PPT-TaintScope: A Checksum-Aware Directed Fuzzing Tool for Auto

Tielei Wang 1 Tao Wei 1 Guofei Gu 2 Wei Zou 1 1 Peking University China 2 Texas AampM University US 31st IEEE Symposium on Security amp Privacy Outline Introduction Background . The actual checksum math is easy and from a perfor mance standpoint so cheap that it can be con sidered free In the process of improving the use of hardware checksum of64258oading engines recalculating the IP checksum has been found to be essentialy 1 Copyright Cows. The “No Bull” Talk on Fuzzing. Security B-Sides Ottawa. November 13, 2010. Mike Sues (Rigel Kent). Karim Nathoo (Inverse Labs). Objectives. We can’t cover fuzzing in-depth in 50 minutes. Raise awareness of fuzzing as an option in higher assurance/product evaluations/more focused assessments. A Checksum-Aware Directed fuzzing Tool for Automatic Software Vulnerability Detection. Tielei. Wang. 1. , Tao Wei. 1. , . Guofei. Gu. 2. , Wei Zou. 1. 1. Peking University, China. 2. Texas A&M University, US.  . 0368-3500. Nurit. . Dor. Shir. Landau-. Feibish. Noam Rinetzky. Preliminaries. Students will group in teams of 2-3 students. . Each group will do one of the projects presented.. Administration. By. . Nikolaj . Tolka. čio. v. Agenda. What is web application fuzz testing. Introduction to “Fuzzing Machine”. What results it produces. Youtube. setup in “Fuzzing Machine” . How it can be used in other projects. Tielei. Wang. 1. , Tao Wei. 1. , . Guofei. Gu. 2. , Wei Zou. 1. 1. Peking University, China. 2. Texas A&M University, US. 31st IEEE Symposium on Security & Privacy. Outline. Introduction. Background . Dawn Song, . Kostya. . Serebryany. ,. Peter . Collingbourne. . Techniques for bug finding. Automatic test case generation. Lower coverage . Lower false positives . Higher false negatives. Fuzzing . Dawn Song, . Kostya. . Serebryany. ,. Peter . Collingbourne. . Techniques for bug finding. Automatic test case generation. Lower coverage . Lower false positives . Higher false negatives. Fuzzing . Richard Johnson | Offensive Summit 2015. Introduction . Whoami. Richard Johnson / @richinseattle. Research Manager, Vulnerability Development. Cisco, Talos Security Intelligence and Research Group. Agenda. Welcome. Introduction. Agenda. The Business of . Fuzzing. Fuzzing. Technology. Architecting a Framework. Bennu. Concept Tool. Fuzzing. As We Know It. Fuzzing. is a method of software testing. A high volume of . Software Vulnerability Detection. . Tielei . Wang. 1,2. , Tao Wei. 1,2. , Guofei Gu. 3. , Wei . Zou. 1,2. 1. Key Laboratory of Network and Software Security Assurance . (. Peking University), . Ministry . Flexible . End-to-end Data Integrity. Yupu. Zhang. , Daniel . Myers, . Andrea . Arpaci-Dusseau. , . Remzi. . Arpaci-Dusseau. University of Wisconsin - Madison. 5/9/2013. 1. Data Corruption. Imperfect . JFK. BOS. MIA. ORD. LAX. DFW. SFO. Presentation for use with the textbook, . Algorithm Design and Applications. , by M. T. Goodrich and R. Tamassia, Wiley, 2015. Directed Graphs. 2. Digraphs. A . digraph.