Add to collection(s) Add to saved
  1. Engineering & Technology
  2. Computer Science
  3. Computer Programming

Fuzzable

advertisement 
Fuzzing And Oracles
By: Thomas Sidoti
Overview
•
•
•
•
•
•
Introduction
Motivation
Fuzzable Exploits
Oracles
Implementation
Fuzzing Results
Introduction
• Find relationships between Oracles and
Exploits/Errors.
• What class of errors could a particular
oracles hope to find?
Motivation
• Fuzzers:
– Generate Input
– Watch for errors
• Without good oracles, some errors will
never be found.
Fuzzable Exploits
•
•
•
•
Buffer Overflow
Improper Validation of Array Index
Integer Overflow
Incorrect Calc of Buffer Size
• From the CWE Top 25
Available Oracles
•
•
•
•
•
Process Crash
Output Monitoring
Memory Monitoring
Monitoring Services
Program Flow Monitoring (PaiMei)
Fuzzable
• Created a program with optional exploits
available.
• Flags
– b : Heap Buffer Overflow
– m : Calculated Memory Size Not Checked
– s : Stack Buffer Overflow (and small version)
– i : Integer Overflow (Multiplication)
– a : Calculated Array Index Not Checked (and
small version)
File Format
10 - Number of Lines
30 - Chars per Line
1st Line
2nd Line
………………
Nth Line
9 - Get the xth Line
5 - The yth character from
Analysis of Open Source Fuzzers
• Open Source Fuzzing Software is difficult
to use.
– Evolution Fuzzing System did not appear to
do anything.
– FileFuzz crashes when program under test
crashes.
– Modified FileP to make it usable.
• Most don’t include robust oracles.
– Peach Fuzzer is the exception.
Results: Oracle-less Fuzzers
• FileP, FileFuzz
– Random fuzzer based on a Sample File.
• Fuzzled
– Set of factories which makes it easy for a
programmer to generate input.
• Detects Program Crashes
– All large errors
Results: Peach Fuzzer
• Oracles: Windows Debugger, Memory
Monitor, Page Heap Debugging, etc.
• Page Heap debugging found small heap
space address miscalculation.
• Memory Monitor found small excess in
memory usage. (This flaw could also
crash the program in Windows)
Conclusion
• A good portion of errors can be found even
if only depending on program crash.
• Output monitoring may work well if tailored
to your program
• Using more advanced debugging
techniques while debugging will reveal
more subtle errors.
Thanks
Related documents
Fuzzing Web Applications and Services
Fuzzing Web Applications and Services
Logical Fuzzing
Logical Fuzzing
PowerPoint 簡報
PowerPoint 簡報
Smash File Fuzzer
Smash File Fuzzer
Presentation - National Humanities Center
Presentation - National Humanities Center
ppt
ppt
E.E.Evans-Pitchard
E.E.Evans-Pitchard
Taint Analysis Review
Taint Analysis Review
Document13103391 13103391
Document13103391 13103391
Godel`s Gourd
Godel`s Gourd
Discover expoits and software vulnerabilities
Discover expoits and software vulnerabilities
NetworkingForensics_2012 (1)
NetworkingForensics_2012 (1)
Download
advertisement