scholarly journals BugMiner: Mining the Hard-to-Reach Software Vulnerabilities through the Target-Oriented Hybrid Fuzzer

Electronics ◽  
2020 ◽  
Vol 10 (1) ◽  
pp. 62
Author(s):  
Fayozbek Rustamov ◽  
Juhwan Kim ◽  
Jihyeon Yu ◽  
Hyunwook Kim ◽  
Joobeom Yun
Keyword(s):  
Real World ◽  
Symbolic Execution ◽  
Automated Software Testing ◽  
Software Vulnerabilities ◽  
Concolic Execution ◽  
Execution Engine ◽  
Innovative Methodology ◽  
Target Sites ◽  
Dynamic Symbolic Execution ◽  
Automated Software

Greybox Fuzzing is the most reliable and essentially powerful technique for automated software testing. Notwithstanding, a majority of greybox fuzzers are not effective in directed fuzzing, for example, towards complicated patches, as well as towards suspicious and critical sites. To overcome these limitations of greybox fuzzers, Directed Greybox Fuzzing (DGF) approaches were recently proposed. Current DGFs are powerful and efficient approaches that can compete with Coverage-Based Fuzzers. Nevertheless, DGFs neglect to accomplish stability between usefulness and proficiency, and random mutations make it hard to handle complex paths. To alleviate this problem, we propose an innovative methodology, a target-oriented hybrid fuzzing tool that utilizes a fuzzer and dynamic symbolic execution (also referred to as a concolic execution) engine. Our proposed method aims to generate inputs that can quickly reach the target sites in each sequence and trigger potential hard-to-reach vulnerabilities in the program binary. Specifically, to dive deep into the target binary, we designed a proposed technique named BugMiner, and to demonstrate the capability of our implementation, we evaluated it comprehensively on bug hunting and crash reproduction. Evaluation results showed that our proposed implementation could not only trigger hard-to-reach bugs 3.1, 4.3, 2.9, 2.0, 1.8, and 1.9 times faster than Hawkeye, AFLGo, AFL, AFLFast, QSYM, and ParmeSan respectively but also scale to several real-world programs.

scholarly journals DeepDiver: Diving into Abysmal Depth of the Binary for Hunting Deeply Hidden Software Vulnerabilities

2020 ◽  
Vol 12 (4) ◽  
pp. 74
Author(s):  
Fayozbek Rustamov ◽  
Juhwan Kim ◽  
JooBeom Yun
Keyword(s):  
Software Testing ◽  
Real World ◽  
High Performance ◽  
Automated Software Testing ◽  
Code Coverage ◽  
Software Vulnerabilities ◽  
Fuzz Testing ◽  
Concolic Execution ◽  
High Level ◽  
Automated Software

Fuzz testing is a simple automated software testing approach that discovers software vulnerabilities at a high level of performance by using randomly generated seeds. However, it is restrained by coverage and thus, there are chances of finding bugs entrenched in the deep execution paths of the program. To eliminate these limitations in mutational fuzzers, patching-based fuzzers and hybrid fuzzers have been proposed as groundbreaking advancements which combine two software testing approaches. Despite those methods having demonstrated high performance across different benchmarks such as DARPA CGC programs, they still present deficiencies in their ability to analyze deeper code branches and in bypassing the roadblocks checks (magic bytes, checksums) in real-world programs. In this research, we design DeepDiver, a novel transformational hybrid fuzzing tool that explores deeply hidden software vulnerabilities. Our approach tackles limitations exhibited by existing hybrid fuzzing frameworks, by negating roadblock checks (RC) in the program. By negating the RCs, the hybrid fuzzer can explore new execution paths to trigger bugs that are hidden in the abysmal depths of the binary. We combine AFL++ and concolic execution engine and leveraged the trace analyzer approach to construct the tree for each input to detect RCs. To demonstrate the efficiency of DeepDiver, we tested it with the LAVA-M dataset and eight large real-world programs. Overall, DeepDiver outperformed existing software testing tools, including the patching-based fuzzer and state-of-the-art hybrid fuzzing techniques. On average, DeepDiver discovered vulnerabilities 32.2% and 41.6% faster than QSYM and AFLFast respectively, and it accomplished in-depth code coverage.

scholarly journals Detection of the Hardcoded Login Information from Socket and String Compare Symbols

2021 ◽  
Vol 5 (1) ◽  
pp. 28-39
Author(s):  
Minami Yoda ◽  
Shuji Sakuraba ◽  
Yuichi Sei ◽  
Yasuyuki Tahara ◽  
Akihiko Ohsuga
Keyword(s):  
Internet Of Things ◽  
Static Analysis ◽  
Real World ◽  
Symbolic Execution ◽  
The Internet ◽  
User Input ◽  
Network Function ◽  
Private Data ◽  
String Search ◽  
Iot Devices

Internet of Things (IoT) for smart homes enhances convenience; however, it also introduces the risk of the leakage of private data. TOP10 IoT of OWASP 2018 shows that the first vulnerability is ”Weak, easy to predict, or embedded passwords.” This problem poses a risk because a user can not fix, change, or detect a password if it is embedded in firmware because only the developer of the firmware can control an update. In this study, we propose a lightweight method to detect the hardcoded username and password in IoT devices using a static analysis called Socket Search and String Search to protect from first vulnerability from 2018 OWASP TOP 10 for the IoT device. The hardcoded login information can be obtained by comparing the user input with strcmp or strncmp. Previous studies analyzed the symbols of strcmp or strncmp to detect the hardcoded login information. However, those studies required a lot of time because of the usage of complicated algorithms such as symbolic execution. To develop a lightweight algorithm, we focus on a network function, such as the socket symbol in firmware, because the IoT device is compromised when it is invaded by someone via the Internet. We propose two methods to detect the hardcoded login information: string search and socket search. In string search, the algorithm finds a function that uses the strcmp or strncmp symbol. In socket search, the algorithm finds a function that is referenced by the socket symbol. In this experiment, we measured the ability of our proposed method by searching six firmware in the real world that has a backdoor. We ran three methods: string search, socket search, and whole search to compare the two methods. As a result, all methods found login information from five of six firmware and one unexpected password. Our method reduces the analysis time. The whole search generally takes 38 mins to complete, but our methods finish the search in 4-6 min.

scholarly journals Automated Software Testing Frameworks: A Review

2018 ◽  
Vol 179 (46) ◽  
pp. 22-28
Author(s):  
Milad Hanna ◽  
Amal Elsayed ◽  
Mostafa-Sami M.
Keyword(s):  
Software Testing ◽  
Automated Software Testing ◽  
Automated Software
Sign in / Sign up

Export Citation Format

Share Document