中国科学院软件研究所机构知识库
Advanced  
ISCAS OpenIR  > 软件所图书馆  > 期刊论文
Title:
Dynamically Discovering Likely Memory Layout to Perform Accurate Fuzzing
Author: Chen, K ; Zhang, YJ ; Liu, P
Keyword: Dynamic testing ; fuzzing ; memory layout ; vulnerability ; white-box
Source: IEEE TRANSACTIONS ON RELIABILITY
Issued Date: 2016
Volume: 65, Issue:3, Pages:1180-1194
Indexed Type: SCI
Department: Chinese Acad Sci, State Key Lab Informat Secur, Inst Informat Engn, Beijing 100195, Peoples R China. Chinese Acad Sci, Inst Software, Trusted Comp & Informat Assurance Lab, Beijing 100190, Peoples R China. Penn State Univ, Coll Informat Sci & Technol, State Coll, PA 16801 USA.
Abstract: Malicious Input through Buffer Overflow (MiBO) vulnerabilities play important roles in cyber security. To identify MiBO vulnerabilities, white-box testing approaches analyze instructions in all possible execution paths. Black-box testing approaches try to trigger MiBO vulnerabilities using different inputs. However, only limited coverage can be achieved: the identified MiBO vulnerabilities, when being "hit" by a test input, must cause exceptions (e.g., crashes). Type information could help to catch the non-crash MiBO vulnerabilities, but such information is not contained in binary code. In this paper, we present a white-box fuzzing method to detect non-crash MiBO vulnerabilities. Without source code, we dynamically discover likely memory layouts to help the fuzzing process. This is very challenging since memory addresses and layouts keep changing with the running of software. In different executions with different inputs, the layouts may also change. To address these challenges, we selectively analyze memory operations to identify memory layouts. If a buffer border identified from the memory layout is exceeded, an error will be reported. The fuzzing results will be compared with the layout for future input generation, which greatly increases the opportunity to expose MiBO vulnerabilities. We implemented a prototype called ArtFuzz and performed several evaluations. ArtFuzz discovered 23 real MiBO vulnerabilities (including 8 zero-day MiBO vulnerabilities) in nine applications.
English Abstract: Malicious Input through Buffer Overflow (MiBO) vulnerabilities play important roles in cyber security. To identify MiBO vulnerabilities, white-box testing approaches analyze instructions in all possible execution paths. Black-box testing approaches try to trigger MiBO vulnerabilities using different inputs. However, only limited coverage can be achieved: the identified MiBO vulnerabilities, when being "hit" by a test input, must cause exceptions (e.g., crashes). Type information could help to catch the non-crash MiBO vulnerabilities, but such information is not contained in binary code. In this paper, we present a white-box fuzzing method to detect non-crash MiBO vulnerabilities. Without source code, we dynamically discover likely memory layouts to help the fuzzing process. This is very challenging since memory addresses and layouts keep changing with the running of software. In different executions with different inputs, the layouts may also change. To address these challenges, we selectively analyze memory operations to identify memory layouts. If a buffer border identified from the memory layout is exceeded, an error will be reported. The fuzzing results will be compared with the layout for future input generation, which greatly increases the opportunity to expose MiBO vulnerabilities. We implemented a prototype called ArtFuzz and performed several evaluations. ArtFuzz discovered 23 real MiBO vulnerabilities (including 8 zero-day MiBO vulnerabilities) in nine applications.
Language: 英语
WOS ID: WOS:000382714400006
Citation statistics:
Content Type: 期刊论文
URI: http://ir.iscas.ac.cn/handle/311060/17305
Appears in Collections:软件所图书馆_期刊论文

Files in This Item:
File Name/ File Size Content Type Version Access License
07386711.pdf(1849KB)----限制开放 联系获取全文

Recommended Citation:
Chen, K,Zhang, YJ,Liu, P. Dynamically Discovering Likely Memory Layout to Perform Accurate Fuzzing[J]. IEEE TRANSACTIONS ON RELIABILITY,2016-01-01,65(3):1180-1194.
Service
Recommend this item
Sava as my favorate item
Show this item's statistics
Export Endnote File
Google Scholar
Similar articles in Google Scholar
[Chen, K]'s Articles
[Zhang, YJ]'s Articles
[Liu, P]'s Articles
CSDL cross search
Similar articles in CSDL Cross Search
[Chen, K]‘s Articles
[Zhang, YJ]‘s Articles
[Liu, P]‘s Articles
Related Copyright Policies
Null
Social Bookmarking
Add to CiteULike Add to Connotea Add to Del.icio.us Add to Digg Add to Reddit
所有评论 (0)
暂无评论
 
评注功能仅针对注册用户开放,请您登录
您对该条目有什么异议,请填写以下表单,管理员会尽快联系您。
内 容:
Email:  *
单位:
验证码:   刷新
您在IR的使用过程中有什么好的想法或者建议可以反馈给我们。
标 题:
 *
内 容:
Email:  *
验证码:   刷新

Items in IR are protected by copyright, with all rights reserved, unless otherwise indicated.

 

 

Valid XHTML 1.0!
Copyright © 2007-2019  中国科学院软件研究所 - Feedback
Powered by CSpace