Applying Binary Patch Comparison to Cisco IOS

Sun, Haichun; Liu, Shengli; Xiao, Da; Xiao, Ruiqing

doi:10.1145/3171592.3171622

Cited by 1 publication

(1 citation statement)

References 1 publication

Supporting

Mentioning

Contrasting

Order By: Relevance

“…Software manufacturers do not generally indicate the exact locations and possible causes of vulnerabilities in their security announcements while releasing a patch file. By comparing the differences between the post-patched file and its pre-patched version, it is not difficult to locate the vulnerabilities [11], [12]. However, the technique of binary comparison is not suitable for finding undiscovered vulnerabilities.…”

Section: Related Workmentioning

confidence: 99%

Discovering Software Vulnerabilities Based on Fuzz Testing

Chung¹

2019

JCP

View full text Add to dashboard Cite

In the era of the Internet, information security issues are of paramount importance. Software packages invariably have security vulnerabilities. If exploited by malicious hackers, vulnerabilities can cause substantial losses to software corporations and end users. Due to the increase in Advanced Persistent Threat (APT) attacks, vulnerabilities have to be discovered as rapidly as possible. This research focuses on Microsoft Office Word software and proposes the fuzzing vulnerability digging model. In the field of fuzz testing, the traditional approaches consume considerable time and system resources without analyzing file formats. Therefore, the fuzzing vulnerability digging model proposed in this research examines the file format to identify any possible weaknesses. According to the experiments, our proposed model outperforms two benchmarking models, i.e. the FileFuzz tester and MiniFuzz tester, for a fixed period of time. Finally, we present an example which imitates a Shellcode attack carried out via the weaknesses discovered by the proposed model. According to the comparison results, the proposed model has the potential to identify weaknesses in MS Office Word software more effectively and efficiently.

show abstract

Section: Related Workmentioning

confidence: 99%

Discovering Software Vulnerabilities Based on Fuzz Testing

Chung¹

2019

JCP

View full text Add to dashboard Cite

show abstract

Applying Binary Patch Comparison to Cisco IOS

Cited by 1 publication

References 1 publication

Discovering Software Vulnerabilities Based on Fuzz Testing

Discovering Software Vulnerabilities Based on Fuzz Testing

Contact Info

Product

Resources

About