DeepFuzz: Triggering Vulnerabilities Deeply Hidden in Binaries
نویسندگان
چکیده
We introduce a new method for triggering vulnerabilities in deep layers of binary executables and facilitate their exploitation. In our approach we combine dynamic symbolic execution with fuzzing techniques. To maximize both the execution path depth and the degree of freedom in input parameters for exploitation, we define a novel method to assign probabilities to program paths. Based on this probability distribution we apply new path exploration strategies. This facilitates payload generation and therefore vulnerability exploitation.
منابع مشابه
Forty Years of X-Ray Binaries
In 2012 it was forty years ago that the discovery of the first X-ray binary Centaurus X-3 became known. That same year it was discovered that apart from the High-Mass X-ray Binaries (HMXBs) there are also Low-Mass X-ray Binaries (LMXBs), and that Cygnus X-1 is most probably a black hole. By 1975 also the new class of Be/X-ray binaries was discovered. After this it took 28 years before ESAs INTE...
متن کاملSecurity testing of session initiation protocol implementations
The mechanisms which enable the vast majority of computer attacks are based on design and programming errors in networked applications. The growing use of voice over IP (VOIP) phone technology makes these phone applications potential targets. We present a tool to perform security testing of VOIP applications to identify security vulnerabilities which can be exploited by an attacker. Session Ini...
متن کاملAutomated Preemptive Hardware Isolation of High-Risk Computing Applications
In the face of anticipated persistent cyber attacks it may be desirable to preemptively isolate critical computing applications in hardware. We describe an investigation into providing preemptive hardware isolation by automating the transformation of binaries targeted for general-purpose processors (GPPs) into circuitizable finite state machine with datapath (FSMD) descriptions that are impervi...
متن کاملVmiCVS: Cloud Vulnerability Scanner
Every service that runs in cloud systems comes with its own set of vulnerabilities. It is important to detect and assess those vulnerabilities to provide seamless and secure service to the users. Various scanners such as Port scanner, Network scanner, Web application security scanner, Database security scanner, Host based vulnerability scanner etc provide security assessment. But these scanners...
متن کاملPulsating Components in Close Binaries
We present an overview of pulsating stars in close binaries, focusing on the question what role the dupliticity plays in triggering and/or modifying stellar oscillations and on how it can help us to interpret the oscillatory behaviour of (one of) the components. We give examples of characteristic types of oscillations observed in binaries: forced oscillations and free oscillations in both, shor...
متن کامل