This research investigates the effectiveness of the forward-porting approach employed in the Magma framework as a fault injection technique for evaluating fuzzers. The study aims to assess the use of Proof-of-Concepts in reproducing crashes in CVEs and evaluate the feasibility of forward-porting vulnerabilities into later software versions. An experiment was conducted using three selected open-source libraries to explore whether vulnerabilities could be triggered or reached in the latest versions through the forward-porting approach. The findings suggest that the forward-porting approach may not be the most effective method for injecting vulnerabilities into software systems. Out of the 22 chosen CVEs for analysis, only one could be triggered and two could be reached using the forward-porting approach. This indicates that many of the injected vulnerabilities become obsolete or have unsatisfiable trigger conditions in later versions. Additionally, manual verification of these vulnerabilities have been found to be time-consuming and challenging. Further research is necessary to provide a comprehensive evaluation of the effectiveness of the forward-porting approach in vulnerability injection.
Identifer | oai:union.ndltd.org:UPSALLA1/oai:DiVA.org:umu-209652 |
Date | January 2023 |
Creators | Nyquist, Fredrik |
Publisher | Umeå universitet, Institutionen för datavetenskap |
Source Sets | DiVA Archive at Upsalla University |
Language | English |
Detected Language | English |
Type | Student thesis, info:eu-repo/semantics/bachelorThesis, text |
Format | application/pdf |
Rights | info:eu-repo/semantics/openAccess |
Relation | UMNAD ; 1386 |
Page generated in 0.0021 seconds