Attack surface analysis and code coverage improvement for fuzzing

As cybercrime becoming a worldwide threat in the past decades, research on cybersecurity keeps attracting a great deal of attention. During a long time competition between attackers and defenders, vulnerability detection has been considered as the decisive pre-step for both sides. Among the massive...

Full description

Bibliographic Details
Main Author: Peng, Lunan
Other Authors: Liu Yang
Format: Thesis
Language:English
Published: 2019
Subjects:
Online Access:https://hdl.handle.net/10356/105642
http://hdl.handle.net/10220/50270
_version_ 1811683187501301760
author Peng, Lunan
author2 Liu Yang
author_facet Liu Yang
Peng, Lunan
author_sort Peng, Lunan
collection NTU
description As cybercrime becoming a worldwide threat in the past decades, research on cybersecurity keeps attracting a great deal of attention. During a long time competition between attackers and defenders, vulnerability detection has been considered as the decisive pre-step for both sides. Among the massive methodologies of vulnerability detection, fuzzing test has demonstrated its outstanding performance on finding bugs automatically and effectively. A fuzzer repeatedly provides generative-based or mutation-based samples to the target program to explore misbehavior of it. Even though many boosting techniques have been proposed to further improve the efficiency of fuzzing, nowadays there are still two crucial aspects remaining with enduring appeal to researchers: one is attack surface analysis to help fuzzers put more effort on the most potentially vulnerable locations, another one is code coverage improvement to guide fuzzers to explore more code regions. In this thesis, we present attack surface analysis and code coverage improvement for fuzzing. In the first work, we choose Linux Kernel as the target, categorize its source files into different components upon their functionalities. Then we collect data of all related Common Vulnerabilities and Exposures (CVE) and analyze their distributive features to identify the vulnerable level of each component. In the second work, we utilize the rarely-hit edges as the metric to guide a multi-round generative-based fuzzing on Document Object Model (DOM) of Chromium browser. We use the default template to generate a large number of samples in the first fuzzing round, compute the hit times of all covered edges and find out samples that cover any rarely-hit edges as templates for the second round fuzzing. The approach achieved an obvious improvement on the code coverage of newly generated samples compared to the default one.
first_indexed 2024-10-01T04:08:45Z
format Thesis
id ntu-10356/105642
institution Nanyang Technological University
language English
last_indexed 2024-10-01T04:08:45Z
publishDate 2019
record_format dspace
spelling ntu-10356/1056422023-02-28T23:39:31Z Attack surface analysis and code coverage improvement for fuzzing Peng, Lunan Liu Yang Wu Hongjun School of Physical and Mathematical Sciences Science::Mathematics As cybercrime becoming a worldwide threat in the past decades, research on cybersecurity keeps attracting a great deal of attention. During a long time competition between attackers and defenders, vulnerability detection has been considered as the decisive pre-step for both sides. Among the massive methodologies of vulnerability detection, fuzzing test has demonstrated its outstanding performance on finding bugs automatically and effectively. A fuzzer repeatedly provides generative-based or mutation-based samples to the target program to explore misbehavior of it. Even though many boosting techniques have been proposed to further improve the efficiency of fuzzing, nowadays there are still two crucial aspects remaining with enduring appeal to researchers: one is attack surface analysis to help fuzzers put more effort on the most potentially vulnerable locations, another one is code coverage improvement to guide fuzzers to explore more code regions. In this thesis, we present attack surface analysis and code coverage improvement for fuzzing. In the first work, we choose Linux Kernel as the target, categorize its source files into different components upon their functionalities. Then we collect data of all related Common Vulnerabilities and Exposures (CVE) and analyze their distributive features to identify the vulnerable level of each component. In the second work, we utilize the rarely-hit edges as the metric to guide a multi-round generative-based fuzzing on Document Object Model (DOM) of Chromium browser. We use the default template to generate a large number of samples in the first fuzzing round, compute the hit times of all covered edges and find out samples that cover any rarely-hit edges as templates for the second round fuzzing. The approach achieved an obvious improvement on the code coverage of newly generated samples compared to the default one. Master of Science 2019-10-29T06:25:54Z 2019-12-06T21:55:09Z 2019-10-29T06:25:54Z 2019-12-06T21:55:09Z 2019 Thesis Peng, L. (2019). Attack surface analysis and code coverage improvement for fuzzing. Master's thesis, Nanyang Technological University, Singapore. https://hdl.handle.net/10356/105642 http://hdl.handle.net/10220/50270 10.32657/10356/105642 en 79 p. application/pdf
spellingShingle Science::Mathematics
Peng, Lunan
Attack surface analysis and code coverage improvement for fuzzing
title Attack surface analysis and code coverage improvement for fuzzing
title_full Attack surface analysis and code coverage improvement for fuzzing
title_fullStr Attack surface analysis and code coverage improvement for fuzzing
title_full_unstemmed Attack surface analysis and code coverage improvement for fuzzing
title_short Attack surface analysis and code coverage improvement for fuzzing
title_sort attack surface analysis and code coverage improvement for fuzzing
topic Science::Mathematics
url https://hdl.handle.net/10356/105642
http://hdl.handle.net/10220/50270
work_keys_str_mv AT penglunan attacksurfaceanalysisandcodecoverageimprovementforfuzzing