Adding diversity and realism to LAVA, a vulnerability addition system
Thesis: M. Eng., Massachusetts Institute of Technology, Department of Electrical Engineering and Computer Science, 2018.
| Main Author: | |
|---|---|
| Other Authors: | |
| Format: | Thesis |
| Language: | eng |
| Published: |
Massachusetts Institute of Technology
2019
|
| Subjects: | |
| Online Access: | http://hdl.handle.net/1721.1/119922 |
| _version_ | 1811093635310026752 |
|---|---|
| author | Sridhar, Rahul |
| author2 | Timothy Leek. |
| author_facet | Timothy Leek. Sridhar, Rahul |
| author_sort | Sridhar, Rahul |
| collection | MIT |
| description | Thesis: M. Eng., Massachusetts Institute of Technology, Department of Electrical Engineering and Computer Science, 2018. |
| first_indexed | 2024-09-23T15:48:14Z |
| format | Thesis |
| id | mit-1721.1/119922 |
| institution | Massachusetts Institute of Technology |
| language | eng |
| last_indexed | 2024-09-23T15:48:14Z |
| publishDate | 2019 |
| publisher | Massachusetts Institute of Technology |
| record_format | dspace |
| spelling | mit-1721.1/1199222019-04-11T14:24:55Z Adding diversity and realism to LAVA, a vulnerability addition system Sridhar, Rahul Timothy Leek. Massachusetts Institute of Technology. Department of Electrical Engineering and Computer Science. Massachusetts Institute of Technology. Department of Electrical Engineering and Computer Science. Electrical Engineering and Computer Science. Thesis: M. Eng., Massachusetts Institute of Technology, Department of Electrical Engineering and Computer Science, 2018. This electronic version was submitted by the student author. The certified thesis is available in the Institute Archives and Special Collections. Cataloged from student-submitted PDF version of thesis. Includes bibliographical references (pages 63-64). In this thesis, I designed and implemented several modifications to LAVA, a vulnerability addition system, with the goal of improving realism and diversity of the injected bugs. Specifically, I describe three separate improvements: a method to add fake bugs alongside real ones in order to decrease bug discoverability, two approaches to increase the complexity of the data flow of the inserted bugs, and a standalone program that uses equality saturation to diversify C-source codebases that can be added as a final stage to LAVA. Finally, I present two instances of bug-finding competitions-AutoCTF and Rode0day-that I helped design and run, which leveraged LAVA and the augmentations described in this thesis in order to accomplish their respective goals. by Rahul Sridhar. M. Eng. 2019-01-11T15:06:33Z 2019-01-11T15:06:33Z 2018 2018 Thesis http://hdl.handle.net/1721.1/119922 1081042589 eng MIT theses are protected by copyright. They may be viewed, downloaded, or printed from this source but further reproduction or distribution in any format is prohibited without written permission. http://dspace.mit.edu/handle/1721.1/7582 64 pages application/pdf Massachusetts Institute of Technology |
| spellingShingle | Electrical Engineering and Computer Science. Sridhar, Rahul Adding diversity and realism to LAVA, a vulnerability addition system |
| title | Adding diversity and realism to LAVA, a vulnerability addition system |
| title_full | Adding diversity and realism to LAVA, a vulnerability addition system |
| title_fullStr | Adding diversity and realism to LAVA, a vulnerability addition system |
| title_full_unstemmed | Adding diversity and realism to LAVA, a vulnerability addition system |
| title_short | Adding diversity and realism to LAVA, a vulnerability addition system |
| title_sort | adding diversity and realism to lava a vulnerability addition system |
| topic | Electrical Engineering and Computer Science. |
| url | http://hdl.handle.net/1721.1/119922 |
| work_keys_str_mv | AT sridharrahul addingdiversityandrealismtolavaavulnerabilityadditionsystem |