fuzzing.pdf - Software Protection Security Vulnerability Detection Shuai Wang Some of the slides are written by Suman Jana An Attack How exactly can we

fuzzing.pdf - Software Protection Security Vulnerability...

This preview shows page 1 - 12 out of 47 pages.

Software Protection: Security Vulnerability Detection Shuai Wang Some of the slides are written by Suman Jana.
Image of page 1

Subscribe to view the full document.

An Attack 1. create a “user” 4. “login” 3. specify a “service” for use 2. cleanup and remove “user” a vulnerable server code strdup: allocate a chunk of mem on heap How exactly can we find “vulnerabilities”?
Image of page 2
Vulnerability Finding Today Security bugs can bring $500-$100,000 on the open market Good bug finders make $180-$250/hr consulting Few companies can find good people, many don’t even realize this is possible. Google: Team Zero; Tencent: Keen Lab; … Still largely a black art
Image of page 3

Subscribe to view the full document.

Security Vulnerabilities What can an attacker do with Security bugs? avoid authentication privilege escalation bypass security check deny service run code remotely Basically whatever you want.
Image of page 4
Automatic Vulnerability Detection Find a needle in a haystack
Image of page 5

Subscribe to view the full document.

Automatic Vulnerability Detection Fuzz testing ß discuss today. Taint analysis (information flow) ß next time Concolic execution ß more comprehensive than testing Symbolic execution ß more comprehensive than testing Type system Formal verification
Image of page 6
Formal Verification Formal verification can (ideally) completely eliminate vulnerabilities. Mathematically prove the absence of bugs. How to I know the insertion sort will always return a sorted list?
Image of page 7

Subscribe to view the full document.

Formal Verification You can prove it, as how you prove some Euclidean geometry properties. Proof Haven’t finished yet.. Computer will check the correctness
Image of page 8
Formal Verification Two important elements in a formal verification: Specification ß what properties I would like to prove? Sorting? Or memory safety? Inductive proofs You write your proof as code, and computers will check the correctness of your proof. Difficult to come up with the proof, but relatively easy to verify a given proof.
Image of page 9

Subscribe to view the full document.

But no solution is perfect! Even formal verification But impractical in general… Formal verification is hard in general, impossible for big things. Take a Ph.D. several years, write million lines (?) of proof code, to verify (simple) memory safety properties of a tiny OS kernel component 10 x N lines of proof for N lines of code, or even worse. Adoption of formal verification in the industry
Image of page 10
Type System Type system ( safe language ) Provide strong guarantee on well-typed programs Suppose we have two variables N and M in our financial trading software. N x M ß seems all right N x M ß but not correct if N’s type is US Dollars and M’s type is HK Dollars Obviously this doesn’t eliminate all problems, although with such “annotations” we can quickly pinpoint some defects.
Image of page 11

Subscribe to view the full document.

Image of page 12
  • Fall '18

What students are saying

  • Left Quote Icon

    As a current student on this bumpy collegiate pathway, I stumbled upon Course Hero, where I can find study resources for nearly all my courses, get online help from tutors 24/7, and even share my old projects, papers, and lecture notes with other students.

    Student Picture

    Kiran Temple University Fox School of Business ‘17, Course Hero Intern

  • Left Quote Icon

    I cannot even describe how much Course Hero helped me this summer. It’s truly become something I can always rely on and help me. In the end, I was not only able to survive summer classes, but I was able to thrive thanks to Course Hero.

    Student Picture

    Dana University of Pennsylvania ‘17, Course Hero Intern

  • Left Quote Icon

    The ability to access any university’s resources through Course Hero proved invaluable in my case. I was behind on Tulane coursework and actually used UCLA’s materials to help me move forward and get everything together on time.

    Student Picture

    Jill Tulane University ‘16, Course Hero Intern

Ask Expert Tutors You can ask 0 bonus questions You can ask 0 questions (0 expire soon) You can ask 0 questions (will expire )
Answers in as fast as 15 minutes