roachspray / acsac17wip Goto Github PK
View Code? Open in Web Editor NEWMy ACSAC 2017 WIP Material
My ACSAC 2017 WIP Material
Slice program many ways. Fuzz each independently (read: at the same time). Find inputs causing good and bad states. Then take intersection of good causing with end bad causing... so you have
-----execution flow------>
good /\ good /\ good /\ bad
The idea is you want to find the same or more bugs in less time. Otherwise, what's the point? So iterative, the idea is you can adjust timebox since you're getting better inputs. Well, that's the idea..doubtful.
Currently I use libtrays, which works but is quite obtuse. There are better methods/tools out there for gathering both execution trace and data flow information.
You take the crash input and slice.. you instrument slice to dump trace log. Take crash input run on that to get log and then run on orginal. Use manticore to guide the original and when the two trace logs diverge (in the woods zing!) you will need to solve something that will make it go the direction of hte crash. If you can, great, if you can't ... likely not a good crash sample. Non-trivial
If we're going to be true to scientific method, I must reduce the variability I have in this setup. This is non-trivial. Possibly investigate CVEs and reproduction, along with averaged timeboxing.
I attempted to use SVF (in the summer) to see about generically using it for some value flow analysis to improve the slicing (not using their slice generation). I was unable to make it really work for me unless the functions were of a certain kind or data in a certain parameter location (i.e., generalizability was what made it not work for me).
"don't go that way.. don't ever go that way"
I have a patch in this repo that accepts trace logs generated by libtrays and will selectively instrument blocks with AFL based on this. Test this out.
For some reason, slices seem, after some manipulation, to not be sized to what I would expect. Requires ensuring the toolchain process is valid and then investigation into the slicing algorithm.
Crash samples should be researched and reported. Currently, they are just numbers.
A declarative, efficient, and flexible JavaScript library for building user interfaces.
๐ Vue.js is a progressive, incrementally-adoptable JavaScript framework for building UI on the web.
TypeScript is a superset of JavaScript that compiles to clean JavaScript output.
An Open Source Machine Learning Framework for Everyone
The Web framework for perfectionists with deadlines.
A PHP framework for web artisans
Bring data to life with SVG, Canvas and HTML. ๐๐๐
JavaScript (JS) is a lightweight interpreted programming language with first-class functions.
Some thing interesting about web. New door for the world.
A server is a program made to process requests and deliver data to clients.
Machine learning is a way of modeling and interpreting data that allows a piece of software to respond intelligently.
Some thing interesting about visualization, use data art
Some thing interesting about game, make everyone happy.
We are working to build community through open source technology. NB: members must have two-factor auth.
Open source projects and samples from Microsoft.
Google โค๏ธ Open Source for everyone.
Alibaba Open Source for everyone
Data-Driven Documents codes.
China tencent open source team.