Buffl
Buffl
ML neu

Fuzzying

JJ
by Jensen J.

What is Fuzzying, why is there a need for it?

  • used automated methods to perform vulnearbility analysis

  • software ever incerasing in size and complexity…

  • => challenge to test systems…


=> basically some type of random testing…


What are black box fuzzers?

  • random input into target

  • -> detect if it crashes…


Where can crashes be caused?

  • can happen inside the processor

    • exception event

    • synchronous to processor clock

  • or in processor-external hardware modules

    • failure condition by sending interrupt

    • asynchronous to processor clock -> asyncr. event

=> actual cause manifold…

What happens at the processor when receiving an interrupt or exceptiion?

  • stop execution of curr. process

  • save all process registers

  • switch to os event handler -> indocated by interr. descriptor table


  • operating system handler in turn sends a signal to the target process that evoked the interrupt.

  • To eventually sense the crash at software side, we catch the signals that are sent from the operating system to the target process and filter the fatal ones


What are feedback driven fuzzers?

  • random input

  • -> target

  • -> extract informatino from dsnamic binary instrumentaiton

  • -> evaluate

  • generate input based on evaluation

  • -> target

  • ->…


What are questions in feedback driven fuzzying?

  • which information from dynamic instrumentation should we extract?

  • how can we evaluate wuality of test cases based on this info?

  • how can we generate new test cases basd on this quality evaluation?

  • how do we create feeback loop taht provides us a full yself-adaptive fuzzer?


How do we actually want to generate random input?

  • based on stochastic process


How does markov decisino process work?

  • Reward:

  • Sum over each time step

  • discount factor gamma ^t

  • *

  • Reward at point t+1


  • Policy:

    • deterministic:

      • Maps state to action: X -> A

      • A_t = pi(X_t)

    • stochastic:

      • X -> D(A, sigma(A))

  • Value⁽policy)(x)

  • = Erwartungswert

  • of reward

  • for X0 = x


What are levy flights? How to use them?

  • observing biological systme

    • e.g. bumblebees

    • esals

    • fish

    • monkeys

  • => basically some form of traversing space…

  • => use to find next action and incorporate into markov decision process as policy…


Findings levy flights?

  • Levy flight foraging hypothesis

    • special class of stochastic processes called levy flights model real foraging behavior

  • levy flight hypothesis

    • minimize search time when foraging sources of fodd that are sparsely and randomly distributed, resting and refillable


Why use levy flights?

  • maximize coverage of execution paths


  • adjusted based on feedback


What is a fuzzing wall?

  • probabiltiy of reaching a specific part of code veeeery slim


What is a strategy to fuzz through fuzzing walls?

  • symbolic execution


Join Course
Preview

Author

Jensen J.

Information

Last changed

Report course
© 2023 Buffl GmbH