Filters








46 Hits in 1.2 sec

Enhancing symbolic execution with veritesting

Thanassis Avgerinos, Alexandre Rebert, Sang Kil Cha, David Brumley
2016 Communications of the ACM  
We present MergePoint, a new binary-only symbolic execution system for large-scale testing of commodity off-the-shelf (COTS) software. MergePoint introduces veritesting, a new technique that employs static symbolic execution to amplify the effect of dynamic symbolic execution. Veritesting allows MergePoint to find twice as many bugs, explore orders of magnitude more paths, and achieve higher code coverage than previous dynamic symbolic execution systems. MergePoint is currently running daily on
more » ... a 100 node cluster analyzing 33,248 Linux binaries; has generated more than 15 billion SMT queries, 200 million test cases, 2,347,420 crashes, and found 11,687 bugs in 4,379 distinct applications.
doi:10.1145/2927924 fatcat:uxzvuhiwpnacxmhj2jch5mpf7y

Automatic exploit generation

Thanassis Avgerinos, Sang Kil Cha, Alexandre Rebert, Edward J. Schwartz, Maverick Woo, David Brumley
2014 Communications of the ACM  
The automatic exploit generation challenge is given a program, automatically find vulnerabilities and generate exploits for them. In this paper we present AEG, the first end-to-end system for fully automatic exploit generation. We used AEG to analyze 14 open-source projects and successfully generated 16 control flow hijacking exploits. Two of the generated exploits (expect-5.43 and htget-0.93) are zero-day exploits against unknown vulnerabilities. Our contributions are: 1) we show how exploit
more » ... neration for control flow hijack attacks can be modeled as a formal verification problem, 2) we propose preconditioned symbolic execution, a novel technique for targeting symbolic execution, 3) we present a general approach for generating working exploits once a bug is found, and 4) we build the first end-to-end system that automatically finds vulnerabilities and generates exploits that produce a shell.
doi:10.1145/2560217.2560219 fatcat:zag6jznqmfcxjnoeppcgwde2oe

Unleashing Mayhem on Binary Code

Sang Kil Cha, Thanassis Avgerinos, Alexandre Rebert, David Brumley
2012 2012 IEEE Symposium on Security and Privacy  
In this paper we present MAYHEM, a new system for automatically finding exploitable bugs in binary (i.e., executable) programs. Every bug reported by MAYHEM is accompanied by a working shell-spawning exploit. The working exploits ensure soundness and that each bug report is securitycritical and actionable. MAYHEM works on raw binary code without debugging information. To make exploit generation possible at the binary-level, MAYHEM addresses two major technical challenges: actively managing
more » ... tion paths without exhausting memory, and reasoning about symbolic memory indices, where a load or a store address depends on user input. To this end, we propose two novel techniques: 1) hybrid symbolic execution for combining online and offline (concolic) execution to maximize the benefits of both techniques, and 2) index-based memory modeling, a technique that allows MAYHEM to efficiently reason about symbolic memory at the binary level. We used MAYHEM to find and demonstrate 29 exploitable vulnerabilities in both Linux and Windows programs, 2 of which were previously undocumented.
doi:10.1109/sp.2012.31 dblp:conf/sp/ChaARB12 fatcat:kkiybfbxy5fwvnaafd4xfwbdha

Enhancing symbolic execution with veritesting

Thanassis Avgerinos, Alexandre Rebert, Sang Kil Cha, David Brumley
2014 Proceedings of the 36th International Conference on Software Engineering - ICSE 2014  
We present MergePoint, a new binary-only symbolic execution system for large-scale testing of commodity off-the-shelf (COTS) software. MergePoint introduces veritesting, a new technique that employs static symbolic execution to amplify the effect of dynamic symbolic execution. Veritesting allows MergePoint to find twice as many bugs, explore orders of magnitude more paths, and achieve higher code coverage than previous dynamic symbolic execution systems. MergePoint is currently running daily on
more » ... a 100 node cluster analyzing 33,248 Linux binaries; has generated more than 15 billion SMT queries, 200 million test cases, 2,347,420 crashes, and found 11,687 bugs in 4,379 distinct applications.
doi:10.1145/2568225.2568293 dblp:conf/icse/AvgerinosRCB14 fatcat:lju5ctb2dbfpnp6cbdyvpox4ka

Optimizing Seed Selection for Fuzzing Optimizing Seed Selection for Fuzzing

Alexandre Rebert, Jonathan Foote, David Warren, Alexandre Rebert, Jonathan Foote, David Warren, Gustavo Grieco, David Brumley
unpublished
Randomly mutating well-formed program inputs or simply fuzzing, is a highly effective and widely used strategy to find bugs in software. Other than showing fuzzers find bugs, there has been little systematic effort in understanding the science of how to fuzz properly. In this paper, we focus on how to mathematically formulate and reason about one critical aspect in fuzzing: how best to pick seed files to maximize the total number of bugs found during a fuzz campaign. We design and evaluate six
more » ... ifferent algorithms using over 650 CPU days on Amazon Elastic Compute Cloud (EC2) to provide ground truth data. Overall, we find 240 bugs in 8 applications and show that the choice of algorithm can greatly increase the number of bugs found. We also show that current seed selection strategies as found in Peach may fare no better than picking seeds at random. We make our data set and code publicly available.
fatcat:wvh2jsjcwjcp7lajwvxtuffqii

Optimizing Seed Selection for Fuzzing

Alexandre Rebert, Sang Kil Cha, Thanassis Avgerinos, Jonathan M Foote, David Warren, Gustavo Grieco, David Brumley
2018
Randomly mutating well-formed program inputs or simply fuzzing, is a highly effective and widely used strategy to find bugs in software. Other than showing fuzzers find bugs, there has been little systematic effort in understanding the science of how to fuzz properly. In this paper, we focus on how to mathematically formulate and reason about one critical aspect in fuzzing: how best to pick seed files to maximize the total number of bugs found during a fuzz campaign. We design and evaluate six
more » ... ifferent algorithms using over 650 CPU days on Amazon Elastic Compute Cloud (EC2) to provide ground truth data. Overall, we find 240 bugs in 8 applications and show that the choice of algorithm can greatly increase the number of bugs found. We also show that current seed selection strategies as found in Peach may fare no better than picking seeds at random. We make our data set and code publicly available.
doi:10.1184/r1/6469118 fatcat:5ufe3mk4wfbhtal4qlczerqcti

Page 30 of Essays in International Economics Vol. , Issue 126 [page]

1977 Essays in International Economics  
(June 1976 Alexandre Kafka, The International Monetary Fund: Reform without Recon- struction? (Oct. 1976) Stanley W.  ...  (June 1977) Rebert M. Stern, Charles F. Schwartz, Robert Triffin, Edward M. Bernstein, and Walther Lederer, The Presentation of the Balance of Payments: A Sym- posium. (Aug. 1977) Harry G.  ... 

Page 357 of National Union Catalog Vol. 130, Issue [page]

1942 National Union Catalog  
Title Library of Congress SF335_Fe8s ‘TOA 60044 Saint-Albin, Alexandre Charles Omer Rousselin de Corbeau, comte de, 1773-1847.  ...  Registrum abbatia Jobannis Wheathamstede ... ite ram Gueceptn ; Reberte Blakeney capsiiane, quendam - a forde ... cum appendice, continente quasdam epistolas, a Johanne 1.  ... 

SUMÁRIO

Samir Paulo Jasper
2008 Scientia Agrária  
FORRAGEM E DE SEMENTESLuis Osmar Braga SCHUCH Eliane Maria KOLCHINSKI Leandro Damero CANTARELLI CULTURAS DE SUCESSÃO AO MILHO NA DINÂMICA POPULACIONAL DE PLANTAS DANINHAS Joilson SODRÉ FILHO Ricardo CARMONA Alexandre  ...  ENRAIZAMENTO DE ESTACAS LENHOSAS DE PORTA-ENXERTOS DE VIDEIRA COM USO DE FERTILIZANTE ORGÂNICO Denise MONTEGUTI Luiz Antonio BIASI Rafael Aparecido PERESUTI Adriana De Toni SACHI Odirlei Raimundo de OLIVEIRA Rebert  ... 
doi:10.5380/rsa.v9i1.10245 fatcat:olrd5kw5wjg7th5ciy323fiavu

Page 474 of National Union Catalog Vol. 126, Issue [page]

1942 National Union Catalog  
Library ot oft Srapuene NEI4O.R6 17—8131 —— —— Copy 2. 1 Robert-Dumesnil, Alexandre Pierre Francois, 1778-1864 La peintre-graveur francais see also Meaume, Edouard, 1612-1686.  ...  RE Copyright 1882: 11555 (3081, Rebert-Houdin, Jean Eugine, 1905-1871. Comment on nn eae Dart & > ele tion et de la magic, par Robert Houd Paris, Ca!  ... 

Page 275 of National Union Catalog Vol. 16, Issue [page]

1942 National Union Catalog  
Bem, Aftre—Ee St TH 1a Litrery of Cugres Drm Bes aml, Betarebert, Freacets Le Metel de ase Bale-Rebert, Franqeis Le Motel de, 1383-1008. epee Litrary of Congress a  ...  Jeon Baptuce Torchet de nee ‘Terchet do Betmnélé, Jean Baptiste, 16¢h ce ui Library of Congress Reference cord Betement, Alexandre Jacques Frangeis Brierre do see Die & Bite, Sahn Deeg Sangh, MS- Liwary  ... 

Identification d'un état inédit de l'estampe Alexandre versant l'or aux prêtres d'Ammon signée Jean Mignon

Rodolphe Leroy
2019 Nouvelles de l'estampe  
Dole, Hôtel des ventes, expert Christian Rebert. Lot n° 1 de la vente Une Bibliothèque de Franche-Comté, « Ensemble de gravures », sans précisions. Estimé 100 euros, enchère à 650 euros. 10.  ...  Deux seulement sont signées, dont l'eau-forte Alexandre versant l'or aux prêtres d'Ammon 2 .  ... 
doi:10.4000/estampe.1361 fatcat:fu2rworhjvberbzveszvzj7ttu

Page 12 of Puck Vol. 57, Issue 1482 [page]

1905 Puck  
victims cannot fail to ad not been done before, but itis cer mire the skill with which the sharp tainly well done now thrusts are given Ss Detrvou Free Press The Cleveland Plain Dealer The adventures which Rebert  ...  Monsieur D'En Brochette,” is a tain of the adventures of Huevos Pa capital travesty of the romances of sada Par Agua, Marquis of Pollio the sword by American imitators of Grille, and Count of Pate de Foie Alexandre  ... 

Page 967 of National Union Catalog Vol. 51, Issue [page]

1958 National Union Catalog  
Benois, Alexandre, 1870- Petrou- shka. 11. Title, M1520.S9P3 1912a Stravinskil, Igor’ Fed ich, 1882- :Petroushka, Pétrouchka ; scenes burlesques en 4 tableaux d’Igor Stra- winsky et Alexandre Benois.  ...  Columbia KL 8718, (1962, 8. 12 in. 836 rpm. ae, (Columbia masterworks) dolumbia Orchestra, the composer eee Sees ones Eine 5 ens 6 Uy Canaan Duration: AK ™ totes by Glens Watkins and essay on Geoualdo by Rebert  ... 

Page 1814 of JAMA: The Journal of the American Medical Association Vol. 147, Issue 18 [page]

1951 JAMA: The Journal of the American Medical Association  
., 1065 Fabricius, Julius Rebert Hanrahan, Arthur Lawrence, Lawrence Charles, Harber, George Dillard, 887 Federspiel, Matthew Feeley, Joseph Bernard, Hardy, Periam Burrows, 771 Harker, Wade Christopher  ...  William Arnold, 771 Kronenberger, Richard Andre, 1154 Krueger, William F., 589 Kruskal, Isaac David, 1375 Kuhlmann, Alvin Edgar, 1154 Kwan, Paul King Won, 1065 Kyle, Joseph Allen, 1063 L LaBelle, Urgele Alexandre  ... 
« Previous Showing results 1 — 15 out of 46 results