КАТЕГОРИЗАЦІЯ МЕТОДИК ФАЗЗІНГУ

Authors

  • К.П. Ануфрієнко
  • В.В. Бобровський
  • Д.В. Луценко
  • О.В. Григоренко

DOI:

https://doi.org/10.18372/2410-7840.12.1971

Abstract

Статичний аналіз початкового коду  як метод виявлення урзливостей — це метод білого  ящика.  Перевірка  початкового  коду  при  цьому  вимагає  того,  щоб  початковий  код  був доступний.  Проте  існують  альтернативні  методи  чорного  ящика,  при  яких  доступ  до початкового  коду  не  потрібен.  Одна  з  таких  альтернатив — технологія  фаззінгу,  яка  чудово себе  зарекомендувала  при  знаходженні  серйозних  уразливостей,  які  іншими  методами  не вдалося виявити [1].

References

Саттон М. Fuzzing: Исследование уязвимостей методом грубой силы / Майкл Саттон, Адам Грин, Педрам Амини. —Пер. с англ.— СПб. : Символ-Плюс, 2009. —560 с. —ISBN 978-5-93286-147-9.

Miller B. P. An empirical study of the reliability of UNIX utilities / B. P. Miller, L. Fredriksen, S. Bryan // Commun. ACM.— 1990. —№12.—P. 32–44.

Oehlert P. Violating assumptions with fuzzing / P. Oehlert // IEEE Security and Privacy. — 2005.—Issue 2. — P. 58–62.

Козиол Дж. Искусство взлома и защиты систем = The Shellcoder’s Handbook / Джек Козиол, ДэвидЛичфилд, Дэйв Эйтэл, Крис Энли, Синан Эрен, Нил Мехта, Рили Хассель. — Пер. с англ.—СПб. : Питер, 2006.— 416 с. —ISBN 5-469-01233-6.

Banks G. SNOOZE: toward a Stateful NetwOrk prOtocol fuzZEr / G. Banks, M. Cova, V. Felmetsger, K. Almeroth, R. Kemmerer, G. Vigna // Proceedings of the Information Security Conference (ISC). — [New York, NY, USA] : Springer, 2006.—P. 343–358.

Sen K. Cute: A concolic unit testing engine for C / K. Sen, D. Marinov, G. Agha // ESEC/FSE-13: Proceedings of the 10th European software engineering conference held jointly with 13th ACM SIGSOFT international symposium on Foundations of software engineering, 2005.—P. 263–272.

Godefroid P. Dart: directed automated random testing / P. Godefroid, N. Klarlund, K. Sen // PLDI ’05: Proceedings of the 2005 ACM SIGPLAN conference on Programming language design and implementation, 2005.—P. 213–223.

Cadar C. EXE: Automatically generating inputs of death / C. Cadar, V. Ganesh, P. M. Pawlowski, D. L. Dill, D. R. Engler // Proceedings of the 13th ACM conference on Computer and communications security (CCS’06), 2006.— P. 322–335.

Godefroid P. Automated whitebox fuzz testing / P. Godefroid, M. Levin, D. Molnar // Proceedings of the 15th Annual Network and Distributed System Security Symposium (NDSS’08). —[San Diego, CA, USA], 2008.

Cadar C. Klee: Unassisted and automatic generation if high-coverage tests for complex systems programs / C. Cadar, D. Dunbar, D. Engler // USENIX Symposium on Operating Systems Design and Implementation (OSDI’08).— [San Diego, CA, USA], 2008.

Molnar D. Dynamic test generation to find integer bugs in x86 binary Linux programs / D. Molnar, X. C. Li, D. A. Wagner // Proceedings of the 18th USENIX Security Symposium.— 2009.

Godefroid P. Grammar-based whitebox fuzzing / P. Godefroid, A. Kiezun, and M. Y. Levin // Proceedings of the ACM SIGPLAN Conference on Programming Language Design and Implementation (PLDI’08).— [USA]: ACM, 2008.

Majumdar R. Directed test generation using symbolic grammars / R. Majumdar, R.-G. Xu // ESEC-FSE companion’07: The 6th Joint Meeting on European software engineering conference and the ACM SIGSOFT symposium on the foundations of software engineering.—[New York, NY, USA] : ACM, 2007. — P. 553–556.

Test case [Electronic resource] / [Wikipedia contributors] // Wikipedia : The Free Encyclopedia. — Electronic data. — San Francisco : Wikimedia Foundation, 2010. — Mode of access: World Wide Web. — URL:http://en.wikipedia.org/w/index.php?title=Test_case&oldid=398287802. — Title from screen. — Description based on version dated 2010 November 22.

Newsome J. Replayer : Automatic protocol replay by binary analysis / J. Newsome, D. Brumley, J. Franklin, D. Song // Proceedings of the 13th ACM Conference on Computer and Communications Security. — 2006.

Sharif M. Impeding malware analysis using conditional code obfuscation / M. Sharif, A. Lanzi, J. Giffin, W. Lee // Proceedings of the 15th Annual Network and Distributed System Security Symposium. — [San Diego, CA, USA], 2008.

Brumley D. Automatic patch-based exploit generation is possible: Techniques and implications / D. Brumley, P. Poosankam, D. Song, J. Zheng // Proceedings of the 2008 IEEE Symposium on Security and Privacy. — 2008.

Taint checking [Electronic resource] / [Wikipedia contributors] // Wikipedia : The Free Encyclopedia. —Electronic data. — San Francisco : Wikimedia Foundation, 2010. — Mode of access: World Wide Web. — URL: http://en.wikipedia.org/w/index.php?title=Taint_checking&oldid=383882171. — Title from screen. — Description based on version dated 2010 September 9.

Sabelfeld A. Language-based information-flow security / A. Sabelfeld, A. C. Myers // IEEE Journal on Selected Areas in Communications.—2003.

Terauchi T. Secure information flow as a safety problem / T. Terauchi, A. Aiken // 12th International Static Analysis Symposium.—2005.

Ganesh V. Taint-based directed whitebox fuzzing / V. Ganesh, T. Leek, M. Rinard // Proceedings of the 31st International Conference on Software Engineering (ICSE’09). — [New York, NY, USA] : ACM, 2009. — P. 474–484.

Wang T. TaintScope: A Checksum-Aware Directed Fuzzing Tool for Automatic Software Vulnerability Detection / T. Wang, T. Wei, G. Gu, W. Zou // 2010 IEEE Symposium on Security and Privacy. — P. 497-512. — DOI: 10.1109/SP.2010.37.

Drewry W. Flayer: Exposing Application Internals / W. Drewry, T. Ormandy // First Workshop On Offensive Technologies (WOOT). —2007.

Nethercote N. Valgrind: a framework for heavyweight dynamic binary instrumentation / N. Nethercote, J. Seward // PLDI ’07: Proceedings of the 2007 ACM SIGPLAN conference on Programming language design and implementation.—[New York, NY, USA] : ACM, 2007. —P. 89–100.

Moser A. Exploring multiple execution paths for malware analysis / A. Moser, C. Kruegel, E. Kirda // SP’07: Proceedings of the 2007 IEEE Symposium on Security and Privacy. — [Washington, DC, USA] : IEEE Computer Society, 2007.—P. 231–245.

Wilhelm J. A forced sampled execution approach to kernel rootkit identification / J. Wilhelm, Tzi-cker Chiueh // 10th International Symposium on Recent Advances in Intrusion Detection (RAID’07), pages 219–235, 2007.

Ormandy T. Making Software Dumberer [Electronic resource] / T. Ormandy. — Electronic data. — [Mountain View, California, USA] : Google, 2010. — Mode of access: World Wide Web. — URL: http://taviso.decsystem.org/making_software_dumber.pdf. — Title from screen.

Comparetti P. M. Prospex: Protocol specification extraction / P. M. Comparetti, G. Wondracek, C. Kruegel, E. Kirda // IEEE Symposium on Security and Privacy. — [USA] : IEEE Computer Society Press, 2009.

Cui W. Tupni: automatic reverse engineering of input formats / W. Cui, M. Peinado, K. Chen, H. J. Wang, L. Irun-Briz // CCS ’08: Proceedings of the 15th ACM conference on Computer and communications security. — [New York, NY, USA] : ACM, 2008.—P. 391–402.

Lin Z. Automatic protocol format reverse engineering through context-aware monitored execution / Z. Lin, X. Jiang, D. Xu, X. Zhang // Proceedings of the 15th Annual Network and Distributed System Security Symposium. —[San Diego, CA, USA], 2008. 31. Caballero J. Polyglot: Automatic extraction of protocol message format using dynamic binary analysis / J. Caballero, H. Yin, Z. Liang, D. Song // Proceedings of ACM Conference on Computer and Communication Security. —2007.

Cui W. Discoverer: Automatic protocol reverse engineering from network traces / W. Cui, J. Kannan, H. J. Wang // Proceedings of the 16th USENIX Security Symposium. —2007.

Junghee J. L. Extracting output formats from executables / J. L. Junghee, T. Reps, B. Liblit // Working Conference on Reverse Engineering.—2006.— P. 167–178.

Lin Z. Convicting exploitable software vulnerabilities: An efficient input provenance based approach / Z. Lin, X. Zhang, and D. Xu // Proceedings of the 38th Annual IEEE/IFIP International Conference on Dependable Systems and Networks (DSNDCCS 2008). —[Anchorage, Alaska, USA], 2008.

Wondracek G. Automatic network protocol analysis / G. Wondracek, P. M. Comparetti, C. Kruegel, and E. Kirda // 16th Network & Distributed System Security Symposium. —2008.

Downloads

Issue

Vol. 12 No. 4 (49) (2010)

Section

Articles

License

Authors who publish with this journal agree to the following terms:

  1. Authors retain copyright and grant the journal right of first publication with the work simultaneously licensed under a Creative Commons Attribution License that allows others to share the work with an acknowledgement of the work's authorship and initial publication in this journal.

  2. Authors are able to enter into separate, additional contractual arrangements for the non-exclusive distribution of the journal's published version of the work (e.g., post it to an institutional repository or publish it in a book), with an acknowledgement of its initial publication in this journal.

  3. Authors are permitted and encouraged to post their work online (e.g., in institutional repositories or on their website) prior to and during the submission process, as it can lead to productive exchanges, as well as earlier and greater citation of published work (See The Effect of Open Access).