Dynamically Discovering Likely Memory Layout to Perform Accurate Fuzzing
文献类型:期刊论文
| 作者 | Chen, K ; Zhang, YJ ; Liu, P |
| 刊名 | IEEE TRANSACTIONS ON RELIABILITY
 |
| 出版日期 | 2016 |
| 卷号 | 65期号:3页码:1180-1194 |
| 关键词 | Dynamic testing fuzzing memory layout vulnerability white-box |
| ISSN号 | 0018-9529 |
| 中文摘要 | Malicious Input through Buffer Overflow (MiBO) vulnerabilities play important roles in cyber security. To identify MiBO vulnerabilities, white-box testing approaches analyze instructions in all possible execution paths. Black-box testing approaches try to trigger MiBO vulnerabilities using different inputs. However, only limited coverage can be achieved: the identified MiBO vulnerabilities, when being "hit" by a test input, must cause exceptions (e.g., crashes). Type information could help to catch the non-crash MiBO vulnerabilities, but such information is not contained in binary code. In this paper, we present a white-box fuzzing method to detect non-crash MiBO vulnerabilities. Without source code, we dynamically discover likely memory layouts to help the fuzzing process. This is very challenging since memory addresses and layouts keep changing with the running of software. In different executions with different inputs, the layouts may also change. To address these challenges, we selectively analyze memory operations to identify memory layouts. If a buffer border identified from the memory layout is exceeded, an error will be reported. The fuzzing results will be compared with the layout for future input generation, which greatly increases the opportunity to expose MiBO vulnerabilities. We implemented a prototype called ArtFuzz and performed several evaluations. ArtFuzz discovered 23 real MiBO vulnerabilities (including 8 zero-day MiBO vulnerabilities) in nine applications. |
| 英文摘要 | Malicious Input through Buffer Overflow (MiBO) vulnerabilities play important roles in cyber security. To identify MiBO vulnerabilities, white-box testing approaches analyze instructions in all possible execution paths. Black-box testing approaches try to trigger MiBO vulnerabilities using different inputs. However, only limited coverage can be achieved: the identified MiBO vulnerabilities, when being "hit" by a test input, must cause exceptions (e.g., crashes). Type information could help to catch the non-crash MiBO vulnerabilities, but such information is not contained in binary code. In this paper, we present a white-box fuzzing method to detect non-crash MiBO vulnerabilities. Without source code, we dynamically discover likely memory layouts to help the fuzzing process. This is very challenging since memory addresses and layouts keep changing with the running of software. In different executions with different inputs, the layouts may also change. To address these challenges, we selectively analyze memory operations to identify memory layouts. If a buffer border identified from the memory layout is exceeded, an error will be reported. The fuzzing results will be compared with the layout for future input generation, which greatly increases the opportunity to expose MiBO vulnerabilities. We implemented a prototype called ArtFuzz and performed several evaluations. ArtFuzz discovered 23 real MiBO vulnerabilities (including 8 zero-day MiBO vulnerabilities) in nine applications. |
| 收录类别 | SCI |
| 语种 | 英语 |
| WOS记录号 | WOS:000382714400006 |
| 公开日期 | 2016-12-09 |
| 源URL | [http://ir.iscas.ac.cn/handle/311060/17305]  |
| 专题 | 软件研究所_软件所图书馆_期刊论文 |
| 推荐引用方式 GB/T 7714 | Chen, K,Zhang, YJ,Liu, P. Dynamically Discovering Likely Memory Layout to Perform Accurate Fuzzing[J]. IEEE TRANSACTIONS ON RELIABILITY,2016,65(3):1180-1194. |
| APA | Chen, K,Zhang, YJ,&Liu, P.(2016).Dynamically Discovering Likely Memory Layout to Perform Accurate Fuzzing.IEEE TRANSACTIONS ON RELIABILITY,65(3),1180-1194. |
| MLA | Chen, K,et al."Dynamically Discovering Likely Memory Layout to Perform Accurate Fuzzing".IEEE TRANSACTIONS ON RELIABILITY 65.3(2016):1180-1194. |
入库方式: OAI收割
来源:软件研究所
浏览0
下载0
收藏0
其他版本
除非特别说明,本系统中所有内容都受版权保护,并保留所有权利。