Crash report analysis is a necessary step before developers begin fixing errors. Fuzzing or hybrid (with dynamic symbolic execution) fuzzing is often used in the secure Development lifecycle. Modern fuzzers could prod...
详细信息
ISBN:
(纸本)9781665423311
Crash report analysis is a necessary step before developers begin fixing errors. Fuzzing or hybrid (with dynamic symbolic execution) fuzzing is often used in the secure Development lifecycle. Modern fuzzers could produce many crashes and developers do not have enough time to fix them till release date. There are two approaches that could reduce developers' effort on crash analysis: crash clustering and crash severity estimation. Crash severity estimation could help developers to prioritize crashes and close security issues first. Crash clustering puts similar crash reports in one cluster what could speed up the analyzing time for all crash reports. In this paper, we focus on crash clustering. We propose an approach for clustering and deduplicating of crashes that occurred in Linux applications. We implement this approach as a tool that could cluster Casr [1] crash reports. We evaluated our tool on a set of crash reports that was collected from fuzzing results.
We consider quantum random walks in an infinite-dimensional phase space constructed using Weyl representation of the coordinate and momentum operators in the space of functions on a Hilbert space which are square inte...
详细信息
Exception handling is a widely used runtime error management method in object-oriented languages, especially C#, where it is deeply embedded in the standard library (CoreFX). Accurate and efficient exception analysis ...
详细信息
ISBN:
(纸本)9781665423311
Exception handling is a widely used runtime error management method in object-oriented languages, especially C#, where it is deeply embedded in the standard library (CoreFX). Accurate and efficient exception analysis is an important requirement for an industrial-level static analyzer. We propose a novel approach to manage exceptions while performing static symbolic execution of C# programs, which is able to process the newest features of the language, such as catch filters. In contrast to the approaches implemented in other static analysis tools, it is much more accurate, because it is path-sensitive thanks to consideration of exception conditions, field- and object-sensitive thanks to the representation of separate exceptions and its fields with distinct symbolic values. We evaluate our approach on a large set of open source projects having 4.2 mln LOC and nearly 2000 reviewed warnings of different types.
A numerical and experimental study has been conducted to explore the influence of vertical wall on the wake of the non/ducted propeller. The numerical simulation is achieved using a structured and transient sliding me...
详细信息
A numerical and experimental study has been conducted to explore the influence of vertical wall on the wake of the non/ducted propeller. The numerical simulation is achieved using a structured and transient sliding mesh approach. The control equations are closed by the Delayed Detached Eddy Simulation (DDES), and the computational results are compared with the available experimental data. By dividing the ducted propeller flow wake vortex shape into different behavior regions, the temporal vortex evolution near the wake of the propellers under the influence of different vertical walls are emphatically analysed. The results show that the jet flow wake reaches the wall, forming a conical low-speed area at the centre of the wall. The fluid circulates from the outer side to the inner side of the cone, forming a vortex whose size first increases and then decreases with the distance between the propellers and the wall. In addition, the change of propellers wake velocity profile is given. The wake velocity of propeller and ducted propeller decreases exponentially and linearly along the flow direction, respectively.
Crash report analysis is a necessary step before developers begin fixing errors. Fuzzing or hybrid (with dynamic symbolic execution) fuzzing is often used in the secure development lifecycle. Modern fuzzers could prod...
详细信息
This paper focuses on investigation of confidential documents leaks in the form of screen photographs. Proposed approach does not try to prevent leak in the first place but rather aims to determine source of the leak....
详细信息
This paper focuses on investigation of confidential documents leaks in the form of screen photographs. Proposed approach does not try to prevent leak in the first place but rather aims to determine source of the leak. Method works by applying on the screen a unique identifying watermark as semi-transparent image that is almost imperceptible for human eyes. Watermark image is static and stays on the screen all the time thus watermark present on every captured photograph of the screen. The key components of the approach are three neural networks. The first network generates an image with embedded message in a way that this image is almost invisible when displayed on the screen. The other two neural networks are used to retrieve embedded message with high accuracy. Developed method was comprehensively tested on different screen and cameras. Test results showed high efficiency of the proposed approach.
During the recent years artificial neural networks have become a great part of everyday life. One of the big problems in AI is acceleration of neural network inference using different hardware: from CPUs and GPUs to F...
详细信息
ISBN:
(纸本)9781665423281
During the recent years artificial neural networks have become a great part of everyday life. One of the big problems in AI is acceleration of neural network inference using different hardware: from CPUs and GPUs to FPGAs and ASICs. Many open-source tools have been proposed for this purpose. This article contains a review of a range of open-source tools for neural network optimization, acceleration and hardware synthesis. Tools of three types have been chosen for evaluation: 1) translating neural network models into synthesizable C; 2) accelerating neural network models using custom hardware accelerators; 3) synthesizing Verilog from neural network models. Some of the tools have been tested using five simple neural network examples. Intel CPU, NVIDIA GPU and Cyclone V FPGA hardware platforms have been used for evaluation. Results show that the tested tools can successfully process neural network models and optimize them for CPU and GPU execution, whereas FPGA execution results are controversial.
Dynamic symbolic execution (DSE) is a powerful method for path exploration during hybrid fuzzing and automatic bug detection. We propose security predicates to effectively detect undefined behavior and memory access v...
详细信息
ISBN:
(纸本)9781665423311
Dynamic symbolic execution (DSE) is a powerful method for path exploration during hybrid fuzzing and automatic bug detection. We propose security predicates to effectively detect undefined behavior and memory access violation errors. Initially, we symbolically execute program on paths that don't trigger any errors (hybrid fuzzing may explore these paths). Then we construct a symbolic security predicate to verify some error condition. Thus, we may change the program data flow to entail null pointer dereference, division by zero, out-of-bounds access, or integer overflow weaknesses. Unlike static analysis, dynamic symbolic execution does not only report errors but also generates new input data to reproduce them. Furthermore, we introduce function semantics modeling for common C/C++ standard library functions. We aim to model the control flow inside a function with a single symbolic formula. This assists bug detection, speeds up path exploration, and overcomes overconstraints in path predicate. We implement the proposed techniques in our dynamic symbolic execution tool Sydr. Thus, we utilize powerful methods from Sydr such as path predicate slicing that eliminates irrelevant constraints. We present Juliet Dynamic to measure dynamic bug detection tools accuracy. The testing system also verifies that generated inputs trigger sanitizers. We evaluate Sydr accuracy for 11 CWEs from Juliet test suite. Sydr shows 95.59% overall accuracy. We make Sydr evaluation artifacts publicly available to facilitate results reproducibility.
Cryptographic protocols are utilized for establishing a secure session between 'honest' agents which communicate strictly according to the protocol rules as well as for ensuring the authenticated and confident...
详细信息
The fog computing paradigm has become prominent in stream processing for IoT systems where cloud computing struggles from high latency challenges. It enables the deployment of computational resources between the edge ...
详细信息
暂无评论