8 Hits in 2.8 sec

Linear-time Temporal Logic guided Greybox Fuzzing [article]

Ruijie Meng, Zhen Dong, Jialin Li, Ivan Beschastnikh, Abhik Roychoudhury
2022 arXiv   pre-print
Motivated by this observation and leveraging the recent progress in fuzzing, we build a greybox fuzzing framework to find violations of Linear-time Temporal Logic (LTL) properties.  ...  Our work substantially extends directed greybox fuzzing to witness arbitrarily complex event orderings.  ...  PERSPECTIVE We present LTL-Fuzzer, a linear-time temporal logic guided greybox fuzzing technique, which takes Linear-time Temporal Logic (LTL) properties extracted from informal requirements such as RFCs  ... 
arXiv:2109.02312v3 fatcat:yancguqnnjgbfmtqz3ybm6zdu4

Discovery and Identification of Memory Corruption Vulnerabilities on Bare-metal Embedded Devices

Majid Salehi, Luca Degani, Marco Roveri, Daniel Hughes, Bruno Crispo
2022 IEEE Transactions on Dependable and Secure Computing  
Both discovery and identification remain open challenges in the case of fuzzing firmware binaries.  ...  Consequently, fuzzing approaches encounter silent memory corruptions with no visible effects, making even discovery difficult.  ...  HAL-Fuzz [9] is a greybox fuzzer that is built on top of HALucinator emulator [45] . HAL-Fuzz utilizes AFL-Unicorn [47] to perform fuzzing process.  ... 
doi:10.1109/tdsc.2022.3149371 fatcat:hby5lufuxrbyxkjpm7racaure4

RetroWrite: Statically Instrumenting COTS Binaries for Fuzzing and Sanitization

Sushant Dinesh, Nathan Burow, Dongyan Xu, Mathias Payer
2020 2020 IEEE Symposium on Security and Privacy (SP)  
The ideal solution for binary security analysis would be a static rewriter that can intelligently add the required instrumentation as if it were inserted at compile time.  ...  Such analysis relies on automatic vulnerability discovery techniques, most notably fuzzing with sanitizers enabled.  ...  coverage for greybox fuzzing.  ... 
doi:10.1109/sp40000.2020.00009 dblp:conf/sp/DineshBXP20 fatcat:djh5jsx53bhytp3k7ka5lsfiim

KOOBE: Towards Facilitating Exploit Generation of Kernel Out-Of-Bounds Write Vulnerabilities

Weiteng Chen, Xiaochen Zou, Guoren Li, Zhiyun Qian
2020 USENIX Security Symposium  
Our system builds on several building blocks, including a novel capability-guided fuzzing solution to uncover hidden capabilities, and a way to compose capabilities together to further enhance the likelihood  ...  Time Cost We further evaluate capability summarization, exploitability evaluation, and the capability-guided fuzzing solution.  ...  To this end, our system employs a novel capability-guided fuzzing solution to explore additional capabilities. Capability-Guided Fuzzing.  ... 
dblp:conf/uss/ChenZLQ20 fatcat:mgpde2s7bvckjfu5sbyszsqzh4

Atlidakis_columbia_0054D_16273.pdf [article]

Finally, I introduce Pythia, a new fuzzing system that augments stateful REST API fuzzing with coverage-guided feedback and learning-based mutations.  ...  In this dissertation, I introduce stateful REST API fuzzing and describe its implementation in RESTler: the first stateful REST API fuzzing system.  ...  Greybox approaches discussed next attempt to address some of these limitations. Greybox Fuzzing In greybox fuzzing, the testing target is not perceived as a complete "black box.".  ... 
doi:10.7916/d8-dzhy-yf26 fatcat:k4ek6vnsdbfthbvwllpratuhya

Retrowrite: Statically Instrumenting COTS Binaries for Fuzzing and Sanitization

Sushant Dinesh
Binaries rewritten for coverage-guided fuzzing using RetroWriteare identical in performance to compiler-instrumented binaries and outperforms thedefault QEMU-based instrumentation by 7.5x while triggering  ...  The current state of the art for coverage-guidedbinary fuzzing or binary sanitization is dynamic binary translation, which resultsin prohibitive overhead.  ...  for greybox fuzzing.  ... 
doi:10.25394/pgs.8049752 fatcat:2xa7yqg25vgsdcbhqrprscxzau

Hybrid Differential Software Testing

Yannic Noller, Humboldt-Universität Zu Berlin
Die such-basierte Komponente verwendet Fuzzing geleitet durch differentielle Heuristiken.  ...  HyDiff's search-based component uses differential fuzzing directed by differential heuristics.  ...  [16] extended the coverage-guided fuzzing idea of AFL to directed greybox fuzzing with their tool AFLGo.  ... 
doi:10.18452/21968 fatcat:5kj62c6shvhbbi45qsfgpyia7q

Systematic Review of Ethereum Smart Contract Security Vulnerabilities, Analysis Methods and Tools

Heidelinde Rameder, Monika di Angelo, Gernot Salzer
and fuzzing.  ...  Transactions in Flinta re securedb ya tomic operations, based on linear type theory [256] .  ... 
doi:10.34726/hss.2021.86784 fatcat:qgxcvfnzkzgexauu3lh5a2hrce