ISCAS OpenIR
Dynamically Discovering Likely Memory Layout to Perform Accurate Fuzzing
Chen, K; Zhang, YJ; Liu, P
2016
发表期刊IEEE TRANSACTIONS ON RELIABILITY
ISSN0018-9529
卷号65期号:3页码:1180-1194
摘要Malicious Input through Buffer Overflow (MiBO) vulnerabilities play important roles in cyber security. To identify MiBO vulnerabilities, white-box testing approaches analyze instructions in all possible execution paths. Black-box testing approaches try to trigger MiBO vulnerabilities using different inputs. However, only limited coverage can be achieved: the identified MiBO vulnerabilities, when being "hit" by a test input, must cause exceptions (e.g., crashes). Type information could help to catch the non-crash MiBO vulnerabilities, but such information is not contained in binary code. In this paper, we present a white-box fuzzing method to detect non-crash MiBO vulnerabilities. Without source code, we dynamically discover likely memory layouts to help the fuzzing process. This is very challenging since memory addresses and layouts keep changing with the running of software. In different executions with different inputs, the layouts may also change. To address these challenges, we selectively analyze memory operations to identify memory layouts. If a buffer border identified from the memory layout is exceeded, an error will be reported. The fuzzing results will be compared with the layout for future input generation, which greatly increases the opportunity to expose MiBO vulnerabilities. We implemented a prototype called ArtFuzz and performed several evaluations. ArtFuzz discovered 23 real MiBO vulnerabilities (including 8 zero-day MiBO vulnerabilities) in nine applications.; Malicious Input through Buffer Overflow (MiBO) vulnerabilities play important roles in cyber security. To identify MiBO vulnerabilities, white-box testing approaches analyze instructions in all possible execution paths. Black-box testing approaches try to trigger MiBO vulnerabilities using different inputs. However, only limited coverage can be achieved: the identified MiBO vulnerabilities, when being "hit" by a test input, must cause exceptions (e.g., crashes). Type information could help to catch the non-crash MiBO vulnerabilities, but such information is not contained in binary code. In this paper, we present a white-box fuzzing method to detect non-crash MiBO vulnerabilities. Without source code, we dynamically discover likely memory layouts to help the fuzzing process. This is very challenging since memory addresses and layouts keep changing with the running of software. In different executions with different inputs, the layouts may also change. To address these challenges, we selectively analyze memory operations to identify memory layouts. If a buffer border identified from the memory layout is exceeded, an error will be reported. The fuzzing results will be compared with the layout for future input generation, which greatly increases the opportunity to expose MiBO vulnerabilities. We implemented a prototype called ArtFuzz and performed several evaluations. ArtFuzz discovered 23 real MiBO vulnerabilities (including 8 zero-day MiBO vulnerabilities) in nine applications.
收录类别SCI
关键词Dynamic Testing Fuzzing Memory Layout Vulnerability White-box
部门归属Chinese Acad Sci, State Key Lab Informat Secur, Inst Informat Engn, Beijing 100195, Peoples R China. Chinese Acad Sci, Inst Software, Trusted Comp & Informat Assurance Lab, Beijing 100190, Peoples R China. Penn State Univ, Coll Informat Sci & Technol, State Coll, PA 16801 USA.
语种英语
WOS记录号WOS:000382714400006
引用统计
内容类型期刊论文
URI标识http://ir.iscas.ac.cn/handle/311060/17305
专题中国科学院软件研究所
推荐引用方式
GB/T 7714
Chen, K,Zhang, YJ,Liu, P. Dynamically Discovering Likely Memory Layout to Perform Accurate Fuzzing[J]. IEEE TRANSACTIONS ON RELIABILITY,2016,65(3):1180-1194.
APA Chen, K,Zhang, YJ,&Liu, P.(2016).Dynamically Discovering Likely Memory Layout to Perform Accurate Fuzzing.IEEE TRANSACTIONS ON RELIABILITY,65(3),1180-1194.
MLA Chen, K,et al."Dynamically Discovering Likely Memory Layout to Perform Accurate Fuzzing".IEEE TRANSACTIONS ON RELIABILITY 65.3(2016):1180-1194.
条目包含的文件
文件名称/大小 文献类型 版本类型 开放类型 使用许可
07386711.pdf(1849KB) 开放获取使用许可请求全文
个性服务
推荐该条目
保存到收藏夹
查看访问统计
导出为Endnote文件
谷歌学术
谷歌学术中相似的文章
[Chen, K]的文章
[Zhang, YJ]的文章
[Liu, P]的文章
百度学术
百度学术中相似的文章
[Chen, K]的文章
[Zhang, YJ]的文章
[Liu, P]的文章
必应学术
必应学术中相似的文章
[Chen, K]的文章
[Zhang, YJ]的文章
[Liu, P]的文章
相关权益政策
暂无数据
收藏/分享
所有评论 (0)
暂无评论
 

除非特别说明,本系统中所有内容都受版权保护,并保留所有权利。