W Blair scite author profile

Fuzz testing repeatedly assails software with random inputs in order to trigger unexpected program behaviors, such as crashes or timeouts, and has historically revealed serious security vulnerabilities. In this paper, we present HotFuzz, a framework for automatically discovering Algorithmic Complexity (AC) time and space vulnerabilities in Java libraries. HotFuzz uses micro-fuzzing, a genetic algorithm that evolves arbitrary Java objects in order to trigger the worst-case performance for a method under test. We define Small Recursive Instantiation (SRI) as a technique to derive seed inputs represented as Java objects to micro-fuzzing. After micro-fuzzing, HotFuzz synthesizes test cases that triggered AC vulnerabilities into Java programs and monitors their execution in order to reproduce vulnerabilities outside the fuzzing framework. HotFuzz outputs those programs that exhibit high resource utilization as witnesses for AC vulnerabilities in a Java library. We evaluate HotFuzz over the Java Runtime Environment (JRE), the 100 most popular Java libraries on Maven, and challenges contained in the DARPA Space and Time Analysis for Cybersecurity (STAC) program. We evaluate SRI’s effectiveness by comparing the performance of micro-fuzzing with SRI, measured by the number of AC vulnerabilities detected, to simply using empty values as seed inputs. In this evaluation, we verified known AC vulnerabilities, discovered previously unknown AC vulnerabilities that we responsibly reported to vendors, and received confirmation from both IBM and Oracle. Our results demonstrate that micro-fuzzing finds AC vulnerabilities in real-world software, and that micro-fuzzing with SRI-derived seed inputs outperforms using empty values in both the temporal and spatial domains.

show abstract

HotFuzz: Discovering Algorithmic Denial-of-Service Vulnerabilities Through Guided Micro-Fuzzing

Blair¹,

Mambretti²,

Arshad³

et al. 2020

View full text Add to dashboard Cite

Fifteen billion devices run Java and many of them are connected to the Internet. As this ecosystem continues to grow, it remains an important task to discover any unknown security threats these devices face. Fuzz testing repeatedly runs software on random inputs in order to trigger unexpected program behaviors, such as crashes or timeouts, and has historically revealed serious security vulnerabilities. Contemporary fuzz testing techniques focus on identifying memory corruption vulnerabilities that allow adversaries to achieve either remote code execution or information disclosure. Meanwhile, Algorithmic Complexity (AC) vulnerabilities, which are a common attack vector for denial-ofservice attacks, remain an understudied threat.In this paper, we present HotFuzz, a framework for automatically discovering AC vulnerabilities in Java libraries. HotFuzz uses micro-fuzzing, a genetic algorithm that evolves arbitrary Java objects in order to trigger the worst-case performance for a method under test. We define Small Recursive Instantiation (SRI) as a technique to derive seed inputs represented as Java objects to micro-fuzzing. After micro-fuzzing, HotFuzz synthesizes test cases that triggered AC vulnerabilities into Java programs and monitors their execution in order to reproduce vulnerabilities outside the fuzzing framework. HotFuzz outputs those programs that exhibit high CPU utilization as witnesses for AC vulnerabilities in a Java library.We evaluate HotFuzz over the Java Runtime Environment (JRE), the 100 most popular Java libraries on Maven, and challenges contained in the DARPA Space and Time Analysis for Cybersecurity (STAC) program. We evaluate SRI's effectiveness by comparing the performance of micro-fuzzing with SRI, measured by the number of AC vulnerabilities detected, to simply using empty values as seed inputs. In this evaluation, we verified known AC vulnerabilities, discovered previously unknown AC vulnerabilities that we responsibly reported to vendors, and received confirmation from both IBM and Oracle. Our results demonstrate that micro-fuzzing finds AC vulnerabilities in realworld software, and that micro-fuzzing with SRI-derived seed inputs outperforms using empty values.

show abstract

A transmission availability forecast service for Internet protocol networks

Blair¹,

Jana²

View full text Add to dashboard Cite

The quality of available network connections, especially the bandwidth available to clients using the connections, has a large impact on the performance of distributed applications. For example, document transfer applications such as the World Wide Web suffer a dramatic increase in response times as a result of network congestion causing a reduction in the available bandwidth of the connection. This paper recognises the explosion of interest in the use of Internet Protocol (IP) networks within the Australian Defence Organisation and describes the development of a software tool for estimating the available bandwidth between a server and client in a distributed computing environment. We discuss the design and implementation details of the Transmission Availability Forecaster (TAF) probe and present validation studies demonstrating its reliability and accuracy in the context of actual Internet conditions. The increasing popularity of distributed information services like the World Wide Web has resulted in a number of intriguing issues. One important characteristic of a network connection is the bandwidth available to clients using that connection. For document transfer applications higher bandwidth availability implies faster document transfer time. Available bandwidth depends on 1) the capacity of the path between client and server, limited by the slowest or (bottleneck) link speed, and 2) the presence of background or competing traffic, i.e. congestion. RELEASE LIMITATION Approved for public release DEPARTMENT OF DEFENC DEFENCE SCIENCE & TECHNOLOGY ORGANISATIONDSTOThis report describes the Transmission Availability Forecaster (TAF) service implemented on DSTO's Experimental Command Control Communications and Intelligence System Technology Environment (ExC3ITE) testbed for a best effort IPv4 network. TAF makes no assumptions as to support available from the network management system (for instance in providing traffic statistics) and seeks to remain autonomous and not reliant on network management support. Thus the tool will have application beyond the private ExC3ITE network.The fundamental TAF design criteria were: "* The service should be as quick as possible; "* The technique should not add undue additional traffic to the network; and "* The estimate should tend to be conservative (ie pessimistic).The challenge of predicting performance in a dynamic network was acknowledged by the ExC3ITE developers. Nevertheless, the provision of a performance estimate of the same order of magnitude as would occur, or a good estimate of the range of likely performance, would still be a valuable service in the absence of any other guidance.To address these difficulties, the current TAF provides: a minimum predicted bit rate (pessimistic estimate); a maximum predicted bit rate (a relatively optimistic estimate); and a likely expected bit rate.This report describes a basic Transmission Availability Forecaster service. Trials to date have shown it can successfully reduce the range of uncertainty of available capacity from ...

show abstract

MPKAlloc: Efficient Heap Meta-data Integrity Through Hardware Memory Protection Keys

Blair

Robertson

Egele

2022

View full text Add to dashboard Cite

scite is a Brooklyn-based organization that helps researchers better discover and understand research articles through Smart Citations–citations that display the context of the citation and describe whether the article provides supporting or contrasting evidence. scite is used by students and researchers from around the world and is funded in part by the National Science Foundation and the National Institute on Drug Abuse of the National Institutes of Health.

Contact Info

customersupport@researchsolutions.com

10624 S. Eastern Ave., Ste. A-614

Henderson, NV 89052, USA

This site is protected by reCAPTCHA and the Google Privacy Policy and Terms of Service apply.

Blog Terms and Conditions API Terms Privacy Policy Contact Cookie Preferences Do Not Sell or Share My Personal Information

Made with 💙 for researchers

Part of the Research Solutions Family.

W Blair

FlexFilt: Towards Flexible Instruction Filtering for Security

HotFuzz: Discovering Temporal and Spatial Denial-of-Service Vulnerabilities Through Guided Micro-Fuzzing

HotFuzz: Discovering Algorithmic Denial-of-Service Vulnerabilities Through Guided Micro-Fuzzing

A transmission availability forecast service for Internet protocol networks

MPKAlloc: Efficient Heap Meta-data Integrity Through Hardware Memory Protection Keys

Contact Info

Product

Resources

About