Fuzzing Frameworks, with Bhargava Shastry from TU Berlin
OVS Orbit
English - October 03, 2017 05:08 - 35 minutes - 16.1 MB - ★★★★★ - 1 ratingTechnology Education How To Homepage Download IPFS Apple Podcasts Google Podcasts Overcast Castro Pocket Casts RSS feed
Bhargava
Shastry is a Ph.D. student in the Chair
for Security in Telecommunications at Technical University
Berlin. Bhargava develops tools that enable early detection and
fixing of security vulnerabilities.
Among other topics, this episode discusses Bhargava's paper “Static
Exploration of Taint-Style Vulnerabilities Found by Fuzzing,” which
was presented at WOOT
'17, the Workshop on Offensive Technologies. The paper's abstract
is:
Taint-style vulnerabilities comprise a majority of fuzzer discovered
program faults. These vulnerabilities usually manifest as memory access
violations caused by tainted program input. Although fuzzers have
helped uncover a majority of taint-style vulnerabilities in software to
date, they are limited by (i) extent of test coverage; and (ii) the
availability of fuzzable test cases. Therefore, fuzzing alone cannot
provide a high assurance that all taint-style vulnerabilities have been
uncovered.
In this paper, we use static template matching to find recurrences of
fuzzer-discovered vulnerabilities. To compensate for the inherent
incompleteness of template matching, we implement a simple yet
effective match-ranking algorithm that uses test coverage data to focus
attention on matches comprising untested code. We prototype our
approach using the Clang/LLVM compiler toolchain and use it in
conjunction with afl-fuzz, a modern coverage-guided fuzzer. Using a
case study carried out on the Open vSwitch codebase, we show that our
prototype uncovers corner cases in modules that lack a fuzzable test
harness. Our work demonstrates that static analysis can effectively
complement fuzz testing, and is a useful addition to the security
assessment tool-set. Furthermore, our techniques hold promise for
increasing the effectiveness of program analysis and testing, and serve
as a building block for a hybrid vulnerability discovery framework.
You can tweet to Bhargava as @ibags or to the Security in
Telecommunications Research Group at @fgsect. Visit Bhargava's
TU Berlin home page for more contact information.
Episode 42 covered a different research effort fuzzing
Open vSwitch.
OVS Orbit is produced by Ben Pfaff. The
intro music in this episode is Drive,
featuring cdk and DarrylJ, copyright 2013, 2016 by Alex. The bumper
music is Yeah Ant
featuring Wired Ant and Javolenus, copyright 2013 by Speck. The outro
music is Space
Bazooka featuring Doxen Zsigmond, copyright 2013 by Kirkoid. All
content is licensed under a Creative Commons Attribution 3.0
Unported (CC BY 3.0) license.