Presentation is loading. Please wait.

Presentation is loading. Please wait.

Fuzzing And Oracles By: Thomas Sidoti. Overview Introduction Motivation Fuzzable Exploits Oracles Implementation Fuzzing Results.

Published byLorin Hicks Modified over 9 years ago

Similar presentations

Presentation on theme: "Fuzzing And Oracles By: Thomas Sidoti. Overview Introduction Motivation Fuzzable Exploits Oracles Implementation Fuzzing Results."— Presentation transcript:

1 Fuzzing And Oracles By: Thomas Sidoti

2 Overview Introduction Motivation Fuzzable Exploits Oracles Implementation Fuzzing Results

3 Introduction Find relationships between Oracles and Exploits/Errors. What class of errors could a particular oracles hope to find?

4 Motivation Fuzzers: –Generate Input –Watch for errors Without good oracles, some errors will never be found.

5 Fuzzable Exploits Buffer Overflow Improper Validation of Array Index Integer Overflow Incorrect Calc of Buffer Size From the CWE Top 25

6 Available Oracles Process Crash Output Monitoring Memory Monitoring Monitoring Services Program Flow Monitoring (PaiMei)

7 Fuzzable Created a program with optional exploits available. Flags –b : Heap Buffer Overflow –m : Calculated Memory Size Not Checked –s : Stack Buffer Overflow (and small version) –i : Integer Overflow (Multiplication) –a : Calculated Array Index Not Checked (and small version)

8 File Format 10 - Number of Lines 30 - Chars per Line 1 st Line 2 nd Line ……………… Nth Line 9 - Get the xth Line 5 - The yth character from

9 Analysis of Open Source Fuzzers Open Source Fuzzing Software is difficult to use. –Evolution Fuzzing System did not appear to do anything. –FileFuzz crashes when program under test crashes. –Modified FileP to make it usable. Most don’t include robust oracles. –Peach Fuzzer is the exception.

10 Results: Oracle-less Fuzzers FileP, FileFuzz –Random fuzzer based on a Sample File. Fuzzled –Set of factories which makes it easy for a programmer to generate input. Detects Program Crashes –All large errors

11 Results: Peach Fuzzer Oracles: Windows Debugger, Memory Monitor, Page Heap Debugging, etc. Page Heap debugging found small heap space address miscalculation. Memory Monitor found small excess in memory usage. (This flaw could also crash the program in Windows)

12 Conclusion A good portion of errors can be found even if only depending on program crash. Output monitoring may work well if tailored to your program Using more advanced debugging techniques while debugging will reveal more subtle errors.

13 Thanks

Download ppt "Fuzzing And Oracles By: Thomas Sidoti. Overview Introduction Motivation Fuzzable Exploits Oracles Implementation Fuzzing Results."

Similar presentations

Author: Carlos Pacheco, Shuvendu K. Lahiri, Michael D. Ernst, Thomas Ball MIT CSAIL.

Author: Carlos Pacheco, Shuvendu K. Lahiri, Michael D. Ernst, Thomas Ball MIT CSAIL.
Fuzzing for logic and state issues

Fuzzing for logic and state issues
New I/O (JSR 51) Robert Rock Howard Chief Technology Officer Tower Technology.

New I/O (JSR 51) Robert Rock Howard Chief Technology Officer Tower Technology.
Slide-1 University of Maryland Five Common Defect Types in Parallel Computing Prepared for Applied Parallel Computing Prof. Alan Edelman Taiga Nakamura.

Slide-1 University of Maryland Five Common Defect Types in Parallel Computing Prepared for Applied Parallel Computing Prof. Alan Edelman Taiga Nakamura.
Module R2 CS450. Next Week R1 is due next Friday ▫Bring manuals in a binder - make sure to have a cover page with group number, module, and date. You.

Module R2 CS450. Next Week R1 is due next Friday ▫Bring manuals in a binder - make sure to have a cover page with group number, module, and date. You.
TaintScope: A Checksum-Aware Directed Fuzzing Tool for Automatic Software Vulnerability Detection Tielei Wang 1, Tao Wei 1, Guofei Gu 2, Wei Zou 1 1 Peking.

TaintScope: A Checksum-Aware Directed Fuzzing Tool for Automatic Software Vulnerability Detection Tielei Wang 1, Tao Wei 1, Guofei Gu 2, Wei Zou 1 1 Peking.
Computer Security: Principles and Practice EECS710: Information Security Professor Hossein Saiedian Fall 2014 Chapter 10: Buffer Overflow.

Computer Security: Principles and Practice EECS710: Information Security Professor Hossein Saiedian Fall 2014 Chapter 10: Buffer Overflow.
An Empirical Study of the Reliability in UNIX Utilities Barton Miller Lars Fredriksen Brysn So Presented by Liping Cai.

An Empirical Study of the Reliability in UNIX Utilities Barton Miller Lars Fredriksen Brysn So Presented by Liping Cai.
By Skyler Onken.  Who am I?  What is Fuzzing?  Usual Targets  Techniques  Results  Limitations  Why Fuzz?  “Fuzzing the Web”?  Desired Solution.

By Skyler Onken.  Who am I?  What is Fuzzing?  Usual Targets  Techniques  Results  Limitations  Why Fuzz?  “Fuzzing the Web”?  Desired Solution.
Biswajit Mazumder Rohit Hooda Arpan Chowdhary.  What is Fuzzing?  Fuzzing techniques  Types of Fuzzing  Fuzzing explained  Case study and changes:

Biswajit Mazumder Rohit Hooda Arpan Chowdhary.  What is Fuzzing?  Fuzzing techniques  Types of Fuzzing  Fuzzing explained  Case study and changes:
Chapter Four Data Types Pratt 2 Data Objects A run-time grouping of one or more pieces of data in a virtual machine a container for data it can be –system.

Chapter Four Data Types Pratt 2 Data Objects A run-time grouping of one or more pieces of data in a virtual machine a container for data it can be –system.
1 CHAPTER 8 BUFFER OVERFLOW. 2 Introduction One of the more advanced attack techniques is the buffer overflow attack Buffer Overflows occurs when software.

1 CHAPTER 8 BUFFER OVERFLOW. 2 Introduction One of the more advanced attack techniques is the buffer overflow attack Buffer Overflows occurs when software.
CMSC 414 Computer and Network Security Lecture 24 Jonathan Katz.

CMSC 414 Computer and Network Security Lecture 24 Jonathan Katz.
TaintCheck and LockSet LBA Reading Group Presentation by Shimin Chen.

TaintCheck and LockSet LBA Reading Group Presentation by Shimin Chen.
Software and Software Vulnerabilities. Synopsis Array overflows Stack overflows String problems Pointer clobbering. Dynamic memory management Integer.

Software and Software Vulnerabilities. Synopsis Array overflows Stack overflows String problems Pointer clobbering. Dynamic memory management Integer.
Parameterizing Random Test Data According to Equivalence Classes Chris Murphy, Gail Kaiser, Marta Arias Columbia University.

Parameterizing Random Test Data According to Equivalence Classes Chris Murphy, Gail Kaiser, Marta Arias Columbia University.
Computer Security and Penetration Testing

Computer Security and Penetration Testing
Buffer Overflow Attacks. Memory plays a key part in many computer system functions. It’s a critical component to many internal operations. From mother.

Buffer Overflow Attacks. Memory plays a key part in many computer system functions. It’s a critical component to many internal operations. From mother.
ECE 265 – LECTURE 9 PROGRAM DESIGN 8/12/2015 1 ECE265.

ECE 265 – LECTURE 9 PROGRAM DESIGN 8/12/ ECE265.
Debugging Logic Errors CPS120 Introduction to Computer Science Lecture 6.

Debugging Logic Errors CPS120 Introduction to Computer Science Lecture 6.

Similar presentations

Ads by Google