the human component in automated bug finding
play

The Human Component in Automated Bug Finding Christian Holler - PowerPoint PPT Presentation

Aug 14, 2022 •381 likes •1.12k views

The Human Component in Automated Bug Finding Christian Holler (:decoder) Staff Security Engineer ~ 16M lines source code ~ 16M lines source code Last month: 340 authors with 2,475 commits Interfaces Media Formats Markup Fonts Languages

  1. The Human Component in Automated Bug Finding Christian Holler (:decoder) Staff Security Engineer

  3. ~ 16M lines source code

  4. ~ 16M lines source code Last month: 340 authors with 2,475 commits

  5. Interfaces Media Formats Markup Fonts Languages JavaScript Networking

  6. Developers know... Domain Knowledge

  7. Developers know... … code architecture/contracts Domain Knowledge

  8. Developers know... … code architecture/contracts … expected behavior Domain Knowledge

  9. Developers know... … code architecture/contracts … expected behavior Domain … weaknesses Knowledge

  10. Developers know... … code architecture/contracts … expected behavior Domain … weaknesses Knowledge “Lone warrior” approach not sustainable

  11. Mutual Trust Relationship

  12. The Do’s and Don’ts

  13. Ninja Style

  14. Ninja Style Build fuzzer alone and in secret

  15. Ninja Style Build fuzzer alone and in secret Rapid fire bugs at developers

  16. Ninja Style Build fuzzer alone and in secret Rapid fire bugs at developers “ They’ll never know what hit them. Tehehe!!11oneeleven ”

  17. Defensive Behavior

  18. Defensive Behavior Overwhelmed

  19. Defensive Behavior Overwhelmed Lack of Resources

  20. Defensive Behavior Overwhelmed Lack of Resources Code Ownership Bias

  21. 21

  22. “please stop filing fuzz bugs for the next few weeks until they can be addressed.” 22

  23. Surprise your developers DON’T

  24. Surprise your developers Act superior or DON’T adversarial

  25. Surprise your developers Act superior or DON’T adversarial Assume equal priorities

  26. DO: Kickoff Meeting

  27. Developers, Fuzzing and Management DO: Kickoff Meeting

  28. Developers, Fuzzing and Management Show previous success stories DO: Kickoff Meeting

  29. Developers, Fuzzing and Management Show previous success stories DO: Offer your help, Kickoff Meeting ask about problems

  30. Developers, Fuzzing and Management Show previous success stories DO: Offer your help, Kickoff Meeting ask about problems Define Goals - Allocate Resources

  31. Developers, Fuzzing and Management Show previous success stories DO: Offer your help, Kickoff Meeting ask about problems Define Goals - Allocate Resources Educate on Requirements

  32. Developers, Fuzzing and Management Show previous success stories DO: Offer your help, Kickoff Meeting ask about problems Define Goals - Allocate Resources Educate on Requirements

  33. Developers, Fuzzing and Management Show previous success stories DO: Offer your help, Kickoff Meeting ask about problems Define Goals - Allocate Resources Educate on Requirements

  34. Requirements and Goals Fuzzing Developer

  35. Requirements and Goals Fuzzing Developer

  36. Requirements and Goals Fuzzing Developer

  37. Requirements and Goals Fuzzing Developer

  38. Example Requirement Bugs must be fixed

  39. Example Requirement Bugs must be fixed “ That bug isn’t interesting, please ignore it. ”

  40. Example Requirement Bugs must be fixed “ ... but that’s not a bug. ”

  41. Example Requirement Bugs must be fixed “ ... but that’s not a bug. ” “Contract” about what constitutes a bug

  42. $ js js>

  43. $ js js> print("Hello watman") Hello watman js>

  44. $ js js> print("Hello watman") Hello watman js> crash(); Hit MOZ_CRASH(forced crash) at shell/js.cpp:3700 Segmentation fault

  45. $ js --fuzzing-safe js>

  46. $ js --fuzzing-safe js> crash(); typein:1:1 ReferenceError: crash is not defined

  47. Requirements vs. Goals Fuzzing Developer

  48. Fuzzblockers

  49. Disruptive effect on fuzzing operations Fuzzblockers

  50. Disruptive effect on fuzzing operations (e.g. highly frequent, resource intensive) Fuzzblockers + Hard to avoid

  51. Disruptive effect on fuzzing operations (e.g. highly frequent, resource intensive) Fuzzblockers + Hard to avoid Highest Priority for Fuzzing (Usually) low priority for developers

  52. Disruptive effect on fuzzing operations (e.g. highly frequent, resource intensive) Fuzzblockers + Hard to avoid Highest Priority for Fuzzing (Usually) low priority for developers Try writing a fix yourself !

  53. I want you to fix a bug

  54. I want you to fix a bug You learn something about the code

  55. I want you to fix a bug You learn something about the code You learn something about development

  56. I want you to fix a bug You learn something about the code You learn something about development You can progress faster

  57. I want you to fix a bug You learn something about the code You learn something about development You can progress faster Developers will be happy

  58. When?

  59. When to Fuzz?

  60. When to Fuzz?

  61. When to Fuzz?

  62. When to Fuzz?

  63. When to Fuzz? Earliest version with well-defined behavior

  64. When to Fuzz? Could help Earliest version with developers well-defined behavior

  65. When to Fuzz? Could help Earliest version with developers well-defined behavior As early as possible (*)

  66. DO: Simple Steps to reproduce

  67. DO: Simple Steps to reproduce

  68. DO: Measure Code Coverage

  69. SHARE! DO: Measure Code Coverage

  70. DO: Educate

  71. Fuzzing is Teamwork

  72. Thank You

Download Presentation
Download Policy: The content available on the website is offered to you 'AS IS' for your personal information and use only. It cannot be commercialized, licensed, or distributed on other websites without prior consent from the author. To download a presentation, simply click this link. If you encounter any difficulties during the download process, it's possible that the publisher has removed the file from their server.

Recommend

NEEDFINDING IN HUMAN CENTERED DESIGN What is need finding? What is need finding? What is need

NEEDFINDING IN HUMAN CENTERED DESIGN What is need finding? What is need finding? What is need

NEEDFINDING IN HUMAN CENTERED DESIGN What is need finding? What is need finding? What is need finding? Needfinding is the process of uncovering User needs Opportunities for improvement Design Insights by learning about their goals

418 views • 14 slides
12. Finding Components with Metadata in Component Repositories 1. Searching and Browsing with

12. Finding Components with Metadata in Component Repositories 1. Searching and Browsing with

Fakultt Informatik - Institut Software- und Multimediatechnik - Softwaretechnologie Prof. Amann - CBSE 12. Finding Components with Metadata in Component Repositories 1. Searching and Browsing with Lecturer : Dr. Sebastian Gtz Faceted

872 views • 38 slides
UPDATE Matt King 07/07/2015 Region Finding 2 Have been working on an automated fiducial

UPDATE Matt King 07/07/2015 Region Finding 2 Have been working on an automated fiducial

1 MOEDAL SIMULATION UPDATE Matt King 07/07/2015 Region Finding 2 Have been working on an automated fiducial region finding algorithm for the MMTs With assistance from Katarina Bendtz, who designed the algorithm for ATLAS. Our

361 views • 7 slides
RP2: Automated end-to-end email component testing MSc. Security & Network Engineering Kevin

RP2: Automated end-to-end email component testing MSc. Security & Network Engineering Kevin

RP2: Automated end-to-end email component testing MSc. Security & Network Engineering Kevin Csuka, Isaac Klop October 16, 2018 University of Amsterdam Supervisor: Michiel Leenaars, NLnet Intro 1 Intro E-mail software is complex

951 views • 27 slides
Automated Transformation from Descartes Modeling Language to Palladio Component Model Jrgen

Automated Transformation from Descartes Modeling Language to Palladio Component Model Jrgen

Automated Transformation from Descartes Modeling Language to Palladio Component Model Jrgen Walter, Simon Eismann, Adrian Hildebrandt Dept. of Computer Science, University of Wrzburg Symposium on Software Performance, Nov 6 th 2015, Munich,

700 views • 20 slides
Automated Web Patrol with Strider HoneyMonkeys: Finding Web Sites That Exploit Browser

Automated Web Patrol with Strider HoneyMonkeys: Finding Web Sites That Exploit Browser

Automated Web Patrol with Strider HoneyMonkeys: Finding Web Sites That Exploit Browser Vulnerabilities Yi-Min Wang, Doug Beck, Xuxian Jiang, Roussi Roussev, Chad Verbowski, Shuo Chen, and Sam King Microsoft Research, Redmond Lisa Johansen

428 views • 16 slides
Tapelifting System for Fibres Evidence Screening and Ventures into Automated Fibre Finding. Dr

Tapelifting System for Fibres Evidence Screening and Ventures into Automated Fibre Finding. Dr

Easylift Three Years On: Use of this Novel Tapelifting System for Fibres Evidence Screening and Ventures into Automated Fibre Finding. Dr Claire Gwinnett, Prof Andrew Jackson, Forensic and Crime Science Department, Staffordshire University, UK

575 views • 23 slides
Finding and proving new geometry theorems in regular polygons with dynamic geometry and automated

Finding and proving new geometry theorems in regular polygons with dynamic geometry and automated

Finding and proving new geometry theorems in regular polygons with dynamic geometry and automated reasoning tools Zolt an Kov acs The Private University College of Education of the Diocese of Linz CICM Hagenberg, Calculemus August 16,

730 views • 68 slides
Strongly connected components Finding strongly-connected components A strongly connected component

Strongly connected components Finding strongly-connected components A strongly connected component

Strongly connected components Finding strongly-connected components A strongly connected component is the maximal subset of a graph with a directed path between any two vertices B Tyler Moore CSE 3353, SMU, Dallas, TX g e Lecture 9 f a b

166 views • 5 slides
Towards Safety Analysis of Interactions Between Human Users and Automated Driving Systems

Towards Safety Analysis of Interactions Between Human Users and Automated Driving Systems

10th European Congress on Embedded Real-Time Systems - ERTS 2020 Towards Safety Analysis of Interactions Between Human Users and Automated Driving Systems Fredrik Warg Stig Ursing Martin Kaalhus Richard Wiik Safety of Automated Driving

762 views • 19 slides
Report and Presentation Requirements Dr Ian Storey 2018 Fact Finding Fact finding is a major

Report and Presentation Requirements Dr Ian Storey 2018 Fact Finding Fact finding is a major

Report and Presentation Requirements Dr Ian Storey 2018 Fact Finding Fact finding is a major component of the analysis in this assignment. Describe techniques used, and give a small number of examples with associated data ( no less than 3 ). For

203 views • 7 slides
A Novel Approach to Integrate Human-in-the-Loop Testing in the Development Chain of Automated

A Novel Approach to Integrate Human-in-the-Loop Testing in the Development Chain of Automated

Institute of Automotive Engineering A Novel Approach to Integrate Human-in-the-Loop Testing in the Development Chain of Automated Driving on the Example of Automated Lane Change Branko Rogic TU Graz 1 Agenda Institute of Automotive

296 views • 16 slides
TEXT AND TEXT AND AUTOMATED BIASES AUTOMATED BIASES NATURAL LANGUAGES ARE THE NATURAL

TEXT AND TEXT AND AUTOMATED BIASES AUTOMATED BIASES NATURAL LANGUAGES ARE THE NATURAL

TEXT AND TEXT AND AUTOMATED BIASES AUTOMATED BIASES NATURAL LANGUAGES ARE THE NATURAL LANGUAGES ARE THE BASE HUMAN COMMUNICATION BASE HUMAN COMMUNICATION we learn from books of all kinds about complex topics and keep ourself updated

532 views • 51 slides
Towards Automated Recognition of Human Emotions Using EEG Haiyan Xu The Edward S. Rogers Sr.

Towards Automated Recognition of Human Emotions Using EEG Haiyan Xu The Edward S. Rogers Sr.

Towards Automated Recognition of Human Emotions Using EEG Haiyan Xu The Edward S. Rogers Sr. Department of Electrical and Computer Engineering, University of Toronto July 12, 2012 Research Objective To investigate whether EEG signal is

512 views • 33 slides
About this presentation Some basics about human (or interpersonal) communication Automated

About this presentation Some basics about human (or interpersonal) communication Automated

About this presentation Some basics about human (or interpersonal) communication Automated Driving and the effects on Short information about a study on automated driving and the effects on communication in communication in road

229 views • 3 slides
Visualizing and Exploring Data Visual Methods for finding structures in data Power of human

Visualizing and Exploring Data Visual Methods for finding structures in data Power of human

Visualizing and Exploring Data Visual Methods for finding structures in data Power of human eye/brain to detect structures Product of eons of evolution Display data in ways that capitalize on human pattern processing abilities

403 views • 15 slides
Adversarial Examples are a Natural Consequence of Test Error in Noise Nic Ford*, Justin Gilmer*,

Adversarial Examples are a Natural Consequence of Test Error in Noise Nic Ford*, Justin Gilmer*,

Adversarial Examples are a Natural Consequence of Test Error in Noise Nic Ford*, Justin Gilmer*, Nicholas Carlini, Dogus Cubuk *equal contribution Confidential + Proprietary Confidential + Proprietary Robust (out of distribution)

546 views • 16 slides
An overview of the Fires, Asian, and Stratospheric Transport - Las Vegas Ozone Study 2017 ( FAST

An overview of the Fires, Asian, and Stratospheric Transport - Las Vegas Ozone Study 2017 ( FAST

An overview of the Fires, Asian, and Stratospheric Transport - Las Vegas Ozone Study 2017 ( FAST -LVOS) 2013 Where does the high springtime ozone in the Southwest come from? Angel Peak Andrew O. Langford NOAA/ESRL Chemical Sciences Division

201 views • 9 slides
PFN in Warehouse Automation Then, now, and the future May 30, 2018 Wilson Ko Who are we? Tokyo

PFN in Warehouse Automation Then, now, and the future May 30, 2018 Wilson Ko Who are we? Tokyo

PFN in Warehouse Automation Then, now, and the future May 30, 2018 Wilson Ko Who are we? Tokyo based company focused on Machine Learning and Distributed Computing, branch office in Berkeley Were hiring at both locations! Major fields of

656 views • 17 slides
T agging CMSC 723 / LING 723 / INST 725 M ARINE C ARPUAT marine@cs.umd.edu T odays Agenda

T agging CMSC 723 / LING 723 / INST 725 M ARINE C ARPUAT marine@cs.umd.edu T odays Agenda

Part-of-Speech T agging CMSC 723 / LING 723 / INST 725 M ARINE C ARPUAT marine@cs.umd.edu T odays Agenda What are parts of speech (POS)? What is POS tagging? How to POS tag text automatically? Source: Calvin and Hobbs Parts of

1.29k views • 68 slides
Precise and Scalable Detection of Double-Fetch Bugs in OS Kernels Meng Xu , Chenxiong Qian,

Precise and Scalable Detection of Double-Fetch Bugs in OS Kernels Meng Xu , Chenxiong Qian,

Precise and Scalable Detection of Double-Fetch Bugs in OS Kernels Meng Xu , Chenxiong Qian, Kangjie Lu + , Michael Backes*, Taesoo Kim Georgia Tech | University of Minnesota + | CISPA, Germany* 1 What is Double-Fetch? Address Space

1.21k views • 67 slides
Bug Report Analytics David Lo School of Information Systems Singapore Management University

Bug Report Analytics David Lo School of Information Systems Singapore Management University

Bug Report Analytics David Lo School of Information Systems Singapore Management University davidlo@smu.edu.sg 38 th ACM/IEEE International Conference on Software Engineering, Austin, Texas, USA Problems with Bug Reports Bugs are reported

466 views • 29 slides
Photonics/Hit-Maker Time Bug Jake Feintzeig 1 2 Contents This talk covers two separate but

Photonics/Hit-Maker Time Bug Jake Feintzeig 1 2 Contents This talk covers two separate but

Photonics/Hit-Maker Time Bug Jake Feintzeig 1 2 Contents This talk covers two separate but related bugs, one in photonics and one in hit-maker Photonics time transformation bug Overview Details Time transformation plot

498 views • 12 slides
Not Your Grandmas Smart Contract Verification Florian Hubert Dana Drachsler- Andrei Arthur

Not Your Grandmas Smart Contract Verification Florian Hubert Dana Drachsler- Andrei Arthur

Not Your Grandmas Smart Contract Verification Florian Hubert Dana Drachsler- Andrei Arthur Quentin Petar Martin Buenzli Ritzdorf Cohen Dan Gervais Hibon Tsankov Vechev http://blockchainsecurity.ethz.ch Smart Contract Security

641 views • 19 slides

More recommend