Performing binary fuzzing using concolic execution
Thesis: M. Eng., Massachusetts Institute of Technology, Department of Electrical Engineering and Computer Science, 2015.
| Main Author: | |
|---|---|
| Other Authors: | |
| Format: | Thesis |
| Language: | eng |
| Published: |
Massachusetts Institute of Technology
2016
|
| Subjects: | |
| Online Access: | http://hdl.handle.net/1721.1/100620 |
| _version_ | 1826196120695472128 |
|---|---|
| author | Valdez, Steven (Steven D.) |
| author2 | Nickolai Zeldovich. |
| author_facet | Nickolai Zeldovich. Valdez, Steven (Steven D.) |
| author_sort | Valdez, Steven (Steven D.) |
| collection | MIT |
| description | Thesis: M. Eng., Massachusetts Institute of Technology, Department of Electrical Engineering and Computer Science, 2015. |
| first_indexed | 2024-09-23T10:21:31Z |
| format | Thesis |
| id | mit-1721.1/100620 |
| institution | Massachusetts Institute of Technology |
| language | eng |
| last_indexed | 2024-09-23T10:21:31Z |
| publishDate | 2016 |
| publisher | Massachusetts Institute of Technology |
| record_format | dspace |
| spelling | mit-1721.1/1006202019-04-10T09:11:15Z Performing binary fuzzing using concolic execution Fuzzing through a concolic execution system in PIN Valdez, Steven (Steven D.) Nickolai Zeldovich. Massachusetts Institute of Technology. Department of Electrical Engineering and Computer Science. Massachusetts Institute of Technology. Department of Electrical Engineering and Computer Science. Electrical Engineering and Computer Science. Thesis: M. Eng., Massachusetts Institute of Technology, Department of Electrical Engineering and Computer Science, 2015. This electronic version was submitted by the student author. The certified thesis is available in the Institute Archives and Special Collections. Title as it appears in MIT Commencement Exercises program, June 5, 2015: Fuzzing through a concolic execution system in PIN Cataloged from student-submitted PDF version of thesis. Includes bibliographical references (pages 61-62). In this thesis, I designed and implemented Confuzzer, a system that fuzzes certain classes of closed source binaries using Concolic Execution techniques in order to find vulnerable inputs into programs that could be leveraged by attackers to compromise systems that the binary might be running on. The design of this system allows improved performance on fuzzing programs that have a large branching factor or are heavily based on complex conditionals determining control flow. The system is designed around a Taint/Crash Analysis tool combined with a Path Exploration system to generate symbolic representations of the paths, generating a new set of inputs to be tested. These are implemented using a combination of Intel PIN for the Taint Analysis and Python/z3 for the Path Exploration. Results show that while this system is very slow in instrumenting each run of the binary, we are able to reduce the search space to a manageable level compared to other existing tools. by Steven Valdez. M. Eng. 2016-01-04T19:59:24Z 2016-01-04T19:59:24Z 2015 2015 Thesis http://hdl.handle.net/1721.1/100620 932641731 eng M.I.T. theses are protected by copyright. They may be viewed from this source for any purpose, but reproduction or distribution in any format is prohibited without written permission. See provided URL for inquiries about permission. http://dspace.mit.edu/handle/1721.1/7582 62 pages application/pdf Massachusetts Institute of Technology |
| spellingShingle | Electrical Engineering and Computer Science. Valdez, Steven (Steven D.) Performing binary fuzzing using concolic execution |
| title | Performing binary fuzzing using concolic execution |
| title_full | Performing binary fuzzing using concolic execution |
| title_fullStr | Performing binary fuzzing using concolic execution |
| title_full_unstemmed | Performing binary fuzzing using concolic execution |
| title_short | Performing binary fuzzing using concolic execution |
| title_sort | performing binary fuzzing using concolic execution |
| topic | Electrical Engineering and Computer Science. |
| url | http://hdl.handle.net/1721.1/100620 |
| work_keys_str_mv | AT valdezstevenstevend performingbinaryfuzzingusingconcolicexecution AT valdezstevenstevend fuzzingthroughaconcolicexecutionsysteminpin |