Fuzzing has emerged as the most broadly used testing technique to discover bugs. Effective fuzzers rely on coverage to prioritize inputs that exercise new program areas. Edge-based code coverage of the Program Under T...
详细信息
ISBN:
(纸本)9798400700989
Fuzzing has emerged as the most broadly used testing technique to discover bugs. Effective fuzzers rely on coverage to prioritize inputs that exercise new program areas. Edge-based code coverage of the Program Under Test (PUT) is the most commonly used coverage today. It is cheap to collect-a simple counter per basic block edge suffices. Unfortunately, edge coverage lacks context information: it exclusively records how many times each edge was executed but lacks the information necessary to trace actual paths of execution. Our new fuzzer Arvin gathers probabilistic full traces of PUT executions to construct Dynamic control flow graphs (DCFGs). These DCFGs observe a richer set of program behaviors, such as the "depth" of execution, different paths to reach the same basic block, and targeting specific functions and paths. Prioritizing the most promising inputs based on these behaviors improves fuzzing effectiveness by increasing the diversity of explored basic blocks. Designing a DCFG-aware fuzzer raises a key challenge: collecting the required information needs complex instrumentation which results in performance overheads. Our prototype approximates DCFG and enables lightweight, asynchronous coordination between fuzzing processes, making DCFG-based fuzzing practical. By approximating DCFGs, Arvin is fast, resulting in at least an eight-fold increase in fuzzing speed. Because it effectively prioritizes inputs using methods like depth comparison and directed exclusion, which are unavailable to other fuzzers, it finds bugs missed by others. We compare its ability to find bugs using various Linux programs and discover 50 bugs, 23 of which are uniquely found by Arvin.
How to efficiently reduce the fuzzing data scale while assuring high fuzzing veracity and vulnerability coverage is a pivotal issue in program fuzz test. This paper proposes a new heuristic method for fuzzing data gen...
详细信息
ISBN:
(纸本)9783642244025
How to efficiently reduce the fuzzing data scale while assuring high fuzzing veracity and vulnerability coverage is a pivotal issue in program fuzz test. This paper proposes a new heuristic method for fuzzing data generation named with H-Fuzzing. H-Fuzzing achieves a high program execution path coverage by retrieving the static information and dynamic property from the program. Our experiments evaluate H-Fuzzing, Java Path Finder (JPF) and random fuzzing method. The evaluation results demonstrate that H-Fuzzing can use fewer iterations and testing time to reach more test path coverage compared with the other two methods.
State explosion in model checking continues to be the primary obstacle to widespread use of software model checking. The large input ranges of variables used in software is the main cause of state explosion. As softwa...
详细信息
State explosion in model checking continues to be the primary obstacle to widespread use of software model checking. The large input ranges of variables used in software is the main cause of state explosion. As software grows in size and complexity the problem only becomes worse. As such, model checking research into data abstraction as a way of mitigating state explosion has become more and more important. Data abstractions aim to reduce the effect of large input ranges. This work focuses on a static program analysis technique called dead variable analysis. The goal of dead variable analysis is to discover variable assignments that are not used. When applied to model checking, this allows us to ignore the entire input range of dead variables and thus reduce the size of the explored state space. Prior research into dead variable analysis for model checking does not make full use of dynamic run-time information that is present during model checking. We present an algorithm for intraprocedural dead variable analysis that uses dynamic run-time information to find more dead variables on-the-fly and further reduce the size of the explored state space. We introduce a definition for the maximal state space reduction possible through an on-the-fly dead variable analysis and then show that our algorithm produces a maximal reduction in the absence of non-determinism.
Search Based Software Engineering (SBSE) is an emerging field, involves applying search based techniques to address the various problems related to different domains of software engineering. It is specially excelled i...
详细信息
Search Based Software Engineering (SBSE) is an emerging field, involves applying search based techniques to address the various problems related to different domains of software engineering. It is specially excelled in providing an ideally balanced solution to a software engineering problem involving several competing goals and provides optimal solution to give better prospects over tools and techniques required to grow a productive, proficient and cohesive approach. Software testing is the area which is benefitted the most. Although there are many testing related problems which are solved by search based techniques, but automatic test data generation is the prime activity, capturing researcher's attention these days. Test path generation and prioritization is one of the important activities to reduce test effort. But it hardly gets importance in the existing literature as only few researchers have attempted to generate test sequences using different search based algorithms (Ant Colony Optimization, Genetic Algorithm, Tabu Search, Cuckoo Search, Firefly Algorithm), each having their own merits and demerits. Ideally none of them is perfect as far as complete path coverage and redundancy is concerned. This dissertation aims at carrying the SWOT (strengths, weaknesses, opportunities, threats) analysis of the area i. e. search based software engineering and improving the efficiency of software testing process by generating the optimal test sequences in the control flow graph (CFG) of the program under test (PUT) by using a novel swarm intelligence method called River Formation Dynamics(RFD), inspired by a natural phenomena of how drops transformed into river and then river into sea. It provides full path coverage with zero redundancy in transitions from one node to another. It also tries to prioritize the paths based on their strength, calculated in terms of their traversal by the drops.
Tato práce pojednává o formátu spustitelných souborů EXE. Soustředí se na části potřebné při reverzním inženýrství. Dále se zabývá jazykem sym...
详细信息
Tato práce pojednává o formátu spustitelných souborů EXE. Soustředí se na části potřebné při reverzním inženýrství. Dále se zabývá jazykem symbolických instrukcí, jeho reprezentací v binárních souborech a získání textového popisu instrukcí disasemblerem. Následuje popis převodu na graf toku řízení, detekce základních struktur (větvení a cykly) vyšších programovacích jazyků.
Tato bakalářská práce se zabývá návrhem a implementací extrakce grafů toku řízení ze zdrojových souborů jazyků C a C++ ve formátu LLVM IR. K tomu účelu bylo ...
详细信息
Tato bakalářská práce se zabývá návrhem a implementací extrakce grafů toku řízení ze zdrojových souborů jazyků C a C++ ve formátu LLVM IR. K tomu účelu bylo použito rozhraní LibTooling překladače Clang, pomocí něhož byl tento extraktor implementován jako samostatný nástroj. Výstup programu odpovídá požadavkům platformy Testos, jemuž poskytuje data pro automatické generování testovacích požadavků na základě specifického pokrytí.
Android is the most popular mobile operating system, making it the main target of malware attacks. Machine learning-based attack detection techniques have recently emerged as promising methods that relies heavily on p...
详细信息
Android is the most popular mobile operating system, making it the main target of malware attacks. Machine learning-based attack detection techniques have recently emerged as promising methods that relies heavily on particular features to classify malware. Despite machine learning-based malware detectors having hundreds of features, attackers can use feature-related expertise to generate malware variants to avoid detection. Therefore, the Android security team must constantly develop novel features to detect suspicious attacks. This paper proposes a novel malware detection method called Droid-MCFG that combines the Android features of manifest and control flow graph (CFG). First, reverse engineering tools are used to mine manifest files and Java source codes from Android Package Kit (APK). Second, to represent Android apps with elevated features, we develop a features selection method that retrieves API calls and API sequences from CFGs. The API calls and manifest information are then combined to produce digital fingerprints of Android app actions. Third, a transfer learning approach based on word2vec is developed to extract trained features from digital fingerprints. To thoroughly analyze the novel features, the word2vec is fine-tuned with random, static, and dynamic strategies. Finally, the multi-head Temporal Convolutional Network (TCN) is designed to identify malware based on fine-tuned features. The TCN employs casual convolutions and dilations due to its temporality and broad receptive fields, making it very responsive to API-call sequences and malware activities in the manifest file. The proposed method achieves a classification accuracy of 96.24% using the CICInvesAndMal2019 dataset.(c) 2022 Elsevier B.V. All rights reserved.
Securing the operating system kernel is the key to overall system security. Due to developer negligence and the inherent limitations of the code language, kernel data is exposed to various security risks, such as exec...
详细信息
Securing the operating system kernel is the key to overall system security. Due to developer negligence and the inherent limitations of the code language, kernel data is exposed to various security risks, such as execution flow leakage and privilege hijacking. In binary security, most vulnerabilities are exploited by hijacking the controlflow to make the program run according to the attacker's idea of attack. controlflow integrity is a common defense scheme against controlflow hijacking attacks. In this paper, we use speculation-free function tables in LLVM IR to achieve the integrity of fine-grained controlflow. The technique enforces CFI policies by making logical judgments on jump instruction stubbing. All jump instructions share a common function table, and the information in the table is not repeatedly stored, reducing the additional memory consumption caused by the function table and achieving fine-grained CFI protection.
Vulnerability detection in smart contracts is critical to secure blockchain systems. Existing methods represent the bytecode as a graph structure and leverage graph neural networks to learn graph features for vulnerab...
详细信息
Vulnerability detection in smart contracts is critical to secure blockchain systems. Existing methods represent the bytecode as a graph structure and leverage graph neural networks to learn graph features for vulnerability detection. However, these methods are limited to handling the long-range dependencies between nodes. This means that they might focus on learning local node feature while ignoring global node information. In this paper, we propose a novel vulnerability detection framework with E nhanced G raph F eature L earning (EGFL), which aims to extract the global node information and utilize it to improve vulnerability detection in smart contracts. Specifically, we first represent the bytecode as a control flow graph (CFG). To extract global node information, EGFL constructs a linear node feature matrix from CFG, and uses the feature -aware and relationship -aware modules to handle long-range dependencies between nodes. Meanwhile, a graph neural network is adopted to extract the local node feature from CFG. Subsequently, we fuse the global node information and local node feature to generate an enhanced graph feature for capturing more vulnerability features. We evaluate EGFL on the benchmark dataset with six types of smart contract vulnerabilities. Results show that EGFL outperforms fourteen state-of-the-art vulnerability detection methods by 10.83%-60.28% in F1 score.
General-Purpose graphics Processing Unit (GPGPU) applications exploit on-chip scratchpad memory available in the graphics Processing Units (GPUs) to improve performance. The amount of thread level parallelism (TLP) pr...
详细信息
General-Purpose graphics Processing Unit (GPGPU) applications exploit on-chip scratchpad memory available in the graphics Processing Units (GPUs) to improve performance. The amount of thread level parallelism (TLP) present in the GPU is limited by the number of resident threads, which in turn depends on the availability of scratchpad memory in its streaming multiprocessor (SM). Since the scratchpad memory is allocated at thread block granularity, part of the memory may remain unutilized. In this article, we propose architectural and compiler optimizations to improve the scratchpad memory utilization. Our approach, called Scratchpad Sharing, addresses scratchpad under-utilization by launching additional thread blocks in each SM. These thread blocks use unutilized scratchpad memory and also share scratchpad memory with other resident blocks. To improve the performance of scratchpad sharing, we propose Owner Warp First (OWF) scheduling that schedules warps from the additional thread blocks effectively. The performance of this approach, however, is limited by the availability of the part of scratchpad memory that is shared among thread blocks. We propose compiler optimizations to improve the availability of shared scratchpad memory. We describe an allocation scheme that helps in allocating scratchpad variables such that shared scratchpad is accessed for short duration. We introduce a new hardware instruction, relssp, that when executed releases the shared scratchpad memory. Finally, we describe an analysis for optimal placement of relssp instructions, such that shared scratchpad memory is released as early as possible, but only after its last use, along every execution path. We implemented the hardware changes required for scratchpad sharing and the relssp instruction using the GPGPU-Sim simulator and implemented the compiler optimizations in Ocelot framework. We evaluated the effectiveness of our approach on 19 kernels from 3 benchmarks suites: CUDA-SDK, GPGPU-Sim, and
暂无评论