Instruction level branch condition penetration for BiFF
Fuzzing is one of the most widely deployed techniques to discover software security vulnerabilities. Despite the increasing popularity of fuzzing, many existing fuzzers requires source code to conduct fuzzing. For binary-only fuzzing, the execution speed of existing fuzzers is usually slow due to he...
Saved in:
| Main Author: | |
|---|---|
| Other Authors: | |
| Format: | Final Year Project |
| Language: | English |
| Published: |
Nanyang Technological University
2021
|
| Subjects: | |
| Online Access: | https://hdl.handle.net/10356/150328 |
| Tags: |
Add Tag
No Tags, Be the first to tag this record!
|
| Institution: | Nanyang Technological University |
| Language: | English |
| id |
sg-ntu-dr.10356-150328 |
|---|---|
| record_format |
dspace |
| spelling |
sg-ntu-dr.10356-1503282021-06-13T11:56:40Z Instruction level branch condition penetration for BiFF Chen, Taoyu Liu Yang School of Computer Science and Engineering yangliu@ntu.edu.sg Engineering::Computer science and engineering Fuzzing is one of the most widely deployed techniques to discover software security vulnerabilities. Despite the increasing popularity of fuzzing, many existing fuzzers requires source code to conduct fuzzing. For binary-only fuzzing, the execution speed of existing fuzzers is usually slow due to heavy instrumentation. And many of them may not support fuzzing on multiple CPU architectures. A fuzzer named BiFF is designed to support fuzzing cross-architecture and fuzzing for binary-only target with reasonable overhead. Another problem with existing fuzzers is their limited code penetration and effectiveness as the new testing inputs are generated randomly and therefore hard to detect errors that reside on deeper level. A fuzzing approach called Steelix is designed to solve this problem. It collects program-state information (i.e., comparison progress information) and use it to guide the mutation of input. Steelix has proven to be both effective and efficient in terms of penetration and execution. To enhance the branch condition penetration power and support fast fuzzing on binary-only target cross-architecture, we integrated the idea of Steelix into the fuzzer BiFF. This report elaborates the mechanism, implementation and performance of BiFF with Steelix incorporated. Bachelor of Engineering (Computer Science) 2021-06-13T11:56:40Z 2021-06-13T11:56:40Z 2021 Final Year Project (FYP) Chen, T. (2021). Instruction level branch condition penetration for BiFF. Final Year Project (FYP), Nanyang Technological University, Singapore. https://hdl.handle.net/10356/150328 https://hdl.handle.net/10356/150328 en SCSE20-0191 application/pdf Nanyang Technological University |
| institution |
Nanyang Technological University |
| building |
NTU Library |
| continent |
Asia |
| country |
Singapore Singapore |
| content_provider |
NTU Library |
| collection |
DR-NTU |
| language |
English |
| topic |
Engineering::Computer science and engineering |
| spellingShingle |
Engineering::Computer science and engineering Chen, Taoyu Instruction level branch condition penetration for BiFF |
| description |
Fuzzing is one of the most widely deployed techniques to discover software security vulnerabilities. Despite the increasing popularity of fuzzing, many existing fuzzers requires source code to conduct fuzzing. For binary-only fuzzing, the execution speed of existing fuzzers is usually slow due to heavy instrumentation. And many of them may not support fuzzing on multiple CPU architectures. A fuzzer named BiFF is designed to support fuzzing cross-architecture and fuzzing for binary-only target with reasonable overhead.
Another problem with existing fuzzers is their limited code penetration and effectiveness as the new testing inputs are generated randomly and therefore hard to detect errors that reside on deeper level. A fuzzing approach called Steelix is designed to solve this problem. It collects program-state information (i.e., comparison progress information) and use it to guide the mutation of input. Steelix has proven to be both effective and efficient in terms of penetration and execution.
To enhance the branch condition penetration power and support fast fuzzing on binary-only target cross-architecture, we integrated the idea of Steelix into the fuzzer BiFF. This report elaborates the mechanism, implementation and performance of BiFF with Steelix incorporated. |
| author2 |
Liu Yang |
| author_facet |
Liu Yang Chen, Taoyu |
| format |
Final Year Project |
| author |
Chen, Taoyu |
| author_sort |
Chen, Taoyu |
| title |
Instruction level branch condition penetration for BiFF |
| title_short |
Instruction level branch condition penetration for BiFF |
| title_full |
Instruction level branch condition penetration for BiFF |
| title_fullStr |
Instruction level branch condition penetration for BiFF |
| title_full_unstemmed |
Instruction level branch condition penetration for BiFF |
| title_sort |
instruction level branch condition penetration for biff |
| publisher |
Nanyang Technological University |
| publishDate |
2021 |
| url |
https://hdl.handle.net/10356/150328 |
| _version_ |
1703971161684049920 |