fuzzin g
play

Fuzzin g Challenges and Reflections Marcel Bhme ARC DECRA Fellow - PowerPoint PPT Presentation

Oct 07, 2022 •450 likes •1.05k views

Fuzzin g Challenges and Reflections Marcel Bhme ARC DECRA Fellow Senior Lecturer (A/Prof) Monash University @mboehme_ Organizers Keynote Speakers 2019 Shonan Meeting on Fuzzing and Symbolic Execution: Reflections,

  1. Fuzzin g Challenges and Reflections Marcel Böhme 
 ARC DECRA Fellow 
 Senior Lecturer (A/Prof) 
 Monash University @mboehme_

  2. Organizers Keynote Speakers 2019 Shonan Meeting on 
 Fuzzing and Symbolic Execution: 
 Reflections, Challenges, and Opportunities Abhik 
 Cristian 
 Marcel 
 Patrice 
 Kostya 
 Roychoudhury Cadar Böhme Godegroid Serebryany 
 @Microsoft @Google

  3. Fuzzing: Challenges Caroline Lemieux @cestlemieux

  4. Live Tweets bringing discussions to the larger community

  5. Survey validating our findings with the larger community

  6. Reflections we are all stakeholders of secure open-source. The Internet and the world’ s Digital Economy runs on a shared, critical OSS infrastructure that no one is accountable for.

  7. Reflections we are all stakeholders of secure open-source. The Internet and the world’ s Digital Economy runs on a shared, critical OSS infrastructure that no one is accountable for. $ git clone https://github.com/google/oss-fuzz $ ls -1 oss-fuzz/projects | wc -l 356 • Encryption/Decryption (openssl, gnutls, cryptlib, mbed, wolfssl) • Compression (bzip2, brotli, gzip, lzma, xz, lz4, libarchive) • Streaming ( ff mpeg, gstreamer, libvlc) • Parser libraries (xml, json, jpg, png, gif, avi, mpg, pcre) • Databases (mysql, redis, postgre, derby, sqlite) • Compilers/Interpreter (gcc, llvm [clang,..], php, javascript) • Protocol implementations (http/http2, ftp, smtp, ssh, tls/ssl, rtsp) • Server implementations (httpd, nginx, node.js, tomcat, lighthttpd) • Operating systems (ubuntu, debian, android, glibc)

  8. Reflections fuzzing is having substantial impact! https://www.darpa.mil/program/cyber-grand-challenge

  9. Reflections what enabled this recent surge of interest? • There is a tremendous need for automatic vulnerability discovery.

  10. Reflections what enabled this recent surge of interest? • There is a tremendous need for automatic vulnerability discovery. From https://www.varonis.com/blog/cybersecurity-statistics/

  11. Reflections what enabled this recent surge of interest? • There is a tremendous need for automatic vulnerability discovery. VentureBeat.com SecurityWeek.com

  12. Reflections what enabled this recent surge of interest? • There is a tremendous need for automatic vulnerability discovery.

  13. Reflections what enabled this recent surge of interest? • There is a tremendous need for automatic vulnerability discovery. • We now have the incentives and the required mindset.

  14. Reflections what enabled this recent surge of interest? • There is a tremendous need for automatic vulnerability discovery. • We now have the incentives and the required mindset. https://www.hackerone.com/press-release

  15. Reflections what enabled this recent surge of interest? • There is a tremendous need for automatic vulnerability discovery. • We now have the incentives and the required mindset. • We now have the tools for automatic vulnerability discovery.

  16. Reflections what enabled this recent surge of interest? • There is a tremendous need for automatic vulnerability discovery. • We now have the incentives and the required mindset. • We now have the tools for automatic vulnerability discovery. • open-source and freely available. • easy to use (modulo Matt’s concerns 😆 ) • very successful in finding bugs!

  17. Reflections what enabled this recent surge of interest? • There is a tremendous need for automatic vulnerability discovery. • We now have the incentives and the required mindset. • We now have the tools for automatic vulnerability discovery. • Meaningful engagement between industry and academia 
 (via open-science) leading to rapid advances in fuzzing!

  18. Reflections what enabled this recent surge of interest? • There is a tremendous need for automatic vulnerability discovery. • We now have the incentives and the required mindset. • We now have the tools for automatic vulnerability discovery. • Meaningful engagement between industry and academia 
 (via open-science) leading to rapid advances in fuzzing! Community 
 building Entropic @ 
 Industry 
 ClusterFuzz adoption

  19. Reflections what enabled this recent surge of interest? • There is a tremendous need for automatic vulnerability discovery. • We now have the incentives and the required mindset. • We now have the tools for automatic vulnerability discovery. • Meaningful engagement between industry and academia 
 (via open-science) leading to rapid advances in fuzzing! Industry 
 https://github.com/AFLplusplus adoption

  20. Reflections what enabled this recent surge of interest? • There is a tremendous need for automatic vulnerability discovery. • We now have the incentives and the required mindset. • We now have the tools for automatic vulnerability discovery. • Meaningful engagement between industry and academia 
 (via open-science) leading to rapid advances in fuzzing! FuzzBench (compute resources and 
 @infernosec infrastructure for fuzzer benchmarking) Paper Reviews et al. (twitch.tv/gamozo)

  21. Challenges Disclaimer: We put forward only questions. We have no answers (only ideas).

  22. Challenges • Automating vulnerability discovery. Considered most important challenge.

  23. Challenges • Automating vulnerability discovery. • [C.1] How can we fuzz more types of software systems?

  24. Challenges • Automating vulnerability discovery. • [C.1] How can we fuzz more types of software systems? We know how to fuzz command line tools (e.g., AFL). We know how to fuzz individual units / functions (e.g., libfuzzer). What about cyber physical systems, machine learning systems, stateful software, polyglot software, GUI-based software, .. ?

  25. Challenges • Automating vulnerability discovery. • [C.1] How can we fuzz more types of software systems? • [C.2] How can the fuzzer identify more types of vulnerabilities?

  26. Challenges • Automating vulnerability discovery. • [C.1] How can we fuzz more types of software systems? • [C.2] How can the fuzzer identify more types of vulnerabilities? • How to detect various side-channels 
 (incl. information leaks)? • How to detect domain-specific vulns. 
 (incl. sandbox escapes, kernel exploits)? • How to detect language-specific vulns ? • How to detect other causes of 
 arbitrary / remote code execution? We need to go beyond memory corruption bugs (ASAN, TSAN).

  27. Challenges • Automating vulnerability discovery. • [C.1] How can we fuzz more types of software systems? • [C.2] How can the fuzzer identify more types of vulnerabilities? • [C.3] How can we find “deep bugs” that have evaded detection?

  28. Challenges • Automating vulnerability discovery. • [C.1] How can we fuzz more types of software systems? • [C.2] How can the fuzzer identify more types of vulnerabilities? • [C.3] How can we find “deep bugs” that have evaded detection? • How to mine dictionaries, grammars, and protocols? • How to identify input dependencies (e.g. checksums)? • How identify and rectify fuzzer roadblocks?

  29. Challenges • Automating vulnerability discovery. • [C.1] How can we fuzz more types of software systems? • [C.2] How can the fuzzer identify more types of vulnerabilities? • [C.3] How can we find “deep bugs” that have evaded detection? • [C.4] What is the empirical nature of undiscovered vulnerabilities? • Which types of vulnerabilities are difficult to discover by fuzzing and why? • What are fuzzer roadblocks? @gamozolabs https://github.com/gamozolabs/cookie_dough

  30. Challenges • Automating vulnerability discovery. • The human component in fuzzing. • [C.5] HITL : How can fuzzers leverage the ingenuity of the auditor? We need the auditor-in-the-loop.

  31. Challenges • Automating vulnerability discovery. • The human component in fuzzing. • [C.5] HITL : How can fuzzers leverage the ingenuity of the auditor? 1. Write a good fuzzer harness 2. Identify fuzzer roadblocks (via code coverage). 3. Patch out roadblocks. 4. Goto 2 - until vulnerability is found. @NedWilliamson 5. Patch back roadblocks, “repair” reproducer. Project Zero

  32. Challenges • Automating vulnerability discovery. • The human component in fuzzing. • [C.5] HITL : How can fuzzers leverage the ingenuity of the auditor? • [C.6] Usability : How can we improve the usability of fuzzing tools?

  33. Challenges • Automating vulnerability discovery. • The human component in fuzzing. • [C.5] HITL : How can fuzzers leverage the ingenuity of the auditor? • [C.6] Usability : How can we improve the usability of fuzzing tools? Fuzzing in Continuous Integration / Deployment We need Fuzzing in IDEs (JUnit-like Fuzzing) Fuzzing in processes (Fuzz-driven Development)

  34. Challenges • Automating vulnerability discovery. • The human component in fuzzing. • [C.5] HITL : How can fuzzers leverage the ingenuity of the auditor? • [C.6] Usability : How can we improve the usability of fuzzing tools? Fuzzing in Continuous Integration / Deployment Fuzzing in IDEs (JUnit-like Fuzzing) Fuzzing in processes (Fuzz-driven Development)

  35. Challenges • Automating vulnerability discovery. • The human component in fuzzing. • Fuzzing theory and scientific foundations. Considered second most important challenge.

Download Presentation
Download Policy: The content available on the website is offered to you 'AS IS' for your personal information and use only. It cannot be commercialized, licensed, or distributed on other websites without prior consent from the author. To download a presentation, simply click this link. If you encounter any difficulties during the download process, it's possible that the publisher has removed the file from their server.

Recommend

QS QSYM YM : A : A P Pract ctical Con Concol olic Ex Executi tion on En Engine Tailor

QS QSYM YM : A : A P Pract ctical Con Concol olic Ex Executi tion on En Engine Tailor

QS QSYM YM : A : A P Pract ctical Con Concol olic Ex Executi tion on En Engine Tailor ored for or Hyb Hybrid id F Fuzzin ing Insu Yun, Sangho Lee, Meng Xu, Yeongjin Jang , and Taesoo Kim Georgia Institute of Technology &

912 views • 51 slides
NetMicroscope: Passive Measurements of Residential Internet Performance Renata Teixeira with

NetMicroscope: Passive Measurements of Residential Internet Performance Renata Teixeira with

NetMicroscope: Passive Measurements of Residential Internet Performance Renata Teixeira with Francesco Bronzino, Sara Ayoubi, Israel Salinas (Inria) Paul Schmitt, Guilherme Martins, Joon Kim, Nick Feamster (Princeton) Who cares about

492 views • 9 slides
Richard Gibson June 4, 2015 Video game development is an interdisciplinary business! Local Game

Richard Gibson June 4, 2015 Video game development is an interdisciplinary business! Local Game

Video Games Presentation Richard Gibson June 4, 2015 Video game development is an interdisciplinary business! Local Game Developers Metalhead Software I want a career in video games. Where do I start? Co-op Education Networking Game Jams

203 views • 17 slides
Wearables CS 4720 Mobile Application Development CS 4720 It was news to me In

Wearables CS 4720 Mobile Application Development CS 4720 It was news to me In

Wearables CS 4720 Mobile Application Development CS 4720 It was news to me In preparing this lecture, I did research into wearable computing in general Turns out, theres been a conference on wearable computing since 1997!

1.03k views • 35 slides
Streaming HLS We've seen how to host and play HLS videos Now we'll convert a .mp4 video

Streaming HLS We've seen how to host and play HLS videos Now we'll convert a .mp4 video

Streaming HLS We've seen how to host and play HLS videos Now we'll convert a .mp4 video into and HLS video Using ff mpeg ffmpeg Software with many video processing features Needs to be installed on any machine running your

545 views • 11 slides
NetMicroscope: Passive Measurements of Residential Internet Performance Renata Teixeira with

NetMicroscope: Passive Measurements of Residential Internet Performance Renata Teixeira with

NetMicroscope: Passive Measurements of Residential Internet Performance Renata Teixeira with Francesco Bronzino, Sara Ayoubi, Israel Salinas (Inria) Paul Schmitt, Guilherme Martins,Joon Kim, Nick Feamster (Princeton) Who cares about

477 views • 24 slides
Calculating Source Line Level Energy Information for Android Applications Ding Li, Shuai Hao,

Calculating Source Line Level Energy Information for Android Applications Ding Li, Shuai Hao,

Calculating Source Line Level Energy Information for Android Applications Ding Li, Shuai Hao, William G.J. Halfond, Ramesh Govindan Department of Computer Science University of Southern California Motivation: App Energy Consumption Battery

647 views • 28 slides
Super-Resolution via Image Recapture and Bayesian Effect Modeling Neil Toronto Oral Thesis

Super-Resolution via Image Recapture and Bayesian Effect Modeling Neil Toronto Oral Thesis

Super-Resolution via Image Recapture and Bayesian Effect Modeling Neil Toronto Oral Thesis Defense Department of Computer Science Brigham Young University December 2008 Single-Frame Super-Resolution (i.e. Good Image Magnification)

682 views • 36 slides
Peter reports to the church in Jerusalem Acts 11:1-18 Now the apostles and the brothers who were

Peter reports to the church in Jerusalem Acts 11:1-18 Now the apostles and the brothers who were

Peter reports to the church in Jerusalem Acts 11:1-18 Now the apostles and the brothers who were throughout Judea heard that the Gentiles also had received the word of God. Acts 11:1 Now when the apostles at Jerusalem heard that Samaria had

633 views • 14 slides
Policy Approximation Policy = a function from state to action ! How does the agent select

Policy Approximation Policy = a function from state to action ! How does the agent select

Policy Approximation Policy = a function from state to action ! How does the agent select actions? ! In such a way that it can be affected by learning? ! In such a way as to assure exploration? ! Approximation: there are too many

642 views • 24 slides
Machine Learn ning in Search Motivation & Overview Thomas Hofmann Engineering Director g

Machine Learn ning in Search Motivation & Overview Thomas Hofmann Engineering Director g

DAAD Summer School on Current Trend ds in Distributed Systems (CTDS'2009) 24 - 26 September, Gammarth, Tunisia Machine Learn ning in Search Motivation & Overview Thomas Hofmann Engineering Director g g Google, Switzerland thofmann@

396 views • 16 slides
Differentiated Communication in a guidance role Sue Blair The Plan What is Temperament?

Differentiated Communication in a guidance role Sue Blair The Plan What is Temperament?

Celebrating Difference Differentiated Communication in a guidance role Sue Blair The Plan What is Temperament? How does this affect our coaching? How does this affect our clients? What happens when things turn to custard? How

364 views • 33 slides
Service Animals and the ADA Breakout Session #2.2 Mid-Atlantic ADA Update Conference John L.

Service Animals and the ADA Breakout Session #2.2 Mid-Atlantic ADA Update Conference John L.

9/2/2016 Service Animals and the ADA Breakout Session #2.2 Mid-Atlantic ADA Update Conference John L. Wodatch Reasonable Modification Legal Basis: General Rule in ADA regulation: A public entity shall make reasonable modifications in

151 views • 13 slides
1 What does this mean? Limits the species of service animals to dogs; Makes clear that

1 What does this mean? Limits the species of service animals to dogs; Makes clear that

2010 ADA Regulations: Service Animals 22nd Annual ADA Update Mid-Atlantic ADA Center Baltimore, Maryland September 17 18, 2015 Service Animals Adds service animal definition and service animal provisions to title II; and

428 views • 7 slides
PRODUCE SAFETY RULE FOR FARMS: HOW TO COMPLY AND WHAT ABOUT THE GROWER EXEMPTION? Room 314 |

PRODUCE SAFETY RULE FOR FARMS: HOW TO COMPLY AND WHAT ABOUT THE GROWER EXEMPTION? Room 314 |

PRODUCE SAFETY RULE FOR FARMS: HOW TO COMPLY AND WHAT ABOUT THE GROWER EXEMPTION? Room 314 | December 5 2017 CEUs New Process Certified Crop Advisor (CCA) Pest Control Advisor (PCA), Qualified Applicator (QA), Private Applicator (PA)

514 views • 34 slides
Computational Logic A Hands-on Introduction to Pure Logic Programming 1 Syntax: Terms

Computational Logic A Hands-on Introduction to Pure Logic Programming 1 Syntax: Terms

Computational Logic A Hands-on Introduction to Pure Logic Programming 1 Syntax: Terms (Variables, Constants, and Structures) (using Prolog notation conventions) Variables: start with uppercase character (or ), may include

757 views • 65 slides
Problem Solving and Search Ulle Endriss Institute for Logic, Language and Computation University

Problem Solving and Search Ulle Endriss Institute for Logic, Language and Computation University

Prolog PSS 2018 Problem Solving and Search Ulle Endriss Institute for Logic, Language and Computation University of Amsterdam http://www.illc.uva.nl/~ulle/teaching/pss/ Ulle Endriss 1 Prolog PSS 2018 Table of Contents Lecture

1.35k views • 116 slides
An Introduction to Prolog Programming 1 What is Prolog? Prolog ( pro gramming in log ic) is a

An Introduction to Prolog Programming 1 What is Prolog? Prolog ( pro gramming in log ic) is a

An Introduction to Prolog Programming 1 What is Prolog? Prolog ( pro gramming in log ic) is a logic-based programming language: programs correspond to sets of logical formulas and the Prolog interpreter uses logical methods to resolve

1.18k views • 72 slides
Inference in first-order logic Chapter 9 Chapter 9 1 Outline Reducing first-order inference

Inference in first-order logic Chapter 9 Chapter 9 1 Outline Reducing first-order inference

Inference in first-order logic Chapter 9 Chapter 9 1 Outline Reducing first-order inference to propositional inference Unification Generalized Modus Ponens Forward and backward chaining Logic programming Resolution

793 views • 48 slides
SI Scoring Guide SUBORDINATION INDEX USING SALT Discuss the scoring rules SALT SOFTWARE, LLC

SI Scoring Guide SUBORDINATION INDEX USING SALT Discuss the scoring rules SALT SOFTWARE, LLC

SALT Software, LLC SI Scoring Guide SUBORDINATION INDEX USING SALT Discuss the scoring rules SALT SOFTWARE, LLC Look at some tricky scoring examples Review a few key points PRESENTER: Mary Beth Rolland, MS, CCC SLP ASHA

301 views • 4 slides
An Introduction to Prolog Programming Ulle Endriss Institute for Logic, Language and Computation

An Introduction to Prolog Programming Ulle Endriss Institute for Logic, Language and Computation

Basic Prolog LP&ZT 2005 An Introduction to Prolog Programming Ulle Endriss Institute for Logic, Language and Computation University of Amsterdam Ulle Endriss (ulle@illc.uva.nl) 1 Basic Prolog LP&ZT 2005 What is Prolog? Prolog (

292 views • 25 slides
Table of Contents I Representing Defaults A General Strategy for Representing Defaults Knowledge

Table of Contents I Representing Defaults A General Strategy for Representing Defaults Knowledge

Table of Contents I Representing Defaults A General Strategy for Representing Defaults Knowledge Bases with Null Values Simple Priorities between Defaults Inheritance Hierarchies with Defaults Indirect Exceptions to Defaults Yulia Kahl

670 views • 50 slides
Presentation Outline Technical Orientation Welcome / Introduction Jeff Farbman

Presentation Outline Technical Orientation Welcome / Introduction Jeff Farbman

An NGFN An NGFN Foo ood d Hub Coll Hub Collabo borati tion on W Webina binar FSMA COMMENTS FOR FOOD HUBS October 23, 2013 Presentation Outline Technical Orientation Welcome / Introduction Jeff Farbman Wallace Center at

560 views • 55 slides
Algorithmic Game Theory: Introduction Georgios Amanatidis amanatidis@diag.uniroma1.it Based on

Algorithmic Game Theory: Introduction Georgios Amanatidis amanatidis@diag.uniroma1.it Based on

Algorithmic Game Theory: Introduction Georgios Amanatidis amanatidis@diag.uniroma1.it Based on slides by Vangelis Markakis What is Game Theory? Quote from M. Osborne: Game Theory aims to help us understand situations in which decision makers

834 views • 36 slides

More recommend