roachspray / acsac17wip Goto Github PK
View Code? Open in Web Editor NEWMy ACSAC 2017 WIP Material
acsac17wip's People
Contributors
Stargazers
Watchers
acsac17wip's Issues
Larger idea: investigate independent fuzzing
Slice program many ways. Fuzz each independently (read: at the same time). Find inputs causing good and bad states. Then take intersection of good causing with end bad causing... so you have
-----execution flow------>
good /\ good /\ good /\ bad
Investigate iterative fuzzing for mapcrash
The idea is you want to find the same or more bugs in less time. Otherwise, what's the point? So iterative, the idea is you can adjust timebox since you're getting better inputs. Well, that's the idea..doubtful.
Use VUZZer with weights 0
Investigate libdft or manticore for dynamic analysis
Currently I use libtrays, which works but is quite obtuse. There are better methods/tools out there for gathering both execution trace and data flow information.
Investigate using manticore and solving branch changes
You take the crash input and slice.. you instrument slice to dump trace log. Take crash input run on that to get log and then run on orginal. Use manticore to guide the original and when the two trace logs diverge (in the woods zing!) you will need to solve something that will make it go the direction of hte crash. If you can, great, if you can't ... likely not a good crash sample. Non-trivial
Proper control(s) for testing
If we're going to be true to scientific method, I must reduce the variability I have in this setup. This is non-trivial. Possibly investigate CVEs and reproduction, along with averaged timeboxing.
Static value flow analysis into slice generation input data
I attempted to use SVF (in the summer) to see about generically using it for some value flow analysis to improve the slicing (not using their slice generation). I was unable to make it really work for me unless the functions were of a certain kind or data in a certain parameter location (i.e., generalizability was what made it not work for me).
Implement afl with a negative feedback
"don't go that way.. don't ever go that way"
Adjust fuzz instrumentation strategy in mapcrash
I have a patch in this repo that accepts trace logs generated by libtrays and will selectively instrument blocks with AFL based on this. Test this out.
Slices seem too big
For some reason, slices seem, after some manipulation, to not be sized to what I would expect. Requires ensuring the toolchain process is valid and then investigation into the slicing algorithm.
Submit bug reports from WIP
Crash samples should be researched and reported. Currently, they are just numbers.
Recommend Projects
-
React
A declarative, efficient, and flexible JavaScript library for building user interfaces.
-
Vue.js
๐ Vue.js is a progressive, incrementally-adoptable JavaScript framework for building UI on the web.
-
Typescript
TypeScript is a superset of JavaScript that compiles to clean JavaScript output.
-
TensorFlow
An Open Source Machine Learning Framework for Everyone
-
Django
The Web framework for perfectionists with deadlines.
-
Laravel
A PHP framework for web artisans
-
D3
Bring data to life with SVG, Canvas and HTML. ๐๐๐
-
Recommend Topics
-
javascript
JavaScript (JS) is a lightweight interpreted programming language with first-class functions.
-
web
Some thing interesting about web. New door for the world.
-
server
A server is a program made to process requests and deliver data to clients.
-
Machine learning
Machine learning is a way of modeling and interpreting data that allows a piece of software to respond intelligently.
-
Visualization
Some thing interesting about visualization, use data art
-
Game
Some thing interesting about game, make everyone happy.
Recommend Org
-
Facebook
We are working to build community through open source technology. NB: members must have two-factor auth.
-
Microsoft
Open source projects and samples from Microsoft.
-
Google
Google โค๏ธ Open Source for everyone.
-
Alibaba
Alibaba Open Source for everyone
-
D3
Data-Driven Documents codes.
-
Tencent
China tencent open source team.