Singularity: pattern fuzzing for worst case complexity

Wei, Jiayi; Chen, Jia; Yu, Feng; Ferles, Kostas; Dillig, Işıl

doi:10.1145/3236024.3236039

Cited by 31 publications

(17 citation statements)

References 36 publications

Supporting

Mentioning

Contrasting

Order By: Relevance

“…TortoiseFuzz [36] and Ankou [26] propose new coverage evaluation techinques for better seed scheduling. Some studies [21,29,37] have focused on detecting algorithmic complexity vulnerabilities based on new coverage metrics such as resource usage or execution path length.…”

Section: Related Workmentioning

confidence: 99%

CrFuzz: fuzzing multi-purpose programs through input validation

Song

Jang

et al. 2020

Proceedings of the 28th ACM Joint Meeting on European Software Engineering Conference and Symposium on the Foundations of Softw

View full text Add to dashboard Cite

Fuzz testing has been proved its effectiveness in discovering software vulnerabilities. Empowered its randomness nature along with a coverage-guiding feature, fuzzing has been identified a vast number of vulnerabilities in real-world programs. This paper begins with an observation that the design of the current state-of-the-art fuzzers is not well suited for a particular (but yet important) set of software programs. Specifically, current fuzzers have limitations in fuzzing programs serving multiple purposes, where each purpose is controlled by extra options. This paper proposes CrFuzz, which overcomes this limitation. CrFuzz designs a clustering analysis to automatically predict if a newly given input would be accepted or not by a target program. Exploiting this prediction capability, CrFuzz is designed to efficiently explore the programs with multiple purposes. We employed CrFuzz for three state-of-the-art fuzzers, AFL, QSYM, and MOpt, and CrFuzz-augmented versions have shown 19.3% and 5.68% better path and edge coverage on average. More importantly, during two weeks of long-running experiments, CrFuzz discovered 277 previously unknown vulnerabilities where 212 of those are already confirmed and fixed by the respected vendors. We would like to emphasize that many of these vulnerabilities were discoverd from FFMpeg, ImageMagick, and Graphicsmagick, all of which are targets of Google's OSS-Fuzz project and thus heavily fuzzed for last three years by far. Nevertheless, CrFuzz identified a remarkable number of vulnerabilities, demonstrating its effectiveness of vulnerability finding capability. CCS CONCEPTS • Security and privacy → Software security engineering.

show abstract

Section: Related Workmentioning

confidence: 99%

CrFuzz: fuzzing multi-purpose programs through input validation

Song

Jang

et al. 2020

Proceedings of the 28th ACM Joint Meeting on European Software Engineering Conference and Symposium on the Foundations of Softw

View full text Add to dashboard Cite

show abstract

“…Rampart [24] targets the opposite use-case of algorithm attacks: it protects applications from exhaustive CPU exhaustion DoS attacks. Instead of finding concrete inputs that exhaust programs, Singularity [30] targets at a higher abstraction level: analyzing given program code it tries to find input patterns that exhaust the program application. The work of [25] synthesizes program code of network functions in order to find challenging network traffic configurations.…”

Section: Related Workmentioning

confidence: 99%

“…This paper makes the case for a data-driven approach to measuring and evaluating the performance of a network in an adaptive, self-driving manner. Indeed, existing work on automated benchmarking and fuzzing systems either (i) targets general computing systems and hence may not lend itself readily to be adopted in a networked setting [19,22,24,26,30], (ii) aims at verifying logical properties in networked systems related to policy-compliance of configurations and implementations and ignore performance [3,21], or (iii) requires human assistance and software source code [14,25] to guide the performance evaluations and experiments, relying on hand-crafted, and often proprietary, benchmark tools, inputs, and system settings [5,18,20]. We argue that in the context of selfdriving networks the performance evaluation tool itself must also be self-driving, taking into account the specialties of networked systems and the environment these systems are typically used in.…”

Section: Introductionmentioning

confidence: 99%

“…A machine-driven approach on the other hand alleviates the network operator from manually testing through the vast parameter and state space, eliminates the human from the loop and guarantees unbiased results, and, critically, fosters reproducibility. Third, a networked system requires valid input traffic, imposing stringent constraints on the type and characteristics of the input that can be posed to such a system, which is in contrast with conventional performance fuzzing that may use arbitrary inputs [19,22,24,26,30]. Fourth, in the context of self-driving networks, where the network continuously measures and adapts itself, a means is required that can thoroughly evaluate an updated component to ensure its correct functioning.…”

Section: Introductionmentioning

confidence: 99%

See 1 more Smart Citation

NetBOA

Zerwas

Kalmbach

Henkel

et al. 2019

Proceedings of the 2019 Workshop on Network Meets AI &Amp; ML - NetAI'19

View full text Add to dashboard Cite

Communication networks have not only become a critical infrastructure of our digital society, but are also increasingly complex and hence error-prone. This has recently motivated the study of more automated and "self-driving" networks: networks which measure, analyze, and control themselves in an adaptive manner, reacting to changes in the environment. In particular, such networks hence require a mechanism to recognize potential performance issues. This paper presents NetBOA, an adaptive and "data-driven" approach to measure network performance, allowing the network to identify bottlenecks and to perform automated what-if analysis, exploring improved network configurations. As a case study, we demonstrate how the NetBOA approach can be used to benchmark a popular software switch, Open vSwitch. We report on our implementation and evaluation, and show that NetBOA can find performance issues efficiently, compared to a non-data-driven approach. Our results hence indicate that NetBOA may also be useful to identify algorithmic complexity attacks.

show abstract

“…Previous work on algorithm complexity attacks has already shown methods for generating challenging, often called adversary, algorithms inputs [8,10,13,17,18]. With the help of these inputs the authors were able to improve algorithm performance and close security holes.…”

Section: Introductionmentioning

confidence: 99%

Adversarial Network Algorithm Benchmarking

Lettner¹,

Blenk²

2019

Proceedings of the 15th International Conference on Emerging Networking EXperiments and Technologies

View full text Add to dashboard Cite

Most research papers should have one thing in common: a clear and expressive evaluation of proposed solutions to problems. However, evaluating solutions is interestingly a challenging task: when using human-constructed examples or real-world data, it is difficult to assess to which degree the data represents the input spectrum also of future demands. Moreover, evaluations which fail to show generalization might hide algorithm weak-spots, which could eventually lead to reliability and security issues later on. To solve this problem we propose Toxin, a framework for automated, data-driven benchmarking of, e.g., network algorithms. In a first proof-of-concept implementation, we use Toxin to generate challenging traffic datasets for a data center networking use case.

show abstract

Singularity: pattern fuzzing for worst case complexity

Cited by 31 publications

References 36 publications

CrFuzz: fuzzing multi-purpose programs through input validation

CrFuzz: fuzzing multi-purpose programs through input validation

NetBOA

Adversarial Network Algorithm Benchmarking

Contact Info

Product

Resources

About