competency Based Education? A dynamic innovation in the field of

What is Direct Assessment Competency Based Education? A dynamic innovation in the field of higher education in the U.S. Driving access, flexibility and affordability in higher education Reflects the strengths and innovations of the

210 views • 7 slides
W l Welcome! ! The webinar will begin at The webinar will begin at 2:00 Eastern/11:00 Pacific

W l Welcome! ! The webinar will begin at The webinar will begin at 2:00 Eastern/11:00 Pacific

W l Welcome! ! The webinar will begin at The webinar will begin at 2:00 Eastern/11:00 Pacific Audio broadcastvolume Todays audio is streaming over your computers speakers or headphones. You can adjust the volume on the

690 views • 67 slides
HIRE Behavioral Competency Based Interviewing Handout I. Interviewing and Hiring Skills versus

HIRE Behavioral Competency Based Interviewing Handout I. Interviewing and Hiring Skills versus

HIRE Behavioral Competency Based Interviewing Handout I. Interviewing and Hiring Skills versus Competencies Types Definition Example What is a Proficiency, facility, or dexterity that is acquired or developed through training or

535 views • 5 slides
RUSDs Transition to Competency-Based Learning -This is not necessarily new thinking or new

RUSDs Transition to Competency-Based Learning -This is not necessarily new thinking or new

RUSDs Transition to Competency-Based Learning -This is not necessarily new thinking or new work, but rather in many cases a refinement and alignment of already existing practices. -How can we build on the collective wisdom and positive

512 views • 32 slides
28 OCTOBER 2014, ILKAP 1 ISKANDAR ISMAIL Director of Investigation & Enforcement Malaysia

28 OCTOBER 2014, ILKAP 1 ISKANDAR ISMAIL Director of Investigation & Enforcement Malaysia

INVESTIGATION AND ENFORCEMENT PROCEDURES UNDER THE COMPETITION ACT 2010 28 OCTOBER 2014, ILKAP 1 ISKANDAR ISMAIL Director of Investigation & Enforcement Malaysia Competition Commission 2 BRIEFING OVERVIEW Investigation and Enforcement

741 views • 52 slides
ACE 2014: Parallel Session 1 The UK Competition Commissions Audit Services Market

ACE 2014: Parallel Session 1 The UK Competition Commissions Audit Services Market

ACE 2014: Parallel Session 1 The UK Competition Commissions Audit Services Market Investigation Amelia Fletcher Centre for Competition Policy Key competition facts broadly agreed v There is significant concentration and high

239 views • 13 slides

More recommend