Xiang Tang,Houlin Zhou,Man Zhang,Yuheng Zhang,Guocheng Wu,Hui Lu,Xiang Yu,Zhihong Tian

DOI: https://doi.org/10.1109/cloudnet59005.2023.10490070

2023-01-01

Abstract:Fuzzing technology is the mainstream technology used for vulnerability mining at this stage, and most of the software vulnerabilities are discovered by using this technology. However, one of the main problems of fuzzing technology is that it will generate a large number of crash samples, but not all crashes are vulnerabilities, so how to quickly analyze and judge these crash samples usable is the current vulnerability mining work based on fuzzing technology. The main problem faced aiming at the research on crash exploitability analysis, this article firstly explains the difficulties of vulnerability exploitability analysis, then explains several difficulties in turn, lists some tools and methods for researching these difficulties, and discusses the analysis of vulnerabilities Future development directions and trends in terms of usability.

Gaoning Pan,Tianxiang Luo,Yiming Tao,Xiao Lei,Shuangxi Chen,Hui Liu,Chunming Wu

DOI: https://doi.org/10.1109/PST58708.2023.10319984

2023-01-01

Abstract:With the popularity of computers and mobile devices and the development of the Internet, browsers (applications used to retrieve and display information resources on the World Wide Web) are often included by default and have become an indispensable software. Therefore, research on browser security issues is essential for protecting information assets. Among many browsers in the industry, Chrome, as a cross-platform web browser developed by Google, occupies a large market share in desktop browsers, and its security risks are further amplified as its kernel is used by many other browsers. Therefore, the research on the security issues of Chrome browser is critical for browser security. This paper focuses on the vulnerability detection of the process communication interface in Chrome browser, and designs and implements a fuzzing framework, auto-mojo-fuzz (AMF). The fuzzing process mainly designs a sample optimization technique to ensure the effectiveness of input samples and improve the efficiency of fuzzing. After implementing the AMF solution, we evaluate the generated test samples to demonstrate the effectiveness of the sample optimization technique. We also prove the possibility of discovering more vulnerabilities with AMF, and tests it with the latest version of Chrome browser, finding five unique crashes, four of which are verified as security vulnerabilities, effectively proving the automatic and efficient ability of this framework to discover vulnerabilities in the process communication interfaces in browsers.

He LI,Chao ZHANG,Xin YANG,Jun-hu ZHU

DOI: https://doi.org/10.3969/j.issn.1000-1220.2019.09.034

2019-01-01

Abstract:As an efficient vulnerability discovering method,fuzzing testing has been widely used in operating system kernel security. Kernel fuzzing significantly improves the security of operating system kernel and driver programs. At present,the use of fuzzing tech-niques for operating systems on different platforms for vulnerability discovering has become a research hotspot. This paper studies the existing kernel fuzzing methods,summarizes the development of kernel fuzzing and technical ideas,and attempts to classify kernel fuzzing. Summarizes the new technologies used in kernel fuzzing in recent years. Finally,the problems in the current research are dis-cussed,and the future development trend of kernel fuzzing testing is prospected.

Qi Lanlan,Wen Jiangtao,Huang Hui,Wang Xiong,Wu Zhiyong

DOI: https://doi.org/10.1007/978-3-642-38460-8_10

2013-01-01

Abstract:From Miller firstly introduced the fuzzing in 1990 and found failures in over 25 % of UNIX programs, to recent TaintScope system presented by Peking University and the discovery of 27 0day vulnerabilities in several popular software including Adobe Acrobat, the practical experiences and results have illuminated that fuzzing are effective for vulnerability mining. In this paper, fuzzing is studied and surveyed. First, new features of fuzzing are analyzed. And then, give the definition of Cd and Md. Cd and Md describe the ability to implement vulnerability mining on the vulnerability of the test case. Based on the Cd and Md, this paper also gives a new fuzzing architecture Feedback Fuzz.

Zhi Liu,Xiaosong Zhang,Xiongda Li

DOI: https://doi.org/10.1109/mines.2010.108

2010-01-01

Abstract:Software vulnerability is the major root of security issues which results in serious attacks such as DDOS and worms. How to find vulnerability especially on binaries has been an alluring but challenging topic. Traditional black-box fuzzing heavily relies on input format so that it cannot work on unknown formats, more severely, it cannot generate effective test cases because it randomly change input values. Therefore, fuzzing is rarely effective in real-world circumstances. Information flow tracking, namely taint analysis, has been used in recent years in attack detection and malware analysis but no prior work has used this technique to actively find software vulnerability on binaries. In this paper, we propose a novel approach to find software vulnerability via dynamic tainting consisting of three steps. First execute target program with a seed input being independent of input format. Then identify relevant bytes by back tracking from vulnerability points, defined as dangerous library or system calls, to the original input. Finally generate new test cases by mutating relevant bytes while irrelevant parts remain unchanged. It guarantees that new inputs are able to divert execution flow to vulnerability points. We implemented the system in Windows and evaluated two real-world vulnerabilities. Compared with black-box fuzzing, experiment results show our approach can generate effective test inputs to expose vulnerabilities in short time, which also incurs low overhead.

XIA Jian-jun,SUN Le-chang,LIU Jing-ju,ZHANG Min,CAI Ming

DOI: https://doi.org/10.3969/j.issn.1001-3695.2011.09.095

2011-01-01

Abstract:Buffer overflow(BOF) is always one of the most dangerous vulnerabilities to computer security.This paper proposed multi-dimentional Fuzzing of buffer overflow(MFBOF),which was based on multi-dimentional Fuzzing technology,combined the structure knowledge of target's input,static binary code analysis and dynamic I/O analysis technique,generated test cases using adaptive simulated annealing genetic algorithm.The results of testing Libpng validate that MFBOF is effective.At last,this paper gave its further improvement directions.

唐彰国,钟明全,李焕洲,张健

DOI: https://doi.org/10.3969/j.issn.1000-3428.2010.16.055

2010-01-01

Abstract:The exploiting of the software vulnerabilities is a hotspot of information security research.The shortage of current vulnerability exploiting implements is analyzed.The function demands of vulnerability exploiting and analysis based on Fuzzing are emphasized.A heuristic construction of abnormality data based on structural storage characteristic is proposed.The file format vulnerability intelligent exploiting and analysis system are designed and developed.The system’s software structure and run mechanism and critical technology are given.Experimental result proves its effectiveness and intelligence.

SHAO Lin,ZHANG Xiao-song,SU En-biao

DOI: https://doi.org/10.3969/j.issn.1001-3695.2009.03.088

2009-01-01

Abstract:The techniques of buffer overflow vulnerabilities detection was single and limited to manual analysis,binary-patch comparison,fuzzing and so on.These techniques of vulnerabilities detection were either too dependent on manual analysis or too blind,leading up to the low efficiency of vulnerabilities detection.Introduced a new method of buffer overflow vulnerabilities detection,which was based on fuzzing,data-flow dynamic analysis and automated exception analysis.Overcame the disadvantages of old techniques,this new method effectively improves the detection of potential unknown security vulnerabilities(0day) in software.Besides,this method is more automated and performs better in finding new security vulnerabilities.

Xiaosong Zhang,Lin Shao,Jiong Zheng

DOI: https://doi.org/10.1109/ICACIA.2008.4770021

2008-01-01

Abstract:Buffer overflow vulnerabilities can cause attacks that result in serious consequences. However the techniques of buffer overflow vulnerability detection are limited to manual analysis, binary-patch comparison, fuzzing and so on. They rely on manual analysis, thus cause high overhead. In this paper, we propose a novel method of detection of buffer overflow vulnerabilities, which is based on fuzzing, data-flow dynamic analysis and automated exception analysis. This new method effectively improves the detection of unknown security vulnerabilities (0 Day). Moreover, it is more automated and has better performance in finding new security vulnerabilities.

You-fu XU,Wei-ping WEN,Liang YIN

DOI: https://doi.org/10.3969/j.issn.1671-1122.2011.07.016

2011-01-01

Abstract:Aiming at the vulnerabilities of the patch repair method is studied,the analysis after the patch may loopholes to introduce new security hidden danger,was put forward based on the cause of the new vulnerabilities loopholes patch holes mining method,the method and argument.Finally to use this method of the Windows operating system found that unknown vulnerabilities cases verify the validity of this method.

Xueshuai Ge,Tieming Liu,Yaobin Xie,Yuanyuan Zhang

DOI: https://doi.org/10.1117/12.2683413

2023-01-01

Abstract:The mining and exploitation of security vulnerabilities have always been the focus of offensive and defensive confrontations. In recent years, with the application of technologies such as fuzzing in vulnerability mining, the number of discovered vulnerabilities continues to increase, which seriously threatens the security of the network world. With so many vulnerabilities, it is unrealistic to rely solely on manual analysis by security experts, which is not only costly, but also time-consuming, and cannot meet the needs of vulnerability assessment and defense. Therefore, an automated exploit solution for vulnerabilities is urgently needed to solve the problem of low efficiency of manual vulnerability assessment. Existing research has proposed some solutions and achieved certain results. The purpose of this paper is to review and analyze the existing typical research results.

Wenjie Wang,Donghai Tian,Rui Ma,Hang Wei,Qianjin Ying,Xiaoqi Jia,Lei Zuo

DOI: https://doi.org/10.23919/jcc.2021.08.001

2021-01-01

China Communications

Abstract:Fuzzing is an effective technique to find security bugs in programs by quickly exploring the input space of programs. To further discover vulnerabilities hidden in deep execution paths, the hybrid fuzzing combines fuzzing and concolic execution for going through complex branch conditions. In general, we observe that the execution path which comes across more and complex basic blocks may have a higher chance of containing a security bug. Based on this observation, we propose a hybrid fuzzing method assisted by static analysis for binary programs. The basic idea of our method is to prioritize seed inputs according to the complexity of their associated execution paths. For this purpose, we utilize static analysis to evaluate the complexity of each basic block and employ the hardware trace mechanism to dynamically extract the execution path for calculating the seed inputs' weights. The key advantage of our method is that our system can test binary programs efficiently by using the hardware trace and hybrid fuzzing. To evaluate the effectiveness of our method, we design and implement a prototype system, namely SHFuzz. The evaluation results show SHFuzz discovers more unique crashes on several real-world applications and the LAVA-M dataset when compared to the previous solutions.

Guangcheng Liang,Lejian Liao,Xin Xu,Jianguang Du,Guoqiang Li,Henglong Zhao

DOI: https://doi.org/10.1109/CIS.2013.135

2013-01-01

Abstract:In this paper we present a new vulnerability-targeted black box fuzzing approach to effectively detect errors in the program. Unlike the standard fuzzing techniques that randomly change bytes of the input file, our approach remarkably reduces the fuzzing range by utilizing an efficient dynamic taint analysis technique. It locates the regions of seed files that affect the values used at the hazardous points. Thus it enables to pay more attention to deep errors in the core of the program. Because our approach is directly targeted to the specific potential vulnerabilities, most of the detected errors are with vulnerability signatures. Besides, this approach does not need the information of the input file format in advance. So it is especially appropriate for testing applications with complex and highly structured input file formats. We design and implement a prototype, Taint Fuzz, to realize this approach. The experiments demonstrate that Taint Fuzz can effectively expose more errors with much lower time cost and much smaller number of input samples compared with the standard fuzzer.

Sheqiang Peng,Zeyi Tian

DOI: https://doi.org/10.4028/www.scientific.net/amm.651-653.2032

2014-01-01

Applied Mechanics and Materials

Abstract:In order to detect Internet Explorer browser vulnerabilities, the miner distributed with test method based on the DOM tree are designed and implemented, it also implemented dynamic selection of the test case execution, experiment results found 50 IE vulnerabilities.

徐昊,王轶骏,薛质

DOI: https://doi.org/10.3969/j.issn.1009-8054.2008.06.039

2008-01-01

Abstract:Kernel overflow nowadays is a new trend in the research of buffer overflow vulnerabilities, and most kernel overflows occur in the device drivers running in the kernel mode of operating system. In this paper, a vulnerability instance of a kernel driver under Win32 environment is analyzed, the principle behind the vulnerability presented in detail, and then its corresponding exploitation described.

Chao Wang,Tianyu Ren,Qun Li,Xiaohu Wang,Guangxin Guo,Jiahan Dong

DOI: https://doi.org/10.1088/1757-899x/750/1/012155

2020-02-01

IOP Conference Series: Materials Science and Engineering

Abstract:Abstract With the development of computer technology and communication technology, computer network will increasingly become an important means of information exchange, and permeate into every field of social life. However, the network has the potential threat and the reality existence each kind of security question, therefore we must take the strong security policy to ensure the network security. The purpose of this paper is to study the network computer security hidden trouble and vulnerability mining technology. In this paper, the types of security hidden dangers are analyzed, and the vulnerability detection technology Fuzzing technology is deeply studied. Then, the inspection and test time is analyzed for the existing vulnerability detection tools. The experimental results prove that vulnerability detection technology can protect network security with high efficiency of vulnerability detection. In this paper, three vulnerability detection tools WS Fuzzer, Web Fuzz and Webvul Scan were used to analyze the detection time of open source system, personal blog, shopping mall and forum. The average detection time was 1.9s, 8.7s, 20.5s and 59.7s, respectively. It can be seen that the vulnerability mining technology has a certain practical role.

Bodong Zhao,Zheming Li,Shisong Qin,Zheyu Ma,Ming Yuan,Wenyu Zhu,Zhihong Tian,Chao Zhang

2022-01-01

Abstract:Coverage-guided fuzzing has achieved great success in finding software vulnerabilities. Existing coverage-guided fuzzers generally favor test cases that hit new code, and discard ones that exercise the same code. However, such a strategy is not optimum. A new test case exercising the same code could be better than a previous test case, as it may trigger new program states useful for code exploration and bug discovery. In this paper, we assessed the limitation of coverage-guided fuzzing solutions and proposed a state-aware fuzzing solution StateFuzz to address this issue. First, we model program states with values of state-variables and utilize static analysis to recognize such variables. Then, we instrument target programs to track such variables' values and infer program state transition at runtime. Lastly, we utilize state information to prioritize test cases that can trigger new states, and apply a three-dimension feedback mechanism to fine-tune the evolutionary direction of coverage-guided fuzzers. We have implemented a prototype of StateFuzz, and evaluated it on Linux upstream drivers and Android drivers. Evaluation results show that StateFuzz is effective at discovering both new code and vulnerabilities. It finds 18 unknown vulnerabilities and 2 known but unpatched vulnerabilities, and reaches 19% higher code coverage and 32% higher state coverage than the state-of-the-art fuzzer Syzkaller.

WEN Weiping,ZHANG Puhan,XU Youfu,YIN Liang

2011-01-01

Abstract:Windows is the world's most widely used desktop operating system,so security vulnerabilities in windows have an enormous impact on system security and exploiting vulnerabilities in the Windows operating system has great significance.At present,the discovery of software security vulnerabilities depends mainly on the experience and luck of security researchers since they lack systematic and effective methods to find vulnerabilities.To more quickly find a class of vulnerabilities,this paper focuses on patch vulnerability with four types of security threat modes introduced patches.Then this paper describes a software security vulnerability exploitation method based on patch comparison.This method can be used to solve the semi-automatically find Windows vulnerabilities with patches.This method found unknown Windows operating system vulnerabilities to verify its effectiveness.

NIE Sen,LI Xiao,WANG Yi-jun,XUE Zhi

DOI: https://doi.org/10.3969/j.issn.1009-8054.2013.12.025

2013-01-01

Abstract:As the problem of software vulnerabilities becomes increasingly serious,smart Fuzzing technology is widely applied in the field of vulnerability mining and software security.Frameworks for smart Fuzzing based on symbolic execution and taint analysis are developed.Under the concept of vulnerability problem and software test methodology,this paper describes theories in smart Fuzzing technology and some released smart Fuzzing frameworks,including the bottlenecks.Finally,this paper proposes a blueprint of smart Fuzzing framework based on whole system symbolic execution and cloud computing infrastructure.It can be used as a practical platform toward the COTS software fuzzing.

Tingting Yin,Zicong Gao,Zhenghang Xiao,Zheyu Ma,Min Zheng,Chao Zhang

2023-01-01

Abstract:macOS drivers, i.e., Kernel EXTensions (kext), are attractive attack targets for adversaries. However, automatically discovering vulnerabilities in kexts is extremely challenging because kexts are mostly closed-source, and the latest macOS running on customized Apple Silicon has limited tool-chain support. Most existing static analysis and dynamic testing solutions cannot be applied to the latest macOS. In this paper, we present the first smart fuzzing solution KextFuzz to detect bugs in the latest macOS kexts running on Apple Silicon. Unlike existing driver fuzzing solutions, KextFuzz does not require source code, execution traces, hypervisors, or hardware features (e.g., coverage tracing) and thus is universal and practical. We note that macOS has deployed many mitigations, including pointer authentication, code signature, and userspace kernel layer wrappers, to thwart potential attacks. These mitigations can provide extra knowledge and resources for us to enable kernel fuzzing. KextFuzz exploits these mitigation schemes to instrument the binary for coverage tracking, test privileged kext code that is guarded and infrequently accessed, and infer the type and semantic information of the kext interfaces. KextFuzz has found 48 unique kernel bugs in the macOS kexts and got five CVEs. Some bugs could cause severe consequences like non-recoverable denial-of-service or damages.