Proceedings 2019 Network and Distributed System Security Symposium 2019
DOI: 10.14722/ndss.2019.23263
|View full text |Cite
|
Sign up to set email alerts
|

CodeAlchemist: Semantics-Aware Code Generation to Find Vulnerabilities in JavaScript Engines

Abstract: JavaScript engines are an attractive target for attackers due to their popularity and flexibility in building exploits. Current state-of-the-art fuzzers for finding JavaScript engine vulnerabilities focus mainly on generating syntactically correct test cases based on either a predefined context-free grammar or a trained probabilistic language model. Unfortunately, syntactically correct JavaScript sentences are often semantically invalid at runtime. Furthermore, statically analyzing the semantics of JavaScript … Show more

Help me understand this report

Search citation statements

Order By: Relevance

Paper Sections

Select...
2
1
1
1

Citation Types

1
80
0
1

Year Published

2020
2020
2024
2024

Publication Types

Select...
4
2
1

Relationship

0
7

Authors

Journals

citations
Cited by 82 publications
(82 citation statements)
references
References 21 publications
1
80
0
1
Order By: Relevance
“…This also demonstrates the advantage that a custom interpreter provides by focusing on useful interactions. This finding is inline with recent research on grammar-based fuzzing [10], [12], [29], [36], [39].…”
Section: ) Old Cvessupporting
confidence: 90%
See 1 more Smart Citation
“…This also demonstrates the advantage that a custom interpreter provides by focusing on useful interactions. This finding is inline with recent research on grammar-based fuzzing [10], [12], [29], [36], [39].…”
Section: ) Old Cvessupporting
confidence: 90%
“…Triggered by the publication and widespread success of AFL, a myriad of research projects aimed to strengthen the bug finding ability of fuzzers in various scenarios. In most cases, the algorithms used for scheduling [13]- [15], [41], [49], feedback [2], [21], [31], [33], and mutations [10], [11], [29], [36], [39] were improved. In other projects, techniques based on concolic execution [22]- [24], [28], [34], [45], [48], [53], [55] or taint tracking [17], [40] were combined with fuzzing to solve "fuzzing roadblocks" such as magic bytes.…”
Section: Related Workmentioning
confidence: 99%
“…Automatic test case generation is useful for testing language interpreters and compilers [13,16,17,39] and libraries [7,12,22,24,27]. Some mutate and piece together existing code segment [16,19], some generate code from scratch [13,39], and some like ours, generate API call chains [7,12,27].…”
Section: Related Workmentioning
confidence: 99%
“…GBFs are good methods to avoid this aforementioned problem. They leverage predefined grammars as the guidance of mutation ( [31], [32], [36]) or generation ( [30], [33]), so that the generated inputs have a large probability to pass the syntax and semantic check of the parser, so as to decrease the number of invalid inputs and improve the fuzzing result. Grammars are very effective prior knowledge, defining the organizational rules and structure of a programming language.…”
Section: A Greybox Fuzzingmentioning
confidence: 99%
“…Researchers are more inclined to take advantage of prior knowledge like Context-Free Grammars (CFGs) to guide the progress of mutation. In the process of fuzzing, grammars are often utilized to generate valid initial seeds (e.g., [30] [33]) or to guide mutation (e.g., [31] [32] [36]).…”
Section: Introductionmentioning
confidence: 99%