fuzzing for vulnerability detection
play

FUZZING FOR VULNERABILITY DETECTION FUZZING FOR VULNERABILITY - PowerPoint PPT Presentation

Sep 04, 2022 •265 likes •489 views

MASTER SEMINAR WS16/17 PROF. DR. ALEXANDER PRETSCHNER SAAHIL OGNAWALA FUZZING FOR VULNERABILITY DETECTION FUZZING FOR VULNERABILITY DETECTION WHO WE ARE Prof. Dr. Alexander Pretschner Head of Chair XXII Software Engineering @TUM since

  1. MASTER SEMINAR WS16/17 PROF. DR. ALEXANDER PRETSCHNER SAAHIL OGNAWALA FUZZING FOR VULNERABILITY DETECTION

  2. FUZZING FOR VULNERABILITY DETECTION WHO WE ARE Prof. Dr. Alexander Pretschner Head of Chair XXII – Software Engineering @TUM since May 1st, 2012 Saahil Ognawala Office: MI - 01.11.041 Email: ognawala@in.tum.de Our website: http://www22.in.tum.de/

  3. FUZZING FOR VULNERABILITY DETECTION FUZZING (OR FUZZ TESTING) FOR VULNERABILITY DETECTION ▸ Introduction to fuzzing ▸ Popular software testing technique ▸ Fast, automated, coverage driven ▸ Variety of domains ▸ command line, GUI, mobile, web-apps etc. ▸ Seminar homepage ▸ http://www22.in.tum.de/en/fuzz-testing-seminar/

  4. FUZZING FOR VULNERABILITY DETECTION GOAL ▸ Understanding with respect to fuzzing ▸ Concepts of pure fuzzing ▸ How are input mutations performed? ▸ How is whitebox fuzzing different from blackbox fuzzing? ▸ How can whitebox information be used to enhance fuzzing? ▸ Advanced techniques and target-specific implementations ▸ Others ▸ Critical reading and understanding ▸ Summarizing ▸ Classification ▸ Writing an exposé ▸ Presentation skills

  5. FUZZING FOR VULNERABILITY DETECTION OVERVIEW OF FUZZING ▸ Start testing with “seed inputs” ▸ Observe (record) program behaviour ▸ Blackbox ▸ Change input (flip-bits, XOR, etc.) and test again ▸ New program behaviour? ▸ SUCCESS!

  6. FUZZING FOR VULNERABILITY DETECTION OVERVIEW OF FUZZING ▸ Variant of random testing ▸ Input mutation, instead of random sampling. ▸ Basic fuzzers mutate inputs randomly. ▸ Automation is the key! ▸ “Move Mutate fast, break things” ▸ Dependant only on (input,output) ▸ High path coverage* due to lots of testing rounds *highly subject to conditions

  7. FUZZING FOR VULNERABILITY DETECTION TASKS OVERVIEW ▸ Independent work ▸ Read and understand concepts ▸ Look for papers/material beyond the initial suggestions ▸ Eg. Academic publication portals, TUM library etc. ▸ NO Wikipedia! (Except if a source is picked - discuss with the supervisor) ▸ NO blogs! ▸ Discuss with your colleagues ▸ Regularly get (and hopefully incorporate) reviews on your drafts from your supervisor. ▸ Talk with your supervisor whenever required (use this power judiciously)

  8. FUZZING FOR VULNERABILITY DETECTION RULES ▸ Compliance with the prescribed deadlines ▸ Compliance with all templates ▸ Presence in all meetings ▸ Participation in the final presentations in a two (or three) day block-seminar

  9. FUZZING FOR VULNERABILITY DETECTION RULES ▸ Grading ▸ Intermediate submission (0.3 grade point bonus* mandatory!) ▸ Table of contents ▸ Extended abstract ▸ Bibliography ▸ Exposé (50%) + Presentation (50%) ▸ Penalty for all late submissions ▸ In case of any issues (eg. can’t find a paper) ▸ Google ▸ Ask your colleagues ▸ Write to the Saahil Ognawala

  10. FUZZING FOR VULNERABILITY DETECTION INTERMEDIATE SUBMISSION ▸ Ca. 2 pages ▸ Extended abstract ▸ Introduction ▸ Problem statement and goals ▸ Short description of content of each subsection ▸ Description of your own contribution/critique ▸ Bibliography

  11. FUZZING FOR VULNERABILITY DETECTION EXPOSÉ ▸ Max. 15 pages including appendix, LNCS format ▸ No plagiarism! ▸ blatant copy-paste, summarizing others’ ideas/results without reference etc. will result in immediate expulsion from the course . ▸ Discussion of own contribution ▸ Complete bibliography ▸ Appendix, if needed

  12. FUZZING FOR VULNERABILITY DETECTION CONTENT ▸ Don’t deviate from allotted topic ▸ Logical and contradiction-free reasoning ▸ Argue with proper sources ▸ If any contradictions in the source paper, don’t hide them.

  13. FUZZING FOR VULNERABILITY DETECTION CONTENT ▸ Clear distinction between scientific facts and own logical conclusion ▸ Eg. if something is “good” according to you, why? ▸ Proper references ▸ Language ▸ Easy to understand, simple (and short) sentences ▸ Precise ▸ Sensible titles ▸ Sensible paragraphing

  14. FUZZING FOR VULNERABILITY DETECTION CONTENT ▸ Tables and pictures ▸ Cite sources ▸ Must not be blurry ▸ Large enough to be read in print ▸ Must be referenced in text ▸ Consistent numbering ▸ Bibliography ▸ Must be referenced in text ▸ Consistent numbering ▸ Citation must include - Authors’ names, title, year of publication, venue (or publisher)

  15. FUZZING FOR VULNERABILITY DETECTION POSSIBLE STRUCTURE ▸ Title & abstract ▸ Introduction ▸ Topic content ▸ Results ▸ Related work ▸ Discussion & conclusion ▸ Bibliography ▸ Appendix

  16. FUZZING FOR VULNERABILITY DETECTION PRESENTATION ▸ Ca. 30 minutes of talking ▸ Clear, linear storyline. ▸ Must match the exposé, but should not be a text dump ▸ Possibility of discussing slides with supervisor ▸ Ca. 10 minutes of discussion ▸ Be prepared for questions on the topic ▸ Ask questions on the presented topic

  17. FUZZING FOR VULNERABILITY DETECTION FINDING LITERATURE ▸ TUM Library ▸ Informatik ▸ Others… ▸ Online portals ▸ Springer (www.springerlink.com/) ▸ ACM (dl.acm.org/) ▸ IEEE (ieeexplore.ieee.org/Xplore/guesthome.jsp) ▸ Google Scholar (scholar.google.com) ▸ Scopus (scopus.com)

  18. FUZZING FOR VULNERABILITY DETECTION IMPORTANT DATES ▸ Intermediate submission deadline: 31st October, 2016 ▸ Submission deadline for first exposé draft: 28th November, 2016 ▸ Discussion (paper+slides) with supervisor and revision: 5th Dec. - 19th Dec. 2016 ▸ Exposé submission deadline: 3rd January, 2017 ▸ Receive peer’s paper for review: 6th January, 2017 ▸ Peer review deadline: 13th January, 2017 ▸ Camera ready deadline (paper+slides): 20th January, 2017 ▸ All documents must be submitted as PDF-files ▸ After submission of the slides, individual appointments for feedback for all students ▸ Block-seminar date(s) during the end of January. TBA.

  19. FUZZING FOR VULNERABILITY DETECTION REGISTRATION ▸ Matching system: http://docmatching.in.tum.de/ ▸ Choose 3 topics from the list ▸ Mail ognawala@in.tum.de latest by Thursday, 30th June, 2016 ▸ Order of preference - 1 highest, 3 lowest ▸ Include - Full name, IMAT number, TUM email ID ▸ Get a topic by email after end of matching round

  20. FUZZING FOR VULNERABILITY DETECTION OVERVIEW OF TOPICS ▸ Blackbox testing with fuzzing ▸ Blackbox vs. whitebox fuzzing ▸ Advanced fuzzing strategies with whitebox optimizations ▸ Input mutation strategies in fuzzing ▸ Role of machine learning in fuzz testing ▸ Role of genetic algorithms in fuzz testing ▸ Compositional analysis of large-scale software with fuzzing ▸ Vulnerability discovery in mobile applications ▸ Vulnerability discovery in web applications ▸ File format and protocol fuzzing ▸ ….or agree upon a topic with the supervisor….

  21. ognawala@in.tum.de THANK YOU

Download Presentation
Download Policy: The content available on the website is offered to you 'AS IS' for your personal information and use only. It cannot be commercialized, licensed, or distributed on other websites without prior consent from the author. To download a presentation, simply click this link. If you encounter any difficulties during the download process, it's possible that the publisher has removed the file from their server.

Recommend

Taintscope: A Checksum-Aware Directed Fuzzing Tool for Automatic Software Vulnerability Detection

Taintscope: A Checksum-Aware Directed Fuzzing Tool for Automatic Software Vulnerability Detection

Taintscope: A Checksum-Aware Directed Fuzzing Tool for Automatic Software Vulnerability Detection Tielei Wang Tao Wei Guofei Gu Wei Zou March 12, 2014 Tielei Wang, Tao Wei, Guofei Gu, Wei Zou Taintscope Taintscope is: A Fuzzing tool

742 views • 42 slides
Static analysis for exploitable vulnerability detection Marie-Laure Potet VERIMAG University of

Static analysis for exploitable vulnerability detection Marie-Laure Potet VERIMAG University of

Static analysis for exploitable vulnerability detection Marie-Laure Potet VERIMAG University of Grenoble September 2014 Static analysis for exploitable vulnerability detection 1/43 Outline 1 Context Vulnerability detection process Static

546 views • 43 slides
Outline 31st IEEE Symposium on Security & Privacy Introduction TaintScope: A

Outline 31st IEEE Symposium on Security & Privacy Introduction TaintScope: A

Outline 31st IEEE Symposium on Security & Privacy Introduction TaintScope: A Checksum-Aware Background Directed Fuzzing Tool for Automatic Motivation Software Vulnerability Detection TaintScope Intuition Tielei Wang 1 ,

427 views • 5 slides
Fuzzing Kamailio Security testing the Kamailio SIP server with fuzzing Agenda About me

Fuzzing Kamailio Security testing the Kamailio SIP server with fuzzing Agenda About me

Fuzzing Kamailio Security testing the Kamailio SIP server with fuzzing Agenda About me Motivation Introduction of fuzzing and afl fuzzer Necessary changes to the core and configuration Testing setup Example SIP messages and

1.03k views • 35 slides
Vulnerability Management Spring 2020 Jay Chen What is a vulnerability? A vulnerability is a

Vulnerability Management Spring 2020 Jay Chen What is a vulnerability? A vulnerability is a

Vulnerability Management Spring 2020 Jay Chen What is a vulnerability? A vulnerability is a cybersecurity flaw in a system that leave it open to attack. A vulnerability may also refer to any type of weakness in a computer system

407 views • 16 slides
Ants on the Grid: BiologyInspired Monitoring for Incident and Vulnerability Detection

Ants on the Grid: BiologyInspired Monitoring for Incident and Vulnerability Detection

A RIZONA S TATE U NIVERSITY CREDC Industrial Workshop 2017 Ants on the Grid: BiologyInspired Monitoring for Incident and Vulnerability Detection Josephine Lamp , Carlos E. Rubio-Medrano, Ziming Zhao and Gail-Joon Ahn 6/27/2017 1 A RIZONA S

305 views • 9 slides
Fuzzing for CyberSecurity Abe Cohen 2019-11-13 Fuzzing for CyberSecurity What is

Fuzzing for CyberSecurity Abe Cohen 2019-11-13 Fuzzing for CyberSecurity What is

Fuzzing for CyberSecurity Abe Cohen 2019-11-13 Fuzzing for CyberSecurity What is fuzzing/fuzz testing? Why AFL? How does it work with GNAT Pro/Ada? Premise: Fuzz Testing Definition: Stable Software Software that is highly

649 views • 16 slides
Tools and Techniques to automate the discovery of Zero Day Vulnerabilities A.K.A Fuzzing 101

Tools and Techniques to automate the discovery of Zero Day Vulnerabilities A.K.A Fuzzing 101

Tools and Techniques to automate the discovery of Zero Day Vulnerabilities A.K.A Fuzzing 101 Agenda GEEKZONE Overview of fuzzing techniques Tutorials on specific open-source fuzzers Demonstrations DIY fuzzing! Who

825 views • 50 slides
2000 2010 2015 2005 Blackbox Fuzzing Verification Whitebox Fuzzing Patrice Godefroid

2000 2010 2015 2005 Blackbox Fuzzing Verification Whitebox Fuzzing Patrice Godefroid

From Blackbox Fuzzing to Whitebox Fuzzing towards Verification 2000 2010 2015 2005 Blackbox Fuzzing Verification Whitebox Fuzzing Patrice Godefroid Microsoft Research ISSTA2010 Page 1 July 2010 Acknowledgments Joint work with:

633 views • 38 slides
Coverage-guided Fuzzing of Individual Functions Without Source Code Alessandro Di Federico

Coverage-guided Fuzzing of Individual Functions Without Source Code Alessandro Di Federico

Coverage-guided Fuzzing of Individual Functions Without Source Code Alessandro Di Federico Politecnico di Milano October 25, 2018 1 Index Coverage-guided fuzzing An overview of rev.ng Experimental results 2 Fuzzing 3 Fuzzing 1 Generate

1.36k views • 72 slides
Wi-Fi Advanced Fuzzing Wi-Fi Advanced Fuzzing Laurent BUTTI France Tlcom / Orange

Wi-Fi Advanced Fuzzing Wi-Fi Advanced Fuzzing Laurent BUTTI France Tlcom / Orange

Wi-Fi Advanced Fuzzing Wi-Fi Advanced Fuzzing Laurent BUTTI France Tlcom / Orange Division R&D firstname dot lastname at orange-ftgroup dot com research & development Forewords Wi-Fi Fuzzing/BlackHat EU 2007/Laurent Butti p

1.05k views • 78 slides
Modern Fuzzing of Media-processing projects Max Moroz, FOSDEM 2017 Agenda Fuzzing

Modern Fuzzing of Media-processing projects Max Moroz, FOSDEM 2017 Agenda Fuzzing

Modern Fuzzing of Media-processing projects Max Moroz, FOSDEM 2017 Agenda Fuzzing what is fuzzing, why fuzz, fuzzing types How to fuzz fuzz target, fuzzing engine, libFuzzer Media processing as a target

551 views • 19 slides
Benchmarking Vulnerability Detection Tools for Web Services Nuno Antunes, Marco Vieira { nmsa ,

Benchmarking Vulnerability Detection Tools for Web Services Nuno Antunes, Marco Vieira { nmsa ,

Benchmarking Vulnerability Detection Tools for Web Services Nuno Antunes, Marco Vieira { nmsa , mvieira}@dei.uc.pt ICWS 2010 CISUC Department of Informatics Engineering University of Coimbra, Portugal Outline The problem Benchmarking

447 views • 25 slides
T-Fuzz: Fuzzing by Program Transformation Hui Peng 1 , Yan Shoshitaishvili 2 , Mathias Payer 1 1

T-Fuzz: Fuzzing by Program Transformation Hui Peng 1 , Yan Shoshitaishvili 2 , Mathias Payer 1 1

T-Fuzz: Fuzzing by Program Transformation Hui Peng 1 , Yan Shoshitaishvili 2 , Mathias Payer 1 1 2 Fuzzing as a bug finding approach Fuzzing is highly effective in finding bugs (CVEs) Developers use it as proactive defense measure:

844 views • 32 slides
Fuzzing the Media Framework in Android Alexandru Blanda OTC Security QA 1 Agenda Introduction

Fuzzing the Media Framework in Android Alexandru Blanda OTC Security QA 1 Agenda Introduction

Fuzzing the Media Framework in Android Alexandru Blanda OTC Security QA 1 Agenda Introduction Fuzzing Media Content in Android Data Generation Fuzzing the Stagefright Framework Logging & Triage Mechanisms 2 Introduction Fuzzing

1.12k views • 38 slides
NEUZZ: Efficient Fuzzing with Neural Program Smoothing Dongdong She, Kexin Pei, Dave Epstein,

NEUZZ: Efficient Fuzzing with Neural Program Smoothing Dongdong She, Kexin Pei, Dave Epstein,

NEUZZ: Efficient Fuzzing with Neural Program Smoothing Dongdong She, Kexin Pei, Dave Epstein, Junfeng Yang, Baishakhi Ray, and Suman Jana Columbia University 1 Fuzzing: a popular way to uncover bugs [Liang et al. 2019] 2 Evolutionary Fuzzing

1.02k views • 26 slides
SuperKEKB R&D for SuperKEKB and the next generation high luminosity colliders M.

SuperKEKB R&D for SuperKEKB and the next generation high luminosity colliders M.

SuperKEKB R&D for SuperKEKB and the next generation high luminosity colliders M. Tobiyama(KEK), J. Seeman(SLAC) A 3D Point Scan Magnetic Field Measurement System for Accelerator and Detector Magnets N. Ohuchi(KEK), T. Strauss(FNAL) , P.

730 views • 40 slides
E x p l a i n i n g M a c h i n e L e a r n i n g D e c i s i o n

E x p l a i n i n g M a c h i n e L e a r n i n g D e c i s i o n

E x p l a i n i n g M a c h i n e L e a r n i n g D e c i s i o n s G r g o i r e M o n t a v o n , T U B e r l i n J o i n t w o r k w i t h : W o j c i e c h S a

802 views • 45 slides
Off-Path Round Trip Time Measurement via TCP/IP Side Channels Geoffrey Alexander and Jedidiah R.

Off-Path Round Trip Time Measurement via TCP/IP Side Channels Geoffrey Alexander and Jedidiah R.

Off-Path Round Trip Time Measurement via TCP/IP Side Channels Geoffrey Alexander and Jedidiah R. Crandall University of New Mexico, USA How do you measure something? Interact directly T ake samples Multiple tests 2 Problem How

533 views • 26 slides
Digital Pre-Distortion Derek Kozel What is Digital Pre-Distortion (DPD) A technique for

Digital Pre-Distortion Derek Kozel What is Digital Pre-Distortion (DPD) A technique for

Digital Pre-Distortion Derek Kozel What is Digital Pre-Distortion (DPD) A technique for improving the linearity of power amplifiers Ideally the output signal of a PA is the input scaled up perfectly Instead the semiconductor

319 views • 29 slides
Boosting Verification Scalability via Structural Grouping and Semantic Partitioning of Properties

Boosting Verification Scalability via Structural Grouping and Semantic Partitioning of Properties

Boosting Verification Scalability via Structural Grouping and Semantic Partitioning of Properties Rohit Dureja * , Jason Baumgartner , Alexander Ivrii , Robert Kanzelman , Kristin Y. Rozier * * Iowa State University IBM Corporation

577 views • 46 slides
Implementing Grover Oracles for Quantum Key Search on AES and LowMC Samuel Jaques 1 , Michael

Implementing Grover Oracles for Quantum Key Search on AES and LowMC Samuel Jaques 1 , Michael

Implementing Grover Oracles for Quantum Key Search on AES and LowMC Samuel Jaques 1 , Michael Naehrig 2 , Martin Roetteler 3 , Fernando Virdia 4 1 Department of Materials, University of Oxford, UK 2 Microsoft Research, Redmond, WA, USA 3 Microsoft

696 views • 26 slides
Genus minimizing knots in rational homology spheres Yi Ni yini@caltech.edu Department of

Genus minimizing knots in rational homology spheres Yi Ni yini@caltech.edu Department of

Genus minimizing knots in rational homology spheres Yi Ni yini@caltech.edu Department of Mathematics California Institute of Technology Whats Next? The mathematical legacy of Bill Thurston Cornell University, June 2327, 2014

1.2k views • 98 slides
R enyi Entropy and Spectral Geometry Alexander Patrushev in collaboration with Dmitri Fursaev

R enyi Entropy and Spectral Geometry Alexander Patrushev in collaboration with Dmitri Fursaev

R enyi Entropy and Spectral Geometry Alexander Patrushev in collaboration with Dmitri Fursaev Bogoliubov Laboratory of Theoretical Physics, Joint Institute for Nuclear Research Strings 2014 Alexander Patrushev (JINR) RE and SG Princeton

248 views • 9 slides

More recommend