Nowadays, the cyberspace security situation is unoptimistic. Widespread vulnerabilities and backdoors are the main factors of insecurity in cyberspace. Furthermore, the software monoculture makes the attack have an ex...
详细信息
How to locate the target function faster and more accurately is a key problem of Automatic Reverse-engineering of Software Programs. In order to solve this problem, a target function location method based on code cove...
详细信息
Targeted at the situation of rampant attack on UEFI Platform Firmware, this paper summarizes the UEFI platform firmware framework structure as well as its potential security problems. Then the vulnerability factors of...
详细信息
Aiming at the cryptographic algorithm that may be contained in the binary program, combined with existing research results, several cryptographic algorithm identification techniques are analyzed, including control flo...
Aiming at the cryptographic algorithm that may be contained in the binary program, combined with existing research results, several cryptographic algorithm identification techniques are analyzed, including control flow graphs, data flow graphs, feature matching, selection of command statistical attributes, and semantic-based behavior analysis. The recognition effects of related technologies are discussed respectively.
In today's DNS infrastructure, DNS forwarders are devices standing in between DNS clients and recursive resolvers. The devices often serve as ingress servers for DNS clients, and instead of resolving queries, they...
ISBN:
(纸本)9781939133175
In today's DNS infrastructure, DNS forwarders are devices standing in between DNS clients and recursive resolvers. The devices often serve as ingress servers for DNS clients, and instead of resolving queries, they pass the DNS requests to other servers. Because of the advantages and several use cases, DNS forwarders are widely deployed and queried by Internet users. However, studies have shown that DNS forwarders can be more vulnerable devices in the DNS *** this paper, we present a cache poisoning attack targeting DNS forwarders. Through this attack, attackers can inject rogue records of arbitrary victim domain names using a controlled domain, and circumvent widely-deployed cache poisoning defences. By performing tests on popular home router models and DNS software, we find several vulnerable implementations, including those of large vendors (e.g., D-Link, Linksys, dnsmasq and MS DNS). Further, through a nationwide measurement, we estimate the population of Chinese mobile clients which are using vulnerable DNS forwarders. We have been reporting the issue to the affected vendors, and so far have received positive feedback from three of them. Our work further demonstrates that DNS forwarders can be a soft spot in the DNS infrastructure, and calls for attention as well as implementation guidelines from the community.
The security-sensitive functions can be effectively used to improve the efficiency of vulnerability mining techniques, but mining security-sensitive functions of the large-scale code base is difficult. An automatic mi...
详细信息
Exploiting label correlations is important to multi-label classification. Previous methods capture the high-order label correlations mainly by transforming the label matrix to a latent label space with low-rank matrix...
详细信息
In 2017, Tian, Yang and Mu presented a new three-party key exchange protocol YPKE in radio frequency identification environment, which is based on the HMQV protocol. They claimed that the proposed YPKE protocol in the...
详细信息
Data flow analysis (e.g., dynamic taint analysis) has proven to be useful for guiding fuzzers to explore hard-to-reach code and find vulnerabilities. However, traditional taint analysis is labor-intensive, inaccurate ...
ISBN:
(纸本)9781939133175
Data flow analysis (e.g., dynamic taint analysis) has proven to be useful for guiding fuzzers to explore hard-to-reach code and find vulnerabilities. However, traditional taint analysis is labor-intensive, inaccurate and slow, affecting the fuzzing efficiency. Apart from taint, few data flow features are *** this paper, we proposed a data flow sensitive fuzzing solution GREYONE. We first utilize the classic feature taint to guide fuzzing. A lightweight and sound fuzzing-driven taint inference (FTI) is adopted to infer taint of variables, by monitoring their value changes while mutating input bytes during fuzzing. With the taint, we propose a novel input prioritization model to determine which branch to explore, which bytes to mutate and how to mutate. Further, we use another data flow feature constraint conformance, i.e., distance of tainted variables to values expected in untouched branches, to tune the evolution direction of *** implemented a prototype of GREYONE and evaluated it on the LAVA data set and 19 real world programs. The results showed that it outperforms various state-of-the-art fuzzers in terms of both code coverage and vulnerability discovery. In the LAVA data set, GREYONE found all listed bugs and 336 more unlisted. In real world programs, GREYONE on average found 2.12X unique program paths and 3.09X unique bugs than state-of-the-art evolutionary fuzzers, including AFL, VUzzer, CollAFL, Angora and Honggfuzz, Moreover, GREYONE on average found 1.2X unique program paths and 1.52X unique bugs than a state-of-the-art symbolic exeuction assisted fuzzer QSYM. In total, it found 105 new security bugs, of which 41 are confirmed by CVE.
Greybox fuzzing, which can fuzz without knowledge of the format, is one of the most advanced fuzzing techniques. However, the lack of format knowledge makes the test cases' format messy as the fuzzing proceeds and...
详细信息
暂无评论