Practical Methods for Fuzzing Real-World Systems

Prashast Srivastava (15353365)

27 April 2023

<p>The current software ecosystem is exceptionally complex. A key defining feature of this complexity is the vast input space that software applications must process. This feature</p> <p>inhibits fuzzing (an effective automated testing methodology) in uncovering deep bugs (i.e.,</p> <p>bugs with complex preconditions). We improve the bug-finding capabilities of fuzzers by</p> <p>reducing the input space that they have to explore. Our techniques incorporate domain</p> <p>knowledge from the software under test. In this dissertation, we research how to incorporate</p> <p>domain knowledge in different scenarios across a variety of software domains and test</p> <p>objectives to perform deep bug discovery.</p> <p>We start by focusing on language interpreters that form the backend of our web ecosystem.</p> <p>Uncovering deep bugs in these interpreters requires synthesizing inputs that perform a</p> <p>diverse set of semantic actions. To tackle this issue, we present Gramatron, a fuzzer that employs grammar automatons to speed up bug discovery. Then, we explore firmwares belonging to the rapidly growing IoT ecosystem which generally lack thorough testing. FirmFuzz infers the appropriate runtime state required to trigger vulnerabilities in these firmwares using the domain knowledge encoded in the user-facing network applications. Additionally, we showcase how our proposed strategy to incorporate domain knowledge is beneficial under alternative testing scenarios where a developer analyzes specific code locations, e.g., for patch testing. SieveFuzz leverages knowledge of targeted code locations to prohibit exploration of code regions and correspondingly parts of the input space that are irrelevant to reaching the target location. Finally, we move beyond the realm of memory-safety vulnerabilities and present how domain knowledge can be useful in uncovering logical bugs, specifically deserialization vulnerabilities in Java-based applications with Crystallizer. Crystallizer uses a hybrid analysis methodology to first infer an over-approximate set of possible payloads through static analysis (to constrain the search space). Then, it uses dynamic analysis to instantiate concrete payloads as a proof-of-concept of a deserialization vulnerability.</p> <p>Throughout these four diverse areas we thoroughly demonstrate how incorporating domain</p> <p>knowledge can massively improve bug finding capabilities. Our research has developed</p> <p>tooling that not only outperforms the existing state-of-the-art in terms of efficient bug discovery (with speeds up to 117% faster), but has also uncovered 18 previously unknown bugs,</p> <p>with five CVEs assigned.</p>

Software and application security

fuzzing

Software Security

Application Security

Exploring Vulnerabilities and Security Schemes of Service-Oriented Internet 0f Things (IoT) Protocols

Kayas, Golam, 0000-0001-7186-3442

08 1900

The Internet of Things (IoT) is spearheading a significant revolution in the realm of computing systems for the next generation. IoT has swiftly permeated various domains, including healthcare, manufacturing, military, and transportation, becoming an essential component of numerous smart devices and applications. However, as the number of IoT devices proliferates, security concerns have surged, resulting in severe attacks in recent years. Consequently, it is imperative to conduct a comprehensive investigation into IoT networks to identify and address vulnerabilities in order to preempt potential adversarial activities. The aim of this research is to examine different IoT-based systems and comprehend their security weaknesses. Additionally, the objective is to develop effective strategies to mitigate vulnerabilities and explore the security loopholes inherent in IoT-based systems, along with a plan to rectify them. IoT-based systems present unique challenges due to the expanding adoption of IoT technology across diverse applications, accompanied by a wide array of IoT devices. Each IoT network has its own limitations, further compounding the challenge. For instance, IoT devices used in sensor networks often face constraints in terms of resources, possessing limited power and computational capabilities. Moreover, integration of IoT with existing systems introduces security issues. A prime example of this integration is found in connected cars, where traditional in-vehicle networks, designed to connect internal car components, must be highly robust to meet stringent requirements. However, modern cars are now connected to a wide range of IoT nodes through various interfaces, thus creating new security challenges for professionals to address. This work offers a comprehensive investigation plan for different types of IoT-based systems with varying constraints to identify security vulnerabilities. We also propose security measures to mitigate the vulnerabilities identified in our investigation, thereby preventing adversarial activities. To facilitate the exploration and investigation of vulnerabilities, our work is divided into two parts: resource-constrained IoT-based systems (sensor networks, smart homes) and robustness-constrained IoT-based systems (connected cars). In our investigation of resource-constrained IoT networks, we focus on two widely used service-oriented IoT protocols, namely Universal Plug and Play (UPnP) and Message Queue Telemetry Transport (MQTT). Through a structured phase-by-phase analysis of these protocols, we establish a comprehensive threat model that explains the existing security gaps in communications. The threat models present security vulnerabilities of service-oriented resource-constrained IoT networks and the corresponding security attacks that exploit these vulnerabilities. We propose security solutions to mitigate the identified vulnerabilities and defend against potential security breaches. Our security analysis demonstrates that the proposed measures successfully thwart adversarial activities, and our experimental data supports the feasibility of the proposed models. For robustness-constrained IoT-based systems, we investigate the in-vehicle networks of modern cars, specifically focusing on the Controller Area Network (CAN) bus system, which is widely adopted for connecting Electronic Control Units (ECUs) in vehicles. To uncover vulnerabilities in these in-vehicle networks, we leverage fuzz testing, a method that involves testing with random data. Fuzz testing over the CAN bus is a well-established technique for detecting security vulnerabilities in in-vehicle networks. Furthermore, the automatic execution of test cases and assessment of robustness make CAN bus fuzzing a popular choice in the automotive testing community. However, a major drawback of fuzz testing is the generation of a large volume of execution reports, often containing false positives. Consequently, all execution reports must be manually reviewed, which is time-consuming and prone to human errors. To address this issue, we propose an automatic investigation mechanism to identify security vulnerabilities from fuzzing logs, considering the class, relative severity, and robustness of failures. Our proposed schema utilizes artificial intelligence (AI) to identify genuine security-critical vulnerabilities from fuzz testing execution logs. Additionally, we provide mechanisms to gauge the relative severity and robustness of a failure, thereby determining the criticality of a vulnerability. Moreover, we propose an AI-assisted vulnerability scoring system that indicates the criticality of a vulnerability, offering invaluable assistance in prioritizing the mitigation of critical issues in in-vehicle networks. / Computer and Information Science

Computer science

Automotive security

Internet of Things (IoT)

IoT security

Security

A quantitative measure of the security risk level of enterprise networks

Munir, Rashid, Pagna Disso, Jules F., Awan, Irfan U., Mufti, Muhammad R.

January 2013

No / Along with the tremendous expansion of information technology and networking, the number of malicious attacks which cause disruption to business processes has concurrently increased. Despite such attacks, the aim for network administrators is to enable these systems to continue delivering the services they are intended for. Currently, many research efforts are directed towards securing network further whereas, little attention has been given to the quantification of network security which involves assessing the vulnerability of these systems to attacks. In this paper, a method is devised to quantify the security level of IT networks. This is achieved by electronically scanning the network using the vulnerability scanning tool (Nexpose) to identify the vulnerability level at each node classified according to the common vulnerability scoring system standards (critical, severe and moderate). Probabilistic approach is then applied to calculate an overall security risk level of sub networks and entire network. It is hoped that these metrics will be valuable for any network administrator to acquire an absolute risk assessment value of the network. The suggested methodology has been applied to a computer network of an existing UK organization with 16 nodes and a switch.

Mining Security Risks from Massive Datasets

Liu, Fang

09 August 2017

Cyber security risk has been a problem ever since the appearance of telecommunication and electronic computers. In the recent 30 years, researchers have developed various tools to protect the confidentiality, integrity, and availability of data and programs. However, new challenges are emerging as the amount of data grows rapidly in the big data era. On one hand, attacks are becoming stealthier by concealing their behaviors in massive datasets. One the other hand, it is becoming more and more difficult for existing tools to handle massive datasets with various data types. This thesis presents the attempts to address the challenges and solve different security problems by mining security risks from massive datasets. The attempts are in three aspects: detecting security risks in the enterprise environment, prioritizing security risks of mobile apps and measuring the impact of security risks between websites and mobile apps. First, the thesis presents a framework to detect data leakage in very large content. The framework can be deployed on cloud for enterprise and preserve the privacy of sensitive data. Second, the thesis prioritizes the inter-app communication risks in large-scale Android apps by designing new distributed inter-app communication linking algorithm and performing nearest-neighbor risk analysis. Third, the thesis measures the impact of deep link hijacking risk, which is one type of inter-app communication risks, on 1 million websites and 160 thousand mobile apps. The measurement reveals the failure of Google's attempts to improve the security of deep links. / Ph. D.

Cyber Security

Big Data Security

Mobile Security

Data Leakage Detection

Multi-Vector Portable Intrusion Detection System

Moyers, Benjamin

18 August 2009

This research describes an intrusion detection system designed to fulfill the need for increased mobile device security. The Battery-Sensing Intrusion Protection System (B-SIPS) [1] initially took a non-conventional approach to intrusion detection by recognizing attacks based on anomalous Instantaneous Current (IC) drainage. An extension of B-SIPS, the Multi-Vector Portable Intrusion Detection System (MVP-IDS) validates the idea of recognizing attacks based on anomalous IC drain by correlating the detected anomalies with wireless attack traffic from both the Wi-Fi and Bluetooth mediums. To effectively monitor the Wi-Fi and Bluetooth mediums for malicious packet streams, the Snort-Based Wi-Fi and Bluetooth Attack Detection and Signature System (BADSS) modules were introduced. MVP-IDS illustrates that IC anomalies, representing attacks, can be correlated with wireless attack traffic through a collaborative and multi-module approach. Furthermore, MVP-IDS not only correlates wireless attacks, but mitigates them and defends its clients using an administrative response mechanism. This research also provides insight into the ramifications of battery exhaustion Denial of Service (DoS) attacks on battery-powered mobile devices. Several IEEE 802.11 Wi-Fi, IEEE 802.15.1 Bluetooth, and blended attacks are studied to understand their effects on device battery lifetimes. In the worst case, DoS attacks against mobile devices were found to accelerate battery depletion as much as 18.5%. However, if the MVP-IDS version of the B-SIPS client was allowed to run in the background during a BlueSYN flood attack, it could mitigate the attack and preserve as much as 16% of a mobile device's battery lifetime as compared with an unprotected device. / Master of Science

Intrusion Detection

Bluetooth Security

Wireless Security

Mobile Device Security

Mexico’s national security framework in the context of an interdependent world : a comparative architecture approach

Martinez Espinosa, Cesar Alfredo

04 February 2014

In a more complex and interdependent world, nations face new challenges that threaten their national security. National security should not be understood exclusively in the way of military threats by adversarial states but in a broader way: how old and new sectoral threats affect not only a state and its institutions but a nation as a whole, physically and economically. This dissertation looks into how the nature of security threats and risks has evolved in recent years. This dissertation then explores how different nations have decided to publish national security strategy documents and analyzes the way in which they include this broadened understanding of security: it finds that there is evidence of international policy diffusion related to the publication of such security strategies and that nations are evolving towards a broader understanding of security that includes models like whole-of-government, and whole-of-society. In the second half, this dissertation analyzes the route through which Mexico has reformed its national security framework since the year 2000 through a policy streams approach. After looking at the path that led to the creation of Mexico’s modern national security institutions, it analyzes the way in which Mexico national interests can be determined and how these interests inform the way in which Mexico understands national security threats and risks in the 21st Century. / text

Mexico

National security

International security

Public safety

National security strategy

Cyber security

Disaster preparedness

Security risks

Security threats

Interdependency

Globalization

Governing social security economic crisis and reform in Indonesia, the Philippines and Singapore /

Wisnu, Dinna,

January 2007

Thesis (Ph. D.)--Ohio State University, 2007. / Title from first page of PDF file. Includes bibliographical references (p. 357-386).

Enhancing the European security and defence policy : European integration and the changing of the Norwegian and the Swedish security identities

Moholt van Reeuwijk, Yvonne

January 2018

This paper examines the relationship between Europeanisation and the recent changes of the Norwegian and Swedish security identities. Since the mid-1990s, these two countries have gone different ways, the former as an active non-member with no decision-making powers and the latter as an active participant in the development of the European Security and Defence Policy (ESDP). Concerning Norway and Sweden’s security identity, both have changed exceedingly over the years. Norway, which has valued the US and the transatlantic partnership through NATO, namely being an ‘Atlanticist’, seeks a deeper connection to the EU as a security actor over the last fifteen years, despite the authorities emphasizing that NATO remains the cornerstone for Norwegian security policy. Sweden, which maintained strongly neutral and non-aligned throughout the 20th century, was initially sceptic to partaking in the security and defence dimension of the Union. Nonetheless, Sweden, as a member, managed to change its perception of EU’s security policy through highlighting crisis management and turned out to become one of EU’s most active contributors in shaping the ESDP. This paper concludes that Norway and Sweden have seen similar outcomes concerning Europeanisation, despite holding different positions in relation to the EU. Norway has not been able to hold an influential role respecting its European integration process, even though the authorities seek to gain as much input as possible into the ESDP through associate membership. Sweden, in contrast, entered the Union with an initial negative attitude concerning the security and defence policy but has changed its perception and chosen to play an active part in the policy making process through influencing and deepening its cooperation.

Europeanisation

security identity

Common Security and Defence Policy

Swedish security identity

security

Norwegian security identity

comprehensive security actor.

History

Historia

The Chain-Link Fence Model: A Framework for Creating Security Procedures

Houghton, Robert F.

01 May 2013

A long standing problem in information technology security is how to help reduce the security footprint. Many specific proposals exist to address specific problems in information technology security. Most information technology solutions need to be repeatable throughout the course of an information systems lifecycle. The Chain-Link Fence Model is a new model for creating and implementing information technology procedures. This model was validated by two different methods: the first being interviews with experts in the field of information technology and the second being four distinct case studies demonstrating the creation and implementation of information technology procedures. (169 pages)

Computer Security

Framework Creation

IS Security

Security Framework

Security Model

Security Procedures

Business

Information Security

Management Information Systems

Security risk prioritization for logical attack graphs

Almohri, Hussain

January 1900

Master of Science / Department of Computing and Information Sciences / William H. Hsu / Xinming (Simon) Ou / To prevent large networks from potential security threats, network administrators need to know in advance what components of their networks are under high security risk. One way to obtain this knowledge is via attack graphs. Various types of attack graphs based on miscellaneous techniques has been proposed. However, attack graphs can only make assertion about different paths that an attacker can take to compromise the network. This information is just half the solution in securing a particular network. Network administrators need to analyze an attack graph to be able to identify the associated risk. Provided that attack graphs can get very large in size, it would be very difficult for them to perform the task. In this thesis, I provide a security risk prioritization algorithm to rank logical attack graphs produced by MulVAL (A vulnerability analysis system) . My proposed method (called StepRank) is based on a previously published algorithm called AssetRank that generalizes over Google's PageRank algorithm. StepRank considers a forward attack graph that is a reversed version of the original MulVAL attack graph used by AssetRank. The result of the ranking algorithm is a rank value for each node that is relative to every other rank value and shows how difficult it is for an attacker to satisfy a node.

Computer Security

Network Security

Computer Science (0984)