parmesan sanitizer guided greybox fuzzing
play

ParmeSan: Sanitizer-guided Greybox Fuzzing USENIX 2020 *some pages - PowerPoint PPT Presentation

Aug 02, 2023 •308 likes •494 views

ParmeSan: Sanitizer-guided Greybox Fuzzing USENIX 2020 *some pages borrowed from Zheyu Ma background What is fuzzing: feed random inputs to trigger as many crashes and hangs as possible What is state-of-the-art of fuzzing research:

  1. ParmeSan: Sanitizer-guided Greybox Fuzzing USENIX 2020 *some pages borrowed from Zheyu Ma

  2. background • What is fuzzing: feed random inputs to trigger as many crashes and hangs as possible • What is state-of-the-art of fuzzing research: • black-box fuzzing: totally random • white-box fuzzing: symbolic execution • gray-box fuzzing: • coverage-guided • directed fuzzing • heuristics: Dynamic data-flow analysis (DFA), Neural network, etc.

  3. Contribution • designs the first sanitizer-guided fuzzer using a two-stage directed fuzzing strategy to e ffi ciently reach all the interesting targets. • finds the same bugs as state-of-the-art coverage-guided and directed fuzzers in less time.

  4. Motivation

  5. Overview • Target Acquisition • Dynamic Control Flow Graph (CFG) • Sanitizer-guided Fuzzer •

  6. Target Acquisition • Statically compare Sanitizer-instrumented program and original program, instrumented points are target branch

  7. Target Acquisition • Confirm sanitizer’s ability to find real-world bugs • Each kind of sanitizers target at one bug types

  8. Target Acquisition • Target Pruning • Example • for base64 program in LAVA-M, top 3 targets are lava_get() , lava_set() , and emit_bug_reporting_address() , the first 2 triggers bugs

  9. Dynamic CFG • CFG construction

  10. Dynamic CFG • CFG construction

  11. Dynamic CFG • CFG construction • Distance Metric • Augmented with DFA

  12. Sanitizer-guided Fuzzer • End-to-end workflow

  13. Sanitizer-guided Fuzzer • Input Prioritization • Maintaining a queue of (input, condition)

  14. Evaluation • ParmeSan v.s. Other Directed Fuzzers

  15. Evaluation • ParmeSan v.s Coverage-guided Fuzzers

  16. Evaluation • Sanitizer Impact

  17. Evaluation • Ability to detect new bugs

  18. Conclusion

Download Presentation
Download Policy: The content available on the website is offered to you 'AS IS' for your personal information and use only. It cannot be commercialized, licensed, or distributed on other websites without prior consent from the author. To download a presentation, simply click this link. If you encounter any difficulties during the download process, it's possible that the publisher has removed the file from their server.

Recommend

FuZZan: Efficient Sanitizer Metadata Design for Fuzzing Yuseok Jeon 1 , WookHyun Han 2 , Nathan

FuZZan: Efficient Sanitizer Metadata Design for Fuzzing Yuseok Jeon 1 , WookHyun Han 2 , Nathan

FuZZan: Efficient Sanitizer Metadata Design for Fuzzing Yuseok Jeon 1 , WookHyun Han 2 , Nathan Burow 1 , Mathias Payer 1 3 1 2 3 Sanitizer: Debug Policy Violations Observe actual execution and flag incorrect behavior E.g., detect

470 views • 23 slides
Coverage-guided Fuzzing of Individual Functions Without Source Code Alessandro Di Federico

Coverage-guided Fuzzing of Individual Functions Without Source Code Alessandro Di Federico

Coverage-guided Fuzzing of Individual Functions Without Source Code Alessandro Di Federico Politecnico di Milano October 25, 2018 1 Index Coverage-guided fuzzing An overview of rev.ng Experimental results 2 Fuzzing 3 Fuzzing 1 Generate

1.36k views • 72 slides
Expanding the Reach of Fuzzing Caroline Lemieux September 8 th , 2020 Fuzzcon Europe

Expanding the Reach of Fuzzing Caroline Lemieux September 8 th , 2020 Fuzzcon Europe

Expanding the Reach of Fuzzing Caroline Lemieux September 8 th , 2020 Fuzzcon Europe Coverage-Guided Fuzzing Greybox, Mutational seeds Input Input Input Input Initial Input pick mutate Input execute Input Input Input n save

1.35k views • 89 slides
Coverage-based Greybox Fuzzing as Markov Chain Marcel Bohme, Van-Thuan Pham, Abhik Roychoudhury

Coverage-based Greybox Fuzzing as Markov Chain Marcel Bohme, Van-Thuan Pham, Abhik Roychoudhury

Coverage-based Greybox Fuzzing as Markov Chain Marcel Bohme, Van-Thuan Pham, Abhik Roychoudhury School Of Computing, NUS, Singapore FM Update 2018 Presented by - Raveendra Kumar M, Animesh Basak Chowdhury TCS Research July 27, 2018 Some of

662 views • 33 slides
through Coverage-guided Tracing Stefan Nagy Matthew Hicks snagy2@vt.edu mdhicks2@vt.edu

through Coverage-guided Tracing Stefan Nagy Matthew Hicks snagy2@vt.edu mdhicks2@vt.edu

Full-speed Fuzzing: Reducing Fuzzing Overhead through Coverage-guided Tracing Stefan Nagy Matthew Hicks snagy2@vt.edu mdhicks2@vt.edu COMPUTER SCIENCE 1 Fuzzing 2 COMPUTER SCIENCE An Overview of Fuzzing Time-tested technique AFL,

572 views • 28 slides
Coverage-Guided Fuzzing Dynamic Static Smart Coverage Structure Algorithms Security

Coverage-Guided Fuzzing Dynamic Static Smart Coverage Structure Algorithms Security

Coverage-Guided Fuzzing Dynamic Static Smart Coverage Structure Algorithms Security Testing Andreas Zeller, Saarland University Our Goal We want to cause the program to fail We have seen random (unstructured) input

868 views • 69 slides
HotFuzz Discovering Algorithmic Denial-of-Service Vulnerabilities through Guided Micro-Fuzzing

HotFuzz Discovering Algorithmic Denial-of-Service Vulnerabilities through Guided Micro-Fuzzing

HotFuzz Discovering Algorithmic Denial-of-Service Vulnerabilities through Guided Micro-Fuzzing William Blair Andrea Mambretti Sajjad Arshad Michael Weissbacher Boston University Northeastern University Northeastern University Northeastern

172 views • 14 slides
A smart watch with alcohol-based sanitizer gel dual purpose unit that can flip from watch to

A smart watch with alcohol-based sanitizer gel dual purpose unit that can flip from watch to

A smart watch with alcohol-based sanitizer gel dual purpose unit that can flip from watch to roll on sanitizer gel. watch + sanitizer gel watch + sanitizer gel SANITIZER GEL WATCH ROLLER 70 x 50 x 18 MM watch + sanitizer gel 28 x 210 MM

112 views • 8 slides
Fuzzing Kamailio Security testing the Kamailio SIP server with fuzzing Agenda About me

Fuzzing Kamailio Security testing the Kamailio SIP server with fuzzing Agenda About me

Fuzzing Kamailio Security testing the Kamailio SIP server with fuzzing Agenda About me Motivation Introduction of fuzzing and afl fuzzer Necessary changes to the core and configuration Testing setup Example SIP messages and

1.03k views • 35 slides
Fuzzing for CyberSecurity Abe Cohen 2019-11-13 Fuzzing for CyberSecurity What is

Fuzzing for CyberSecurity Abe Cohen 2019-11-13 Fuzzing for CyberSecurity What is

Fuzzing for CyberSecurity Abe Cohen 2019-11-13 Fuzzing for CyberSecurity What is fuzzing/fuzz testing? Why AFL? How does it work with GNAT Pro/Ada? Premise: Fuzz Testing Definition: Stable Software Software that is highly

649 views • 16 slides
Tools and Techniques to automate the discovery of Zero Day Vulnerabilities A.K.A Fuzzing 101

Tools and Techniques to automate the discovery of Zero Day Vulnerabilities A.K.A Fuzzing 101

Tools and Techniques to automate the discovery of Zero Day Vulnerabilities A.K.A Fuzzing 101 Agenda GEEKZONE Overview of fuzzing techniques Tutorials on specific open-source fuzzers Demonstrations DIY fuzzing! Who

825 views • 50 slides
2000 2010 2015 2005 Blackbox Fuzzing Verification Whitebox Fuzzing Patrice Godefroid

2000 2010 2015 2005 Blackbox Fuzzing Verification Whitebox Fuzzing Patrice Godefroid

From Blackbox Fuzzing to Whitebox Fuzzing towards Verification 2000 2010 2015 2005 Blackbox Fuzzing Verification Whitebox Fuzzing Patrice Godefroid Microsoft Research ISSTA2010 Page 1 July 2010 Acknowledgments Joint work with:

633 views • 38 slides
Wi-Fi Advanced Fuzzing Wi-Fi Advanced Fuzzing Laurent BUTTI France Tlcom / Orange

Wi-Fi Advanced Fuzzing Wi-Fi Advanced Fuzzing Laurent BUTTI France Tlcom / Orange

Wi-Fi Advanced Fuzzing Wi-Fi Advanced Fuzzing Laurent BUTTI France Tlcom / Orange Division R&D firstname dot lastname at orange-ftgroup dot com research & development Forewords Wi-Fi Fuzzing/BlackHat EU 2007/Laurent Butti p

1.05k views • 78 slides
Modern Fuzzing of Media-processing projects Max Moroz, FOSDEM 2017 Agenda Fuzzing

Modern Fuzzing of Media-processing projects Max Moroz, FOSDEM 2017 Agenda Fuzzing

Modern Fuzzing of Media-processing projects Max Moroz, FOSDEM 2017 Agenda Fuzzing what is fuzzing, why fuzz, fuzzing types How to fuzz fuzz target, fuzzing engine, libFuzzer Media processing as a target

551 views • 19 slides
T-Fuzz: Fuzzing by Program Transformation Hui Peng 1 , Yan Shoshitaishvili 2 , Mathias Payer 1 1

T-Fuzz: Fuzzing by Program Transformation Hui Peng 1 , Yan Shoshitaishvili 2 , Mathias Payer 1 1

T-Fuzz: Fuzzing by Program Transformation Hui Peng 1 , Yan Shoshitaishvili 2 , Mathias Payer 1 1 2 Fuzzing as a bug finding approach Fuzzing is highly effective in finding bugs (CVEs) Developers use it as proactive defense measure:

844 views • 32 slides
FUZZING FOR VULNERABILITY DETECTION FUZZING FOR VULNERABILITY DETECTION WHO WE ARE Prof. Dr.

FUZZING FOR VULNERABILITY DETECTION FUZZING FOR VULNERABILITY DETECTION WHO WE ARE Prof. Dr.

MASTER SEMINAR WS16/17 PROF. DR. ALEXANDER PRETSCHNER SAAHIL OGNAWALA FUZZING FOR VULNERABILITY DETECTION FUZZING FOR VULNERABILITY DETECTION WHO WE ARE Prof. Dr. Alexander Pretschner Head of Chair XXII Software Engineering @TUM since

489 views • 21 slides
Thermal Transport in =5/2 Fractional Quantum Hall Edges S. H. Simon, PRB 97 , 121406, 2018 S.

Thermal Transport in =5/2 Fractional Quantum Hall Edges S. H. Simon, PRB 97 , 121406, 2018 S.

Thermal Transport in =5/2 Fractional Quantum Hall Edges S. H. Simon, PRB 97 , 121406, 2018 S. H. Simon and Bernd Rosenow PRL 124 , 126801, 2020 S. H. Simon, M. Ippoliti, M. Zaletel, E. H. Rezayi PRB 2020 Quantum Hall Edge States Halperin

717 views • 52 slides
Sensitivity to risk profiles of users when developing AI systems Robin Cohen Cheriton School of

Sensitivity to risk profiles of users when developing AI systems Robin Cohen Cheriton School of

Sensitivity to risk profiles of users when developing AI systems Robin Cohen Cheriton School of Computer Science Rishav Agarwal Dhruv Kumar Alexander Parmentier Tsz Him Leung Position Paper Message about Trusted AI Engender trust

500 views • 27 slides
Diana Dragomir Hubble Fellow MIT Kavli Institute UNSOLVED PROBLEMS Budapest, Hungary July 2,

Diana Dragomir Hubble Fellow MIT Kavli Institute UNSOLVED PROBLEMS Budapest, Hungary July 2,

Towards the Nature and Origin of Super-Earths Diana Dragomir Hubble Fellow MIT Kavli Institute UNSOLVED PROBLEMS Budapest, Hungary July 2, 2018 Diana Dragomir Understanding Super-Earths Small Exoplanets Are Common Sub-Neptunes

254 views • 14 slides
Python for NLP August 26-30, 2019 LORIA, Nancy https://synalp.loria.fr/python4nlp LIFT

Python for NLP August 26-30, 2019 LORIA, Nancy https://synalp.loria.fr/python4nlp LIFT

Python for NLP August 26-30, 2019 LORIA, Nancy https://synalp.loria.fr/python4nlp LIFT (C. Gardent), CNRS GDR Organisation OLKi Impact Project (C. and Funding Cerisara), LUE IDEX Basic Python Required Humanity Students

145 views • 11 slides
to climate change Elanus caeruleus - http://www.chassimages.com Context | Method

to climate change Elanus caeruleus - http://www.chassimages.com Context | Method

P IERRE G AZRE | V INCENT D EVICTOR | ISEM M ONTPELLIER Linking species and community dynamics to explain bird responses R to climate change Elanus caeruleus - http://www.chassimages.com Context | Method |

489 views • 34 slides
Texture What is texture? Easy to recognize, hard to define Deterministic textures

Texture What is texture? Easy to recognize, hard to define Deterministic textures

Texture What is texture? Easy to recognize, hard to define Deterministic textures (thing-like) Stochastic textures (stuff-like) Tasks Discrimination / Segmentation Classification Texture synthesis

555 views • 34 slides
SAMS Programming - Section C Lecture 1: Introduction + Basic Building Blocks of Programming

SAMS Programming - Section C Lecture 1: Introduction + Basic Building Blocks of Programming

SAMS Programming - Section C Lecture 1: Introduction + Basic Building Blocks of Programming Anil Ada aada@cs.cmu.edu July 3, 2017 What is programming (coding) ? What is computer programming ? What is a computer ? What is a computer? Any

722 views • 61 slides
Translation Quality Estimation: Past, Present, and Future Andr e Martins MT Marathon, Lisbon,

Translation Quality Estimation: Past, Present, and Future Andr e Martins MT Marathon, Lisbon,

Translation Quality Estimation: Past, Present, and Future Andr e Martins MT Marathon, Lisbon, August 31st, 2017 Andr e Martins (Unbabel) Quality Estimation MTM, 31/8/17 1 / 69 This Talk First part: largely based on Lucia Specias

989 views • 96 slides

More recommend