Fuzzing And Oracles By: Thomas Sidoti. Overview Introduction Motivation Fuzzable Exploits Oracles Implementation Fuzzing Results.

Slides:

Advertisements

Similar presentations

Author: Carlos Pacheco, Shuvendu K. Lahiri, Michael D. Ernst, Thomas Ball MIT CSAIL.

Advertisements

Fuzzing for logic and state issues

New I/O (JSR 51) Robert Rock Howard Chief Technology Officer Tower Technology.

Slide-1 University of Maryland Five Common Defect Types in Parallel Computing Prepared for Applied Parallel Computing Prof. Alan Edelman Taiga Nakamura.

Module R2 CS450. Next Week R1 is due next Friday ▫Bring manuals in a binder - make sure to have a cover page with group number, module, and date. You.

TaintScope: A Checksum-Aware Directed Fuzzing Tool for Automatic Software Vulnerability Detection Tielei Wang 1, Tao Wei 1, Guofei Gu 2, Wei Zou 1 1 Peking.

Computer Security: Principles and Practice EECS710: Information Security Professor Hossein Saiedian Fall 2014 Chapter 10: Buffer Overflow.

An Empirical Study of the Reliability in UNIX Utilities Barton Miller Lars Fredriksen Brysn So Presented by Liping Cai.

By Skyler Onken.  Who am I?  What is Fuzzing?  Usual Targets  Techniques  Results  Limitations  Why Fuzz?  “Fuzzing the Web”?  Desired Solution.

Biswajit Mazumder Rohit Hooda Arpan Chowdhary.  What is Fuzzing?  Fuzzing techniques  Types of Fuzzing  Fuzzing explained  Case study and changes:

Chapter Four Data Types Pratt 2 Data Objects A run-time grouping of one or more pieces of data in a virtual machine a container for data it can be –system.

1 CHAPTER 8 BUFFER OVERFLOW. 2 Introduction One of the more advanced attack techniques is the buffer overflow attack Buffer Overflows occurs when software.

CMSC 414 Computer and Network Security Lecture 24 Jonathan Katz.

TaintCheck and LockSet LBA Reading Group Presentation by Shimin Chen.

Software and Software Vulnerabilities. Synopsis Array overflows Stack overflows String problems Pointer clobbering. Dynamic memory management Integer.

Parameterizing Random Test Data According to Equivalence Classes Chris Murphy, Gail Kaiser, Marta Arias Columbia University.

Computer Security and Penetration Testing

Buffer Overflow Attacks. Memory plays a key part in many computer system functions. It’s a critical component to many internal operations. From mother.

ECE 265 – LECTURE 9 PROGRAM DESIGN 8/12/ ECE265.

Debugging Logic Errors CPS120 Introduction to Computer Science Lecture 6.

Min Kwan Park Test Tech Lead Visual C# QA team. Fail fast To-Dos for fail fast Analyze issues Information for further action Q&A Agenda.

MICHAEL EDDINGTON Advanced Fuzzing with Peach 2.

Dr. Pedro Mejia Alvarez Software Testing Slide 1 Software Testing: Building Test Cases.

Computer Programming and Basic Software Engineering 4. Basic Software Engineering 1 Writing a Good Program 4. Basic Software Engineering.

A New Fuzzing Technique for Software Vulnerability Testing IEEE CONSEG 2009 Zhiyong Wu 1 J. William Atwood 2 Xueyong Zhu 3 1,3 Network Information Center.

Revolutionizing the Field of Grey-box Attack Surface Testing with Evolutionary Fuzzing Department of Computer Science & Engineering College of Engineering.

University of Maryland parseThat: A Robust Arbitrary-Binary Tester for Dyninst Ray Chen.

Computer Security and Penetration Testing

BLENDED ATTACKS EXPLOITS, VULNERABILITIES AND BUFFER-OVERFLOW TECHNIQUES IN COMPUTER VIRUSES By: Eric Chien and Peter Szor Presented by: Jesus Morales.

CNG 140 C Programming (Lecture set 9) Spring Chapter 9 Character Strings.

Mitigation of Buffer Overflow Attacks

Arrays, File Access, and Plotting

Debugging in Java. Common Bugs Compilation or syntactical errors are the first that you will encounter and the easiest to debug They are usually the result.

Computer Science and Software Engineering University of Wisconsin - Platteville 2. Pointer Yan Shi CS/SE2630 Lecture Notes.

CNIT 127: Exploit Development Ch 4: Introduction to Format String Bugs.

Testing and Debugging Version 1.0. All kinds of things can go wrong when you are developing a program. The compiler discovers syntax errors in your code.

DEBUGGING. BUG A software bug is an error, flaw, failure, or fault in a computer program or system that causes it to produce an incorrect or unexpected.

Replay Compilation: Improving Debuggability of a Just-in Time Complier Presenter: Jun Tao.

UBI >> Contents Chapter 2 Software Development tools Code Composer Essentials v3: Code Debugging Texas Instruments Incorporated University of Beira Interior.

CSE 232: C++ debugging in Visual Studio and emacs C++ Debugging (in Visual Studio and emacs) We’ve looked at programs from a text-based mode –Shell commands.

Chapter 7 Pointers: Java does not have pointers. Used for dynamic memory allocation.

Buffer Overflow Proofing of Code Binaries By Ramya Reguramalingam Graduate Student, Computer Science Advisor: Dr. Gopal Gupta.

Overview of Previous Lesson(s) Over View  A program must be translated into a form in which it can be executed by a computer.  The software systems.

CNIT 127: Exploit Development Ch 4: Introduction to Heap Overflows

1 Extending FPGA Verification Through The PLI Charles Howard Senior Research Engineer Southwest Research Institute San Antonio, Texas (210)

Renesas Technology America Inc. 1 M16C Seminars Lab 3 Creating Projects Using HEW4 14 March 2005 M16C Seminars Lab 3 Creating Projects Using HEW4 Last.

A Tool for Pro-active Defense Against the Buffer Overrun Attack D. Bruschi, E. Rosti, R. Banfi Presented By: Warshavsky Alex.

Recursion Unit 15. Recursion: Recursion is defined as the process of a subprogram calling itself as part of the solution to a problem. It is a problem.

Using Loop Invariants to Detect Transient Faults in the Data Caches Seung Woo Son, Sri Hari Krishna Narayanan and Mahmut T. Kandemir Microsystems Design.

Chapter 1 The Software Security Problem. Goals of this course Become aware of common pitfalls. Static Analysis and tools.

Lecture 13 Page 1 CS 236 Online Major Problem Areas for Secure Programming Certain areas of programming have proven to be particularly prone to problems.

1 Lecture07: Memory Model 5/2/2012 Slides modified from Yin Lou, Cornell CS2022: Introduction to C.

On the Effectiveness of Address-Space Randomization Hovav Shacham, Matthew Page, Ben Pfaff, Eu-Jin Goh, Nagendra Modadugu, Dan Boneh.

1 Lecture 5 Post-Graduate Students Advanced Programming (Introduction to MATLAB) Code: ENG 505 Dr. Basheer M. Nasef Computers & Systems Dept.

Sairajiv Burugapalli. This chapter covers three main categories of classic software vulnerability: Buffer overflows Integer vulnerabilities Format string.

Security Attacks Tanenbaum & Bo, Modern Operating Systems:4th ed., (c) 2013 Prentice-Hall, Inc. All rights reserved.

Slides by Kent Seamons and Tim van der Horst Last Updated: Nov 11, 2011.

Beyond Stack Smashing: Recent Advances In Exploiting Buffer Overruns Jonathan Pincus and Brandon Baker Microsoft Researchers IEEE Security and.

Chapter 10 Chapter 10 Implementing Subprograms. Implementing Subprograms  The subprogram call and return operations are together called subprogram linkage.

Automatic Diagnosis and Response to Memory Corruption Vulnerabilities Authors: Jun Xu, Peng Ning, Chongkyung Kil, Yan Zhai, Chris Bookholt Cyber Defense.

1 ENERGY 211 / CME 211 Lecture 14 October 22, 2008.

Sabrina Wilkes-Morris CSCE 548 Student Presentation

Security Issues Formalization

High Coverage Detection of Input-Related Security Faults

CS 465 Buffer Overflow Slides by Kent Seamons and Tim van der Horst

The role of the test organization in a Security Sensitive project

CS5123 Software Validation and Quality Assurance

Unit 1 Programming - Assignment 3

Performing Security Auditing In Hardware

Format String Vulnerability

Presentation transcript:

Fuzzing And Oracles By: Thomas Sidoti

Overview Introduction Motivation Fuzzable Exploits Oracles Implementation Fuzzing Results

Introduction Find relationships between Oracles and Exploits/Errors. What class of errors could a particular oracles hope to find?

Motivation Fuzzers: –Generate Input –Watch for errors Without good oracles, some errors will never be found.

Fuzzable Exploits Buffer Overflow Improper Validation of Array Index Integer Overflow Incorrect Calc of Buffer Size From the CWE Top 25

Available Oracles Process Crash Output Monitoring Memory Monitoring Monitoring Services Program Flow Monitoring (PaiMei)

Fuzzable Created a program with optional exploits available. Flags –b : Heap Buffer Overflow –m : Calculated Memory Size Not Checked –s : Stack Buffer Overflow (and small version) –i : Integer Overflow (Multiplication) –a : Calculated Array Index Not Checked (and small version)

File Format 10 - Number of Lines 30 - Chars per Line 1 st Line 2 nd Line ……………… Nth Line 9 - Get the xth Line 5 - The yth character from

Analysis of Open Source Fuzzers Open Source Fuzzing Software is difficult to use. –Evolution Fuzzing System did not appear to do anything. –FileFuzz crashes when program under test crashes. –Modified FileP to make it usable. Most don’t include robust oracles. –Peach Fuzzer is the exception.

Results: Oracle-less Fuzzers FileP, FileFuzz –Random fuzzer based on a Sample File. Fuzzled –Set of factories which makes it easy for a programmer to generate input. Detects Program Crashes –All large errors

Results: Peach Fuzzer Oracles: Windows Debugger, Memory Monitor, Page Heap Debugging, etc. Page Heap debugging found small heap space address miscalculation. Memory Monitor found small excess in memory usage. (This flaw could also crash the program in Windows)

Conclusion A good portion of errors can be found even if only depending on program crash. Output monitoring may work well if tailored to your program Using more advanced debugging techniques while debugging will reveal more subtle errors.

Thanks