Направленный фаззинг на основе динамической инструментации (Сергей Асрян, ISPRASOPEN-2018) — различия между версиями
Материал из 0x1.tv
StasFomin (обсуждение | вклад) (Новая страница: «;{{SpeakerInfo}}: {{Speaker|Севак Саргсян}} <blockquote> In this talk we present new approach for directed fuzzing. It enables us much faster generate…») |
StasFomin (обсуждение | вклад) |
||
The basic idea behind of this paper is to instrument target program in such way that interesting code fragments were executed as soon as possible. For that propose we detect all paths in the program, which are connecting program’s entry point to considered instructions. Then we apply two type of instrumentation. In the first case we insert coverage collection instructions only in detected paths, which enables fuzzing tool to consider generated or mutated input data effective if it allows approaching to target points.
In the second case we additionally insert 'exit(0)' instructions in those basic blocks from which target points are unreachable and their execution has no any influence. It allows repeatedly increase fuzzing speed.
</blockquote>
{{VideoSection}}
{{vimeoembed|298786065|800|450}}
{{youtubelink|}}{{letscomment}}
{{SlidesSection}}
[[File:Направленный фаззинг на основе динамической инструментации (Севак Саргсян, ISPRASOPEN-2018).pdf|left|page=-|300px]]
{{----}}
[[File:{{#setmainimage:Направленный фаззинг на основе динамической инструментации (Севак Саргсян, ISPRASOPEN-2018)!.jpg}}|center|640px]]
{{LinksSection}}
<!-- * [ Talks page on site] -->
<!-- <blockquote>[©]</blockquote> -->
<references/> | |||
Версия 22:21, 27 декабря 2018
- Докладчик
- Севак Саргсян
In this talk we present new approach for directed fuzzing. It enables us much faster generate input data for target program’s specific instructions execution. Original fuzzing tools randomly generate or mutate input data to increase code coverage. This approach is not effective for analysis of special code regions.
The basic idea behind of this paper is to instrument target program in such way that interesting code fragments were executed as soon as possible. For that propose we detect all paths in the program, which are connecting program’s entry point to considered instructions. Then we apply two type of instrumentation. In the first case we insert coverage collection instructions only in detected paths, which enables fuzzing tool to consider generated or mutated input data effective if it allows approaching to target points.
In the second case we additionally insert 'exit(0)' instructions in those basic blocks from which target points are unreachable and their execution has no any influence. It allows repeatedly increase fuzzing speed.
Видео
Посмотрели доклад? Понравился? Напишите комментарий! Не согласны? Тем более напишите.
!.jpg){kind=link}