UNIFUZZ: A Holistic and Pragmatic Metrics-Driven Platform for Evaluating Fuzzers

Li, Yuwei; Ji, Shouling; Chen, Yuan; Liang, Sizhuang; Lee, Wei Han; Chen, Yueyao; Lyu, Chenyang; Wu, Chunming; Beyah, Raheem; Cheng, Peng; Lu, Kangjie; Wang, Ting

doi:10.48550/arxiv.2010.01785

Cited by 2 publications

(3 citation statements)

References 30 publications

Supporting

Mentioning

Contrasting

Order By: Relevance

“…This period of stunted progress had a deluge of academic papers which claimed superiority over AFL [46], [65], [69], [72], [83], [110], [121], with the last algorithmic update in 2017 [201]. Despite the appearance of progress, several recent papers have independently evaluated AFL with many of its derivatives and concluded that "superiority" is marginal [170], [182]. Many of the claimed victories were limited to specific conditions of the evaluation methodology, but failed to generalize when other researchers completed independent testing.…”

Section: Introductionmentioning

confidence: 99%

“…In the discipline of machine learning, Dehghani et al [166] examines the critical importance of canonical benchmarks and how the bias of benchmarks shapes the collective decisions about which algorithms are better while perhaps losing perspective on the implications of the assumed bias in the benchmarks. Other studies examine the biases within existing benchmarks or propose new benchmarks [141], [170], [183].…”

Section: Introductionmentioning

confidence: 99%

“…Additionally, some conferences, including top-tier security conferences have added optional artifact evaluation to address the issues of reproducibility, verifiability, and transparency. Finally, some papers primarily attempt to reproduce previous research in order to provide comprehensive evaluations that compares many existing systems using common benchmarks, metrics, and experimental methodology [170], [191]. To that end, the field must establish standards, identify potential pitfalls, and critically examine prior work to help researchers more precisely assess the effectiveness of research efforts and advance the maturity of the field.…”

Section: Introductionmentioning

confidence: 99%

See 2 more Smart Citations

Towards rigorous evaluation of binary testing and analysis

Bundt

View full text Add to dashboard Cite

Towards Rigorous Evaluation of Binary Testing and Analysis by Joshua BundtComputer security research is an ever-evolving field that aims to make technology more secure.Attackers constantly seek out vulnerabilities in systems, and defenders strive to introduce new controls to prevent these attacks. Attack research typically involves demonstrating the validity of an attack through a proof of concept. In contrast, defense research requires a higher level of rigor to substantiate that defenses are secure under various conditions and against a willful adversary. In this thesis, we examine the state of rigor in a specific area of defense research: binary testing and analysis. Binary testing and analysis encompasses the tasks and techniques required to evaluate binary code, which is the machine-readable representation of software programs, in order to understand program behavior, identify vulnerabilities, and ensure correctness and security. To assess the robustness of the current techniques and to provide a more rigorous methodology, we first examine the utility of synthetic bug generation as a solution to the scarcity of real bugs for fuzz testing evaluation. We conducted a large-scale measurement study evaluating existing synthetic bug generators with eight fuzzers on 20 software libraries and found that synthetic bugs are easier to discover than organic bugs and the most popular synthetic bug benchmark, LAVA-M, exhibits fundamental flaws that make it unsuitable to recommend for future research. Second, we propose a new workflow to enable humans to more effectively assist fuzz testing through compartment analysis. An empirical study of seven software libraries revealed that compartment analysis can significantly improve a fuzzing campaign even when conducted after a few hours of fuzzing. Finally, we consider the fragility of neural network binary disassemblers at the task of function boundary detection. When comparing traditional disassemblers to neural binary disassemblers, we found the latter to be vulnerable to adversarial attacks which allows the attacker to degrade function boundary detection. In response, we proposed an expanded set of benchmarks and adversarial techniques to provide a better evaluation of neural binary disassemblers. Throughout this dissertation, we propose and demonstrate improved methodologies for rigorously examining and assessing binary testing and analysis efficacy. v AcknowledgementsThe PhD journey starts with someone agreeing to take a long term risk on you despite knowing little more than your resume. For taking the initial risk, I would like to thank my advisor Wil Robertson who has guided me from start to finish while providing advice, unwaverable optimism, and tremendous patience. A special thanks to Tim Leek who took on mentoring me long before I started at Northeastern and continues to provide keen insight and frank opinions that shape my research efforts. I would also like to thank the rest of the members of my committee Pete Manolios, Guevara Noubir, and Davide Balzarotti who pr...

show abstract

Section: Introductionmentioning

confidence: 99%

Section: Introductionmentioning

confidence: 99%

Section: Introductionmentioning

confidence: 99%

See 1 more Smart Citation

Towards rigorous evaluation of binary testing and analysis

Bundt

View full text Add to dashboard Cite

show abstract

MPInspector: A Systematic and Automatic Approach for Evaluating the Security of IoT Messaging Protocols

Wang

Tian

et al. 2022

Preprint

Self Cite

View full text Add to dashboard Cite

Facilitated by messaging protocols (MP), many home devices are connected to the Internet, bringing convenience and accessibility to customers. However, most deployed MPs on IoT platforms are fragmented, which are not implemented carefully to support secure communication. To the best of our knowledge, there is no systematic solution to perform automatic security checks on MP implementations yet.To bridge the gap, we present MPInspector, the first automatic and systematic solution for vetting the security of MP implementations. MPInspector combines model learning with formal analysis and operates in three stages: (a) using parameter semantics extraction and interaction logic extraction to automatically infer the state machine of an MP implementation, (b) generating security properties based on meta properties and the state machine, and (c) applying automatic property based formal verification to identify property violations. We evaluate MPInspector on three popular MPs, including MQTT, CoAP and AMQP, implemented on nine leading IoT platforms. It identifies 252 property violations, leveraging which we further identify eleven types of attacks under two realistic attack scenarios. In addition, we demonstrate that MPInspector is lightweight (the average overhead of end-to-end analysis is ~4.5 hours) and effective with a precision of 100% in identifying property violations.

show abstract

UNIFUZZ: A Holistic and Pragmatic Metrics-Driven Platform for Evaluating Fuzzers

Cited by 2 publications

References 30 publications

Towards rigorous evaluation of binary testing and analysis

Towards rigorous evaluation of binary testing and analysis

MPInspector: A Systematic and Automatic Approach for Evaluating the Security of IoT Messaging Protocols

Contact Info

Product

Resources

About