Attack surface analysis and code coverage improvement for fuzzing

As cybercrime becoming a worldwide threat in the past decades, research on cybersecurity keeps attracting a great deal of attention. During a long time competition between attackers and defenders, vulnerability detection has been considered as the decisive pre-step for both sides. Among the massive...

Full description

Saved in:
Bibliographic Details
Main Author: Peng, Lunan
Other Authors: Liu Yang
Format: Theses and Dissertations
Language:English
Published: 2019
Subjects:
Online Access:https://hdl.handle.net/10356/105642
http://hdl.handle.net/10220/50270
Tags: Add Tag
No Tags, Be the first to tag this record!
Institution: Nanyang Technological University
Language: English
id sg-ntu-dr.10356-105642
record_format dspace
spelling sg-ntu-dr.10356-1056422023-02-28T23:39:31Z Attack surface analysis and code coverage improvement for fuzzing Peng, Lunan Liu Yang Wu Hongjun School of Physical and Mathematical Sciences Science::Mathematics As cybercrime becoming a worldwide threat in the past decades, research on cybersecurity keeps attracting a great deal of attention. During a long time competition between attackers and defenders, vulnerability detection has been considered as the decisive pre-step for both sides. Among the massive methodologies of vulnerability detection, fuzzing test has demonstrated its outstanding performance on finding bugs automatically and effectively. A fuzzer repeatedly provides generative-based or mutation-based samples to the target program to explore misbehavior of it. Even though many boosting techniques have been proposed to further improve the efficiency of fuzzing, nowadays there are still two crucial aspects remaining with enduring appeal to researchers: one is attack surface analysis to help fuzzers put more effort on the most potentially vulnerable locations, another one is code coverage improvement to guide fuzzers to explore more code regions. In this thesis, we present attack surface analysis and code coverage improvement for fuzzing. In the first work, we choose Linux Kernel as the target, categorize its source files into different components upon their functionalities. Then we collect data of all related Common Vulnerabilities and Exposures (CVE) and analyze their distributive features to identify the vulnerable level of each component. In the second work, we utilize the rarely-hit edges as the metric to guide a multi-round generative-based fuzzing on Document Object Model (DOM) of Chromium browser. We use the default template to generate a large number of samples in the first fuzzing round, compute the hit times of all covered edges and find out samples that cover any rarely-hit edges as templates for the second round fuzzing. The approach achieved an obvious improvement on the code coverage of newly generated samples compared to the default one. Master of Science 2019-10-29T06:25:54Z 2019-12-06T21:55:09Z 2019-10-29T06:25:54Z 2019-12-06T21:55:09Z 2019 Thesis Peng, L. (2019). Attack surface analysis and code coverage improvement for fuzzing. Master's thesis, Nanyang Technological University, Singapore. https://hdl.handle.net/10356/105642 http://hdl.handle.net/10220/50270 10.32657/10356/105642 en 79 p. application/pdf
institution Nanyang Technological University
building NTU Library
continent Asia
country Singapore
Singapore
content_provider NTU Library
collection DR-NTU
language English
topic Science::Mathematics
spellingShingle Science::Mathematics
Peng, Lunan
Attack surface analysis and code coverage improvement for fuzzing
description As cybercrime becoming a worldwide threat in the past decades, research on cybersecurity keeps attracting a great deal of attention. During a long time competition between attackers and defenders, vulnerability detection has been considered as the decisive pre-step for both sides. Among the massive methodologies of vulnerability detection, fuzzing test has demonstrated its outstanding performance on finding bugs automatically and effectively. A fuzzer repeatedly provides generative-based or mutation-based samples to the target program to explore misbehavior of it. Even though many boosting techniques have been proposed to further improve the efficiency of fuzzing, nowadays there are still two crucial aspects remaining with enduring appeal to researchers: one is attack surface analysis to help fuzzers put more effort on the most potentially vulnerable locations, another one is code coverage improvement to guide fuzzers to explore more code regions. In this thesis, we present attack surface analysis and code coverage improvement for fuzzing. In the first work, we choose Linux Kernel as the target, categorize its source files into different components upon their functionalities. Then we collect data of all related Common Vulnerabilities and Exposures (CVE) and analyze their distributive features to identify the vulnerable level of each component. In the second work, we utilize the rarely-hit edges as the metric to guide a multi-round generative-based fuzzing on Document Object Model (DOM) of Chromium browser. We use the default template to generate a large number of samples in the first fuzzing round, compute the hit times of all covered edges and find out samples that cover any rarely-hit edges as templates for the second round fuzzing. The approach achieved an obvious improvement on the code coverage of newly generated samples compared to the default one.
author2 Liu Yang
author_facet Liu Yang
Peng, Lunan
format Theses and Dissertations
author Peng, Lunan
author_sort Peng, Lunan
title Attack surface analysis and code coverage improvement for fuzzing
title_short Attack surface analysis and code coverage improvement for fuzzing
title_full Attack surface analysis and code coverage improvement for fuzzing
title_fullStr Attack surface analysis and code coverage improvement for fuzzing
title_full_unstemmed Attack surface analysis and code coverage improvement for fuzzing
title_sort attack surface analysis and code coverage improvement for fuzzing
publishDate 2019
url https://hdl.handle.net/10356/105642
http://hdl.handle.net/10220/50270
_version_ 1759854506956292096