• Refine Query
  • Source
  • Publication year
  • to
  • Language
  • 22
  • 2
  • 2
  • 1
  • 1
  • Tagged with
  • 35
  • 19
  • 18
  • 18
  • 11
  • 7
  • 7
  • 6
  • 6
  • 6
  • 6
  • 5
  • 5
  • 5
  • 5
  • About
  • The Global ETD Search service is a free service for researchers to find electronic theses and dissertations. This service is provided by the Networked Digital Library of Theses and Dissertations.
    Our metadata is collected from universities around the world. If you manage a university/consortium/country archive and want to be added, details can be found on the NDLTD website.
1

FOCUSED AUTOMATED DISCOVERY OF TELEMETRY DEVICE CONSTRAINTS

Whittington, Austin J., Youngs, Alexander G., Harwell, John R., Moodie, Myron L. 11 1900 (has links)
Configuring typical devices in the telemetry community requires the creation of complex, device-specific configuration files. While the grammar of the configuration files is vendor neutral, the device specific details are vendor specific. Thus, a naïve approach to building these files is to construct a file, test it against a device, and then iterate. The specification sheets (and other documents) for the device can serve as a guide, but the details of flight test configuration possibilities are immense and, in this community, typically not fully documented. This paper describes a process of creating a set of general rules describing characteristics of a configuration file and using those rules to discover the configuration constraints of telemetry devices automatically. The discovered constraints posed by a particular vendor’s device can then be quickly formed into a correct-by-construction constraint-based grammar for use in other systems.
2

Directing greybox fuzzing to discover bugs in hardware and software

Canakci, Sadullah 23 May 2022 (has links)
Computer systems are deeply integrated into our daily routines such as online shopping, checking emails, and posting photos on social media platforms. Unfortunately, with the wide range of functionalities and sensitive information stored in computer systems, they have become fruitful targets for attackers. Cybersecurity ventures estimate that the cost of cyber attacks will reach $10.5 trillion USD annually by 2025. Moreover, data breaches have resulted in the leakage of millions of people’s social security numbers, social media account passwords, and healthcare information. With the increasing complexity and connectivity of computer systems, the intensity and volume of cyber attacks will continue to increase. Attackers will continuously look for bugs in the systems and ways to exploit them for gaining unauthorized access or leaking sensitive information. Minimizing bugs in systems is essential to remediate security weaknesses. To this end, researchers proposed a myriad of methods to discover bugs. In the software domain, one prominent method is fuzzing, the process of repeatedly running a program under test with “random” inputs to trigger bugs. Among different variants of fuzzing, greybox fuzzing (GF) has especially seen widespread adoption thanks to its practicality and bug-finding capability. In GF, the fuzzer collects feedback from the program (e.g., code coverage) during its execution and guides the input generation based on the feedback. Due to its success in finding bugs in the software domain, GF has gained traction in the hardware domain as well. Several works adapted GF to the hardware domain by addressing the differences between hardware and software. These works demonstrated that GF can be leveraged to discover bugs in hardware designs such as processors. In this thesis, we propose three different fuzzing mechanisms, one for software and two for hardware, to expose bugs in the multiple layers of systems. Each mechanism focuses on different aspects of GF to assist the fuzzing procedure for triggering bugs in hardware and software. The first mechanism, TargetFuzz, focuses on producing an effective seed corpus when fuzzing software. The seed corpus consists of a set of inputs serving as starting points to the fuzzer. We demonstrate that carefully selecting seeds to steer GF towards potentially buggy code regions increases the bug-finding capability of GF. Compared to prior works, TargetFuzz discovered 10 additional bugs and achieved 4.03× speedup, on average, in the total elapsed time for finding bugs. The second mechanism, DirectFuzz, adapts a specific variant of GF for software fuzzing, namely directed greybox fuzzing (DGF), to the hardware domain. The main use case of DGF in software is patch testing where the goal is to steer fuzzing towards recently modified code region. Similar to software, hardware design is an incremental and continuous process. Therefore, it is important to prioritize testing of a new component in a hardware design rather than previously well-tested components. DirectFuzz takes several differences between hardware and software (such as clock sensitivity, concurrent execution of multiple code fragments, hardware-specific coverage) into account to successfully adapt DGF to the hardware domain. DirectFuzz relies on coverage feedback applicable to a wide range of hardware designs and requires limited design knowledge. While this increases its ease of adoption to many different hardware designs, its effectiveness (i.e., bug-finding success) becomes limited in certain hardware designs such as processors. Overall, compared to a state-of-the-work hardware fuzzer, DirectFuzz covers specified targets sites (e.g., modified hardware regions) 2.23× faster. Our third mechanism named ProcessorFuzz relies on novel coverage feedback tailored for processors to increase the effectiveness of fuzzing in processors. Specifically, ProcessorFuzz monitors value changes in control and status registers which form the backbone of a processor. ProcessorFuzz addresses several drawbacks of existing works in processor fuzzing. Specifically, existing works can introduce significant instrumentation overhead, result in misleading guidance, and have lack of support for widely-used hardware languages. ProcessorFuzz revealed 8 new bugs in widely-used open source processors and identified bugs 1.23× faster than a prior work.
3

Black-Box Fuzzing of the REDHAWK Software Communications Architecture

Sayed, Shereef 17 July 2015 (has links)
As the complexity of software increases, so does the complexity of software testing. This challenge is especially true for modern military communications as radio functionality becomes more digital than analog. The Software Communications Architecture was introduced to manage the increased complexity of software radios. But the challenge of testing software radios still remains. A common methodology of software testing is the unit test. However, unit testing of software assumes that the software under test can be decomposed into its fundamental units of work. The intention of such decomposition is to simplify the problem of identifying the set of test cases needed to demonstrate correct behavior. In practice, large software efforts can rarely be decomposed in simple and obvious ways. In this paper, we introduce the fuzzing methodology of software testing as it applies to software radios. Fuzzing is a methodology that acts only on the inputs of a system and iteratively generates new test cases in order to identify points of failure in the system under test. The REDHAWK implementation of the Software Communications Architecture is employed as the system under test by a fuzzing framework called Peach. Fuzz testing of REDHAWK identified a software bug within the Core Framework, along with a systemic flaw that leaves the system in an invalid state and open to malicious use. It is recommended that a form of Fault Detection be integrated into REDHAWK for collocated processes at a minimum, and distributed processes at best, in order to provide a more fault tolerant system. / Master of Science
4

Gurthang - A Fuzzing Framework for Concurrent Network Servers

Shugg, Connor William 13 June 2022 (has links)
The emergence of Internet-connected technologies has given the world a vast number of services easily reachable from our computers and mobile devices. Web servers are one of the dominant types of computer programs that provide these services to the world by serving files and computations to connected users. Because of their accessibility and importance, web servers must be robust to avoid exploitation by hackers and other malicious users. Fuzzing is a software testing technique that seeks to discover bugs in computer programs in an automated fashion. However, most state-of-the-art fuzzing tools (fuzzers) are incapable of fuzzing web servers effectively, due to their reliance on network connections to receive input and other unique constraints they follow. Past research exists to remedy this situation, and while they have had success, certain drawbacks are introduced in the process. To address this, we created Gurthang, a fuzzing framework that gives state-of-the-art fuzzers the ability to fuzz web servers easily, without having to modify source code, the web server's threading model, or fundamentally change the way a server behaves. We introduce novelty by providing the ability to establish and send data across multiple concurrent connections to the target web server in a single execution of a fuzzing campaign, thus opening the door to the discovery of concurrency-related bugs. We accomplish this through a novel file format and two shared libraries that harness existing state-of-the-art fuzzers. We evaluated Gurthang by performing a research study at Virginia Tech that yielded 48 discovered bugs among 55 web servers written by students. Participants utilized Gurthang to integrate fuzzing into their software development process and discover bugs. In addition, we evaluated Gurthang against Apache and Nginx, two real-world web servers. We did not discover any bugs on Apache or Nginx, but Gurthang successfully enabled us to fuzz them without needing to modify their source code. Our evaluations show Gurthang is capable of performing fuzz-testing on web servers and discovering real bugs. / Master of Science / The Internet is widely apparent in our everyday lives. Since its creation, a wide variety of technologies and critical infrastructures have become accessible via the Internet. While this accessibility is a great boon for many, it does not come without risk. Web servers are one of the dominant types of computer programs that make the Internet what it is today; they are responsible for transmitting web pages and other files to connected users, as well as performing important computations per the user's request. Like any computer program, web servers contain bugs that may lead to vulnerabilities if exploited by a malicious user (a hacker). Considering they are open to all via the Internet, it is critical to catch and fix as many bugs as possible during a web server's development. Certain tools, called fuzzers, have been created to test computer programs in an automated fashion to discover bugs (called fuzzing, or fuzz-testing), although many of these fuzzers lack the ability to effectively test web servers due to the specific constraints a web server must follow. Previous research exists to fix this problem, but certain drawbacks are introduced in the process. To address this, we developed Gurthang, a fuzzing framework that gives state-of-the-art fuzzers the ability to test a variety web servers, while also fixing some of these drawbacks and introducing a novel technique to test the concurrency aspects of a web server. We evaluated Gurthang against several web servers through a research study at Virginia Tech in which participating students performed fuzz-testing on web servers they implemented for their coursework. We discovered 48 bugs across 55 web servers through this study. We also evaluated Gurthang against Apache and Nginx (two web servers frequently used in the real world) and showed Gurthang is capable of fuzzing them without the need to modify their source code.
5

Closure: Transforming Source Code for Faster Fuzzing

Paterson, Ian G. 27 May 2022 (has links)
Fuzzing, the method of generating inputs to run on a target program while monitoring its execution, is a widely adopted and pragmatic methodology for bug hunting as a means of software hardening. Technical improvements in throughput have shown to be critical to increasing the rate at which new bugs can be discovered time and time again. Persistent fuzzing, which keeps the fuzz target alive via looping, provides increased throughput at the cost for manual development of harnesses to account for invalid states and coverage of the programs code base, while relying on forking to reset the state accrued by looping over the same piece of code multiple times. Stale state can lead to wasted fuzzing efforts as certain areas of code may be conditionally ignored due to a stale global. I propose Closure, a toolset which enables programs to run at persistent speeds while avoiding the downsides of stale state and other bottlenecks associated with persistent fuzzing. / Master of Science / The process of program testing to find bugs is becoming increasingly automated. A current method called "Fuzzing", is a widely adopted means for finding bugs and is required in the life cycle of program development by major companies and the US Government. I look at current improvements in fuzzing, and expand the use case of the cutting edge method called persistent fuzzing to a wider array of applications with my tool Closure. With Closure, fuzzing practitioners can experience faster fuzzing performance with less manual effort.
6

Practical Feedback and Instrumentation Enhancements for Performant Security Testing of Closed-source Executables

Nagy, Stefan 25 May 2022 (has links)
The Department of Homeland Security reports that over 90% of cyberattacks stem from security vulnerabilities in software, costing the U.S. $109 billion dollars in damages in 2016 alone according to The White House. As NIST estimates that today's software contains 25 bugs for every 1,000 lines of code, the prompt discovery of security flaws is now vital to mitigating the next major cyberattack. Over the last decade, the software industry has overwhelmingly turned to a lightweight defect discovery approach known as fuzzing: automated testing that uncovers program bugs through repeated injection of randomly-mutated test cases. Academic and industry efforts have long exploited the semantic richness of open-source software to enhance fuzzing with fast and fine-grained code coverage feedback, as well as fuzzing-enhancing code transformations facilitated through lightweight compiler-based instrumentation. However, the world's increasing reliance on closed-source software (i.e., commercial, proprietary, and legacy software) demands analogous advances in automated security vetting beyond open-source contexts. Unfortunately, the semantic gaps between source code and opaque binary code leave fuzzing nowhere near as effective on closed-source targets. The difficulty of balancing coverage feedback speed and precision in binary executables leaves fuzzers frequently bottlenecked and orders-of-magnitude slower at uncovering security vulnerabilities in closed-source software. Moreover, the challenges of analyzing and modifying binary executables at scale leaves closed-source software fuzzing unable to fully leverage the sophisticated enhancements that have long accelerated open-source software vulnerability discovery. As the U.S. Cybersecurity and Infrastructure Security Agency reports that closed-source software makes up over 80% of the top routinely exploited software today, combating the ever-growing threat of cyberattacks demands new practical, precise, and performant fuzzing techniques unrestricted by the availability of source code. This thesis answers the following research questions toward enabling fast, effective fuzzing of closed-source software: 1. Can common-case fuzzing insights be exploited to more achieve low-overhead, fine-grained code coverage feedback irrespective of access to source code? 2. What properties of binary instrumentation are needed to extend performant fuzzing-enhancing program transformation to closed-source software fuzzing? In answering these questions, this thesis produces the following key innovations: A. The first code coverage techniques to enable fuzzing speed and code coverage greater than source-level fuzzing for closed-source software targets. (chapter 3) B. The first instrumentation platform to extend both compiler-quality code transformation and compiler-level speed to closed-source fuzzing contexts (chapter 4) / Doctor of Philosophy / The Department of Homeland Security reports that over 90% of cyberattacks stem from security vulnerabilities in software, costing the U.S. $109 billion dollars in damages in 2016 alone according to The White House. As NIST estimates that today's software contains 25 bugs for every 1,000 lines of code, the prompt discovery of security flaws is now vital to mitigating the next major cyberattack. Over the last decade, the software industry has overwhelmingly turned to lightweight defect discovery through automated testing, uncovering program bugs through the repeated injection of randomly-mutated test cases. Academic and industry efforts have long exploited the semantic richness of open-source software (i.e., software whose full internals are publicly available, interpretable, and changeable) to enhance testing with fast and fine-grained exploration feedback; as well as testing-enhancing program transformations facilitated during the process by which program executables are generated. However, the world's increasing reliance on closed-source software (i.e., software whose internals are opaque to anyone but its original developer) like commercial, proprietary, and legacy programs demands analogous advances in automated security vetting beyond open-source contexts. Unfortunately, the challenges of understanding programs without their full source information leaves testing nowhere near as effective on closed-source programs. The difficulty of balancing exploration feedback speed and precision in program executables leaves testing frequently bottlenecked and orders-of-magnitude slower at uncovering security vulnerabilities in closed-source software. Moreover, the challenges of analyzing and modifying program executables at scale leaves closed-source software testing unable to fully leverage the sophisticated enhancements that have long accelerated open-source software vulnerability discovery. As the U.S. Cybersecurity and Infrastructure Security Agency reports that closed-source software makes up over 80% of the top routinely exploited software today, combating the ever-growing threat of cyberattacks demands new practical, precise, and performant software testing techniques unrestricted by the availability of programs' source code. This thesis answers the following research questions toward enabling fast, effective fuzzing of closed-source software: 1. Can common-case testing insights be exploited to more achieve low-overhead, fine-grained exploration feedback irrespective of access to programs' source code? 2. What properties of program modification techniques are needed to extend performant testing-enhancing program transformations to closed-source programs? In answering these questions, this thesis produces the following key innovations: A. The first techniques enabling testing of closed-source programs with speed and exploration higher than on open-source programs. (chapter 3) B. The first platform to extend high-speed program transformations from open-source programs to closed-source ones (chapter 4)
7

Fuzz Testing Architecture Used for Vulnerability Detection in Wireless Systems

Mayhew, Stephen Richard 23 June 2022 (has links)
The wireless world of today is essential to the everyday life of millions of people. Wireless technology is evolving at a rapid pace that's speed outmatches what the previous testing can handle. This necessitates the need for smarter and faster testing methods. One of the recent fast and efficient testing methods is fuzz testing. Fuzz testing is the generation and injection of unexpected input called "fuzzed" input for a system by slightly changing a base input hundreds or even thousands of times and introducing each change into a system to observe its effects. In this thesis, we developed and implemented a fuzz testing architecture to test 5G wireless system vulnerabilities. The proposed design uses multiple open-source software to create a virtual wireless environment for testing the fuzzed inputs' effects on the wireless attach procedure. Having an accessible and adaptable fuzzing architecture to use with wireless networks will help against malicious parties. Due to 5G simulation technology still being developed and the cost of ready-made 5G testing equipment, the architecture was implemented in an LTE environment using the srsRAN LTE simulation software, the Boofuzz fuzzing software, and Wireshark packet capture software. The results show consistent effects of the fuzz testing on the outputs of the LTE eNB. We also include a discussion of our future suggestions to improve the proposed fuzzing architecture. / Master of Science / The persistence of the cellular network is essential to the everyday life of millions of people. Cell phones and cell towers play an important role in business, communication, and recreation across the globe. The speed of advancements made in phones and cell towers technology is outpacing the speed of security testing, increasing the possibility of system vulnerabilities and unexplored back-doors. To cover the security testing gap, different automated testing models are being researched and developed, one of which is fuzz testing. Fuzz testing is the generation and injection of unexpected input called "fuzzed" input for a system by slightly changing a base input hundreds or even thousands of times and introducing each change into a system to observe its effects. The fuzzing architecture proposed in this thesis is used to test for security flaws in wireless cellular networks. We implemented our fuzz testing model in a simulated 4G cellular network, where the results show the effectiveness of the model on tracing network vulnerabilities. The results of the experiment show consistent effects of the fuzz testing on a wireless system. A discussion of how the proposed model can be further improved for future work is added to the end of this thesis.
8

Preventing Vulnerabilities and MitigatingAttacks on the MQTT Protocol

Yara, Ahmad January 2020 (has links)
Syftet med denna studie är att undersöka och förstå hur säkerhetsöverträdelser kan förhindrasoch mitigeras i ett MQTT protokoll för att öka den överliggande säkerheten. Jag är särskiltintresserad av tekniker såsom Fuzzing, Fuzzy Logic och Machine Learning..För att undersöka syftet, analyserade och diskuterade jag tidigare implementationer avFuzzing, Fuzzy Logic och Machine Learning, i ett MQTT protokoll. Analysen visade attFuzzing ansågs vara en väldigt effektiv metod för att förhindra säkerhetsöverträdelser samtatt både Fuzzy Logic och Machine Learning var effektiva metoder för mitigering.Sammanfattningsvis, kan säkerhetsnivån i ett MQTT protokoll öka genom implementering avmetoder som används i syfte att förhindra och mitigera säkerhetsöverträdelser. Exempelviskan man först använda Fuzzing för att hitta och korrigera sårbarheter och därigenomförhindra dem. Därefter kan man antingen använda sig av Fuzzy Logic eller MachineLearning för att mitigera plötsliga attacker på MQTT protokollet när den är i produktion.Detta betyder att att utvecklaren kan kombinera metoder för att både förhindra och mitigeraöverträdelser i syfte att öka säkerhetsnivån i ett MQTT protokoll.
9

To Force a Bug : Extending Hybrid Fuzzing

Näslund, Johan, Nero, Henrik January 2020 (has links)
One of the more promising solutions for automated binary testing today is hybrid fuzzing, a combination of the two acknowledged approaches, fuzzing and symbolic execution, for detecting errors in code. Hybrid fuzzing is one of the pioneering works coming from the authors of Angr and Driller, opening up for the possibility for more specialized tools such as QSYM to come forth. These hybrid fuzzers are coverage guided, meaning they measure their success in how much code they have covered. This is a typical approach but, as with many, it is not flawless. Just because a region of code has been covered does not mean it has been fully tested. Some flaws depend on the context in which the code is being executed, such as double-free vulnerabilities. Even if the free routine has been invoked twice, it does not mean that a double-free bug has occurred. To cause such a vulnerability, one has to free the same memory chunk twice (without it being reallocated between the two invocations to free). In this research, we will extend one of the current state-of-the-art hybrid fuzzers, QSYM, which is an open source project. We do this extension, adding double-free detection, in a tool we call QSIMP. We will then investigate our hypothesis, stating that it is possible to implement such functionality without losing so much performance that it would make the tool impractical. To test our hypothesis we have designed two experiments. One experiment tests the ability of our tool to find double-free bugs (the type of context-sensitive bug that we have chosen to test with). In our second experiment, we explore the scalability of the tool when this functionality is executed. Our experiments showed that we were able to implement context-sensitive bug detection within QSYM. We can find most double-free vulnerabilities we have tested it on, although not all, because of some optimizations that we were unable to build past. This has been done with small effects on scalability according to our tests. Our tool can find the same bugs that the original QSYM while adding functionality to find double-free vulnerabilities. / En av de mer lovande lösningarna för automatiserad binärtestning är i dagsläget hybrid fuzzing, en kombination av två vedertagna tillvägagångssätt, fuzzing och symbolisk exekvering. Forskarna som utvecklade Angr och Driller anses ofta vara några av de första med att testa denna approach. Detta har i sin tur öppnat upp för fler mer specialiserade verktyg som QSYM. Dessa hybrid fuzzers mäter oftast sin framgång i hänsyn till hur mycket kod som nås under testningen. Detta är ett typiskt tillvägagångssätt, men som med många metoder är det inte felfri. Kod som har exekverats, utan att en bugg utlösts, är inte nödvändigtvis felfri. Vissa buggar beror på vilken kontext maskininstruktioner exekveras i -- ett exempel är double-free sårbarheter. Att minne har frigjorts flera gånger betyder inte ovillkorligen att en double-free sårbarhet har uppstått. För att en sådan sårbarhet ska uppstå måste samma minne frigöras flera gånger (utan att detta minne omallokerats mellan anropen till free). I detta projekt breddar vi en av de främsta hybrid fuzzers, QSYM, ett projekt med öppen källkod. Det vi tillför är detektering av double-free i ett verktyg vi kallar QSIMP. Vi undersöker sedan vår hypotes, som säger att det är möjligt att implementera sådan funktionalitet utan att förlora så mycket prestanda att det gör verktyget opraktiskt. För att bepröva hypotesen har vi designat två experiment. Ett experiment testar verktygets förmåga att detektera double-free sårbarheter (den sortens kontext-känsliga sårbarheter vi har valt att fokusera på). I det andra experimentet utforskar vi huruvida verktyget är skalbart då den nya funktionaliteten körs. Våra experiment visar att vi har möjliggjort detektering av kontext-känsliga buggar genom vidareutveckling av verktyget QSYM. QSIMP hittar double-free buggar, dock inte alla, på grund av optimiseringar som vi ej har lyckats arbeta runt. Detta har gjorts utan större effekter på skalbarheten av verktyget enligt resultaten från våra experiment. Vårt verktyg hittar samma buggar som orignal verktyget QSYM, samtidigt som vi tillägger funktionalitet för att hitta double-free sårbarheter.
10

Black-box analýza zabezpečení Wi-Fi / Black-Box Analysis of Wi-Fi Stacks Security

Venger, Adam January 2021 (has links)
Zariadenia, na ktoré sa každodenne spoliehame, sú stále zložitejšie a využívajú zložitejšie protokoly. Jedným z týchto protokolov je Wi-Fi. S rastúcou zložitosťou sa zvyšuje aj potenciál pre implementačné chyby. Táto práca skúma Wi-Fi protokol a použitie fuzz testingu pre generovanie semi-validných vstupov, ktoré by mohli odhaliť zraniteľné miesta v zariadeniach. Špeciálna pozornosť bola venovaná testovaniu Wi-Fi v systéme ESP32 a ESP32-S2. Výsledkom práce je fuzzer vhodný pre testovanie akéhokoľvek Wi-Fi zariadenia, monitorovací nástroj špeciálne pre ESP32 a sada testovacích programov pre ESP32. Nástroj neodhalil žiadne potenciálne zraniteľnosti.

Page generated in 0.1019 seconds