Presentation is loading. Please wait.

Presentation is loading. Please wait.

Fuzzing And Oracles By: Thomas Sidoti. Overview Introduction Motivation Fuzzable Exploits Oracles Implementation Fuzzing Results.

Similar presentations


Presentation on theme: "Fuzzing And Oracles By: Thomas Sidoti. Overview Introduction Motivation Fuzzable Exploits Oracles Implementation Fuzzing Results."— Presentation transcript:

1 Fuzzing And Oracles By: Thomas Sidoti

2 Overview Introduction Motivation Fuzzable Exploits Oracles Implementation Fuzzing Results

3 Introduction Find relationships between Oracles and Exploits/Errors. What class of errors could a particular oracles hope to find?

4 Motivation Fuzzers: –Generate Input –Watch for errors Without good oracles, some errors will never be found.

5 Fuzzable Exploits Buffer Overflow Improper Validation of Array Index Integer Overflow Incorrect Calc of Buffer Size From the CWE Top 25

6 Available Oracles Process Crash Output Monitoring Memory Monitoring Monitoring Services Program Flow Monitoring (PaiMei)

7 Fuzzable Created a program with optional exploits available. Flags –b : Heap Buffer Overflow –m : Calculated Memory Size Not Checked –s : Stack Buffer Overflow (and small version) –i : Integer Overflow (Multiplication) –a : Calculated Array Index Not Checked (and small version)

8 File Format 10 - Number of Lines 30 - Chars per Line 1 st Line 2 nd Line ……………… Nth Line 9 - Get the xth Line 5 - The yth character from

9 Analysis of Open Source Fuzzers Open Source Fuzzing Software is difficult to use. –Evolution Fuzzing System did not appear to do anything. –FileFuzz crashes when program under test crashes. –Modified FileP to make it usable. Most don’t include robust oracles. –Peach Fuzzer is the exception.

10 Results: Oracle-less Fuzzers FileP, FileFuzz –Random fuzzer based on a Sample File. Fuzzled –Set of factories which makes it easy for a programmer to generate input. Detects Program Crashes –All large errors

11 Results: Peach Fuzzer Oracles: Windows Debugger, Memory Monitor, Page Heap Debugging, etc. Page Heap debugging found small heap space address miscalculation. Memory Monitor found small excess in memory usage. (This flaw could also crash the program in Windows)

12 Conclusion A good portion of errors can be found even if only depending on program crash. Output monitoring may work well if tailored to your program Using more advanced debugging techniques while debugging will reveal more subtle errors.

13 Thanks


Download ppt "Fuzzing And Oracles By: Thomas Sidoti. Overview Introduction Motivation Fuzzable Exploits Oracles Implementation Fuzzing Results."

Similar presentations


Ads by Google