scholarly journals StFuzzer: Contribution-Aware Coverage-Guided Fuzzing for Smart Devices

2021 ◽  
Vol 2021 ◽  
pp. 1-15
Author(s):  
Jiageng Yang ◽  
Xinguo Zhang ◽  
Hui Lu ◽  
Muhammad Shafiq ◽  
Zhihong Tian
Keyword(s):  
Real World ◽  
Control Flow ◽  
Smart Devices ◽  
Smart Device ◽  
Basic Block ◽  
Optimization Approach ◽  
Seed Selection ◽  
Code Coverage ◽  
Real World Applications ◽  
Basic Blocks

The root cause of the insecurity for smart devices is the potential vulnerabilities in smart devices. There are many approaches to find the potential bugs in smart devices. Fuzzing is the most effective vulnerability finding technique, especially the coverage-guided fuzzing. The coverage-guided fuzzing identifies the high-quality seeds according to the corresponding code coverage triggered by these seeds. Existing coverage-guided fuzzers consider that the higher the code coverage of seeds, the greater the probability of triggering potential bugs. However, in real-world applications running on smart devices or the operation system of the smart device, the logic of these programs is very complex. Basic blocks of these programs play a different role in the process of application exploration. This observation is ignored by existing seed selection strategies, which reduces the efficiency of bug discovery on smart devices. In this paper, we propose a contribution-aware coverage-guided fuzzing, which estimates the contributions of basic blocks for the process of smart device exploration. According to the control flow of the target on any smart device and the runtime information during the fuzzing process, we propose the static contribution of a basic block and the dynamic contribution built on the execution frequency of each block. The contribution-aware optimization approach does not require any prior knowledge of the target device, which ensures our optimization adapting gray-box fuzzing and white-box fuzzing. We designed and implemented a contribution-aware coverage-guided fuzzer for smart devices, called StFuzzer. We evaluated StFuzzer on four real-world applications that are often applied on smart devices to demonstrate the efficiency of our contribution-aware optimization. The result of our trials shows that the contribution-aware approach significantly improves the capability of bug discovery and obtains better execution speed than state-of-the-art fuzzers.

Improving Similarity Measure for Java Programs Based on Optimal Matching of Control Flow Graphs

2015 ◽  
Vol 25 (07) ◽  
pp. 1171-1197 ◽  
Author(s):  
Dehong Qiu ◽  
Jialin Sun ◽  
Hao Li
Keyword(s):  
Graph Matching ◽  
Control Flow ◽  
Basic Block ◽  
New Approach ◽  
Java Program ◽  
Java Programs ◽  
Instruction Sequences ◽  
High Level ◽  
Flow Graphs ◽  
Basic Blocks

Measuring program similarity plays an important role in solving many problems in software engineering. However, because programs are instruction sequences with complex structures and semantic functions and furthermore, programs may be obfuscated deliberately through semantics-preserving transformations, measuring program similarity is a difficult task that has not been adequately addressed. In this paper, we propose a new approach to measuring Java program similarity. The approach first measures the low-level similarity between basic blocks according to the bytecode instruction sequences and the structural property of the basic blocks. Then, an error-tolerant graph matching algorithm that can combat structure transformations is used to match the Control Flow Graphs (CFG) based on the basic block similarity. The high-level similarity between Java programs is subsequently calculated on the matched pairs of the independent paths extracted from the optimal CFG matching. The proposed CFG-Match approach is compared with a string-based approach, a tree-based approach and a graph-based approach. Experimental results show that the CFG-Match approach is more accurate and robust against semantics-preserving transformations. The CFG-Match approach is used to detect Java program plagiarism. Experiments on the collection of benchmark program pairs collected from the students’ submission of project assignments demonstrate that the CFG-Match approach outperforms the comparative approaches in the detection of Java program plagiarism.

scholarly journals Coarsening optimization for differentiable programming

2021 ◽  
Vol 5 (OOPSLA) ◽  
pp. 1-27
Author(s):  
Xipeng Shen ◽  
Guoqiang Zhang ◽  
Irene Dea ◽  
Samantha Andow ◽  
Emilio Arroyo-Fang ◽  
...  
Keyword(s):  
Real World ◽  
Control Flow ◽  
Algorithmic Differentiation ◽  
Symbolic Reasoning ◽  
Single Operation ◽  
Real World Applications ◽  
Novel Method ◽  
Expression Swell

This paper presents a novel optimization for differentiable programming named coarsening optimization. It offers a systematic way to synergize symbolic differentiation and algorithmic differentiation (AD). Through it, the granularity of the computations differentiated by each step in AD can become much larger than a single operation, and hence lead to much reduced runtime computations and data allocations in AD. To circumvent the difficulties that control flow creates to symbolic differentiation in coarsening, this work introduces phi-calculus, a novel method to allow symbolic reasoning and differentiation of computations that involve branches and loops. It further avoids "expression swell" in symbolic differentiation and balance reuse and coarsening through the design of reuse-centric segment of interest identification. Experiments on a collection of real-world applications show that coarsening optimization is effective in speeding up AD, producing several times to two orders of magnitude speedups.

scholarly journals Instruction Scheduling Across Control Flow

1993 ◽  
Vol 2 (3) ◽  
pp. 1-5
Author(s):  
Martin Charles Golumbic ◽  
Vladimir Rainish
Keyword(s):  
Time Delays ◽  
Instruction Scheduling ◽  
Control Flow ◽  
Basic Block ◽  
High Quality ◽  
Assembly Code ◽  
Considerable Research ◽  
Straight Line ◽  
Compiled Code ◽  
Basic Blocks

Instruction scheduling algorithms are used in compilers to reduce run-time delays for the compiled code by the reordering or transformation of program statements, usually at the intermediate language or assembly code level. Considerable research has been carried out on scheduling code within the scope of basic blocks, i.e., straight line sections of code, and very effective basic block schedulers are now included in most modern compilers and especially for pipeline processors. In previous work Golumbic and Rainis: IBM J. Res. Dev., Vol. 34, pp.93–97, 1990, we presented code replication techniques for scheduling beyond the scope of basic blocks that provide reasonable improvements of running time of the compiled code, but which still leaves room for further improvement. In this article we present a new method for scheduling beyond basic blocks called SHACOOF. This new technique takes advantage of a conventional, high quality basic block scheduler by first suppressing selected subsequences of instructions and then scheduling the modified sequence of instructions using the basic block scheduler. A candidate subsequence for suppression can be found by identifying a region of a program control flow graph, called an S-region, which has a unique entry and a unique exit and meets predetermined criteria. This enables scheduling of a sequence of instructions beyond basic block boundaries, with only minimal changes to an existing compiler, by identifying beneficial opportunities to cover delays that would otherwise have been beyond its scope.

scholarly journals Implementing a high-efficiency similarity analysis approach for firmware code

PLoS ONE ◽  
2021 ◽  
Vol 16 (1) ◽  
pp. e0245098
Author(s):  
Yisen Wang ◽  
Ruimin Wang ◽  
Jing Jing ◽  
Huanwei Wang
Keyword(s):  
Machine Learning ◽  
High Efficiency ◽  
Control Flow ◽  
Rapid Expansion ◽  
Analysis Approach ◽  
Similarity Analysis ◽  
Basic Block ◽  
Comparison Results ◽  
Flow Features ◽  
Basic Blocks

The rapid expansion of the open-source community has shortened the software development cycle, but the spread of vulnerabilities has been accelerated, especially in the field of the Internet of Things. In recent years, the frequency of attacks against connected devices is increasing exponentially; thus, the vulnerabilities are more serious in nature. The state-of-the-art firmware security inspection technologies, such as methods based on machine learning and graph theory, find similar applications depending on the known vulnerabilities but cannot do anything without detailed information about the vulnerabilities. Moreover, model training, which is necessary for the machine learning technologies, requires a significant amount of time and data, resulting in low efficiency and poor extensibility. Aiming at the above shortcomings, a high-efficiency similarity analysis approach for firmware code is proposed in this study. First, the function control flow features and data flow features are extracted from the functions of the firmware and of the vulnerabilities, and the features are used to calculate the SimHash of the functions. The mass storage and fast query capabilities of the SimHash are implemented by the pigeonhole principle. Second, the similarity function pairs are analyzed in detail within and among the basic blocks. Within the basic blocks, the symbolic execution is used to generate the basic block semantic information, and the constraint solver is used to determine the semantic equivalence. Among the basic blocks, the local control flow graphs are analyzed to obtain their similarity. Then, we implemented a prototype and present the evaluation. The evaluation results demonstrate that the proposed approach can implement large-scale firmware function similarity analysis. It can also get the location of the real-world firmware patch without vulnerability function information. Finally, we compare our method with existing methods. The comparison results demonstrate that our method is more efficient and accurate than the Gemini and StagedMethod. More than 90% of the firmware functions can be indexed within 0.1 s, while the search time of 100,000 firmware functions is less than 2 s.

Development and application of bio-inspired microfluidics

2018 ◽  
Vol 32 (18) ◽  
pp. 1840013
Author(s):  
Lingli Min ◽  
Songyue Chen ◽  
Xinwen Xie ◽  
Hepeng Dong ◽  
Hong Pan ◽  
...  
Keyword(s):  
Biomedical Research ◽  
Real World ◽  
Soft Matter ◽  
Microfluidic Devices ◽  
Research Progress ◽  
Smart Devices ◽  
Microfluidic Systems ◽  
Real World Applications ◽  
Active Interest ◽  
New Ideas

Bio-inspired microfluidic systems can be obtained through multidisciplinary approaches by using bio-inspired structural and functional designs for the microfluidic devices. This review mainly focuses on the concept of bio-inspired microfluidics to improve the properties of microfluidic systems for breaking through the bottlenecks of the current microfluidic devices, such as anti-fouling, smart, and dynamic response inside the microchannels under different environments. In addition, here, we show the current research progress of bio-inspired microfluidic systems in applications related to anti-fouling and smart devices, and biomedical research. The review discusses both physical theories and critical technologies in the bio-inspired microfluidics, from biomimetic design to real-world applications, so as to offer new ideas for the design and application of smart microfluidics, and the authors hope this review will inspire the active interest of many scientists in the area of the development and application of soft matter, and multifunctional and smart bio-inspired devices.

scholarly journals Electronic Phenomena of Transition Metal Oxides

Crystals ◽  
2021 ◽  
Vol 11 (3) ◽  
pp. 256
Author(s):  
Christian Rodenbücher ◽  
Kristof Szot
Keyword(s):  
Solid State ◽  
Transition Metal ◽  
Metal Oxides ◽  
Real World ◽  
Transition Metal Oxides ◽  
Major Research ◽  
Research Fields ◽  
Real World Applications

Transition metal oxides with ABO3 or BO2 structures have become one of the major research fields in solid state science, as they exhibit an impressive variety of unusual and exotic phenomena with potential for their exploitation in real-world applications [...]

Sign in / Sign up

Export Citation Format

Share Document