SpotFuzzer: Static Instrument and Fuzzing Windows COTs
نویسندگان
چکیده
The security research on Windows has received little attention in the academic circle. Most of new methods are usually designed for Linux system and difficult to transplant Windows. Fuzzing programs always suffers from its closed source. Therefore, we need find an appropriate way achieve feedback programs. To our knowledge, there no stable scalable static instrumentation tools yet, dynamic tools, such as DynamoRIO, have been criticized their performance. make matters worse, very limited usage scenarios impotent many services or large commercial software. In this paper, proposed SpotInstr, a novel tool instrumenting binaries. It is lightweight can instrument most PE short time. At same time, SpotInstr provides set filters, which be used select points restrict target regions. Based these propose selective method speed up both fuzzing. After that, design called SpotFuzzer, leverages ability fuzz We tested SpotFuzzer multiple dimensions show superior performance stability.
منابع مشابه
Static Program Analysis as a Fuzzing Aid
Fuzz testing is an effective and scalable technique to perform software security assessments. Yet, contemporary fuzzers fall short of thoroughly testing applications with a high degree of control-flow diversity, such as firewalls and network packet analyzers. In this paper, we demonstrate how static program analysis can guide fuzzing by augmenting existing program models maintained by the fuzze...
متن کاملIntegrity Static Analysis of COTS/SOUP
This paper describes the integrity static analysis approach developed to support the justification of commercial off-the-shelf software (COTS) used in a safety-related system. The static analysis was part of an overall software qualification programme, which also included the work reported in our paper presented at Safecomp 2002 [1]. Integrity static analysis focuses on unsafe language construc...
متن کاملStatic Exploration of Taint-Style Vulnerabilities Found by Fuzzing
Taint-style vulnerabilities comprise a majority of fuzzer discovered program faults. These vulnerabilities usually manifest as memory access violations caused by tainted program input. Although fuzzers have helped uncover a majority of taint-style vulnerabilities in software to date, they are limited by (i) extent of test coverage; and (ii) the availability of fuzzable test cases. Therefore, fu...
متن کاملMicroscope-based static light-scattering instrument.
We describe a new design for a microscope-based static light-scattering instrument that provides simultaneous high-resolution images and static light-scattering data. By correlating real space images with scattering patterns, we can interpret measurements from heterogeneous samples, which we illustrate by using biological tissue.
متن کاملH-Fuzzing: A New Heuristic Method for Fuzzing Data Generation
How to efficiently reduce the fuzzing data scale while assuring high fuzzing veracity and vulnerability coverage is a pivotal issue in program fuzz test. This paper proposes a new heuristic method for fuzzing data generation named with H-Fuzzing. H-Fuzzing achieves a high program execution path coverage by retrieving the static information and dynamic property from the program. Our experiments ...
متن کاملذخیره در منابع من
با ذخیره ی این منبع در منابع من، دسترسی به آن را برای استفاده های بعدی آسان تر کنید
ژورنال
عنوان ژورنال: Security and Communication Networks
سال: 2022
ISSN: ['1939-0122', '1939-0114']
DOI: https://doi.org/10.1155/2022/4911587