1 / 13

Fuzzing And Oracles

Fuzzing And Oracles. By: Thomas Sidoti. Overview. Introduction Motivation Fuzzable Exploits Oracles Implementation Fuzzing Results. Introduction. Find relationships between Oracles and Exploits/Errors. What class of errors could a particular oracles hope to find?. Motivation. Fuzzers:

magnar
Download Presentation

Fuzzing And Oracles

An Image/Link below is provided (as is) to download presentation Download Policy: Content on the Website is provided to you AS IS for your information and personal use and may not be sold / licensed / shared on other websites without getting consent from its author. Content is provided to you AS IS for your information and personal use only. Download presentation by click this link. While downloading, if for some reason you are not able to download a presentation, the publisher may have deleted the file from their server. During download, if you can't get a presentation, the file might be deleted by the publisher.

E N D

Presentation Transcript

  1. Fuzzing And Oracles By: Thomas Sidoti

  2. Overview • Introduction • Motivation • Fuzzable Exploits • Oracles • Implementation • Fuzzing Results

  3. Introduction • Find relationships between Oracles and Exploits/Errors. • What class of errors could a particular oracles hope to find?

  4. Motivation • Fuzzers: • Generate Input • Watch for errors • Without good oracles, some errors will never be found.

  5. Fuzzable Exploits • Buffer Overflow • Improper Validation of Array Index • Integer Overflow • Incorrect Calc of Buffer Size • From the CWE Top 25

  6. Available Oracles • Process Crash • Output Monitoring • Memory Monitoring • Monitoring Services • Program Flow Monitoring (PaiMei)

  7. Fuzzable • Created a program with optional exploits available. • Flags • b : Heap Buffer Overflow • m : Calculated Memory Size Not Checked • s : Stack Buffer Overflow (and small version) • i : Integer Overflow (Multiplication) • a : Calculated Array Index Not Checked (and small version)

  8. File Format 10 - Number of Lines 30 - Chars per Line 1st Line 2nd Line ……………… Nth Line 9 - Get the xth Line 5 - The yth character from

  9. Analysis of Open Source Fuzzers • Open Source Fuzzing Software is difficult to use. • Evolution Fuzzing System did not appear to do anything. • FileFuzz crashes when program under test crashes. • Modified FileP to make it usable. • Most don’t include robust oracles. • Peach Fuzzer is the exception.

  10. Results: Oracle-less Fuzzers • FileP, FileFuzz • Random fuzzer based on a Sample File. • Fuzzled • Set of factories which makes it easy for a programmer to generate input. • Detects Program Crashes • All large errors

  11. Results: Peach Fuzzer • Oracles: Windows Debugger, Memory Monitor, Page Heap Debugging, etc. • Page Heap debugging found small heap space address miscalculation. • Memory Monitor found small excess in memory usage. (This flaw could also crash the program in Windows)

  12. Conclusion • A good portion of errors can be found even if only depending on program crash. • Output monitoring may work well if tailored to your program • Using more advanced debugging techniques while debugging will reveal more subtle errors.

  13. Thanks

More Related