PPT-TaintScope: A Checksum-Aware Directed Fuzzing Tool for Automatic

Software Vulnerability Detection Tielei Wang 12 Tao Wei 12 Guofei Gu 3 Wei Zou 12 1 Key Laboratory of Network and Software Security Assurance Peking University Ministry . The actual checksum math is easy and from a perfor mance standpoint so cheap that it can be con sidered free In the process of improving the use of hardware checksum of64258oading engines recalculating the IP checksum has been found to be essentialy Turret Punches. Siemens 840Dsi CNC Control. Up to Six . Indexable. Multi-Tool Stations. Remote Diagnostic via Ethernet. Network via Ethernet. Automatic Clamp Positioning. Automatic Tool Lubrication. imos CAM - . technologies. imos CAM APG imos CAM MAX. . Automatic Program Generator Multi Axis. Cows. The “No Bull” Talk on Fuzzing. Security B-Sides Ottawa. November 13, 2010. Mike Sues (Rigel Kent). Karim Nathoo (Inverse Labs). Objectives. We can’t cover fuzzing in-depth in 50 minutes. Raise awareness of fuzzing as an option in higher assurance/product evaluations/more focused assessments. Tielei. Wang. 1. , Tao Wei. 1. , . Guofei. Gu. 2. , Wei Zou. 1. 1. Peking University, China. 2. Texas A&M University, US. 31st IEEE Symposium on Security & Privacy. Outline. Introduction. Background . A Checksum-Aware Directed fuzzing Tool for Automatic Software Vulnerability Detection. Tielei. Wang. 1. , Tao Wei. 1. , . Guofei. Gu. 2. , Wei Zou. 1. 1. Peking University, China. 2. Texas A&M University, US.  . 0368-3500. Nurit. . Dor. Shir. Landau-. Feibish. Noam Rinetzky. Preliminaries. Students will group in teams of 2-3 students. . Each group will do one of the projects presented.. Administration. By. . Nikolaj . Tolka. čio. v. Agenda. What is web application fuzz testing. Introduction to “Fuzzing Machine”. What results it produces. Youtube. setup in “Fuzzing Machine” . How it can be used in other projects. Tielei. Wang. 1. , Tao Wei. 1. , . Guofei. Gu. 2. , Wei Zou. 1. 1. Peking University, China. 2. Texas A&M University, US. 31st IEEE Symposium on Security & Privacy. Outline. Introduction. Background .  . 0368-3500. Nurit. . Dor. Shir. Landau-. Feibish. Noam Rinetzky. Preliminaries. Students will group in teams of 2-3 students. . Each group will do one of the projects presented.. Administration. Dawn Song, . Kostya. . Serebryany. ,. Peter . Collingbourne. . Techniques for bug finding. Automatic test case generation. Lower coverage . Lower false positives . Higher false negatives. Fuzzing . Dawn Song, . Kostya. . Serebryany. ,. Peter . Collingbourne. . Techniques for bug finding. Automatic test case generation. Lower coverage . Lower false positives . Higher false negatives. Fuzzing . John . Heasman. Stanford University, April 2009. Agenda. Introductions. What is . fuzzing. ?. What data can be fuzzed?. What does fuzzed data look like?. When (not) to fuzz?. Two approaches and a basic methodology. Vulnerability Detection. Tielei . Wang1. ;. 2, Tao Wei1. ;. 2, Guofei Gu3, Wei Zou1. ;. 2. 1Key Laboratory of Network and Software Security Assurance (. Peking University. ),. Ministry of Education, Beijing 100871, China.