检索规则说明:AND代表“并且”;OR代表“或者”;NOT代表“不包含”;(注意必须大写,运算符两边需空一格)
检 索 范 例 :范例一: (K=图书馆学 OR K=情报学) AND A=范并思 范例二:J=计算机应用与软件 AND (U=C++ OR U=Basic) NOT M=Visual
名 称:
注 释:
作 者:Gen Zhang Peng-Fei Wang Tai Yue Xiang-Dong Kong Xu Zhou Kai Lu 张根;王鹏飞;乐泰;孔祥东;周旭;卢凯(College of Computer Science and Technology,National University of Defense Technology,Changsha^10073,China)
出 处:《Journal of Computer Science & Technology》2022年第2期405-422,共18页计算机科学技术学报(英文版)
基 金:supported by the National High-Level Personnel for Defense Technology Program of China under Grant No.2017-JCJQ-ZQ-013;the National Natural Science Foundation of China under Grant Nos.61902405 and 61902412;the Natural Science Foundation of Hunan Province of China under Grant No.2021JJ40692;the Parallel and Distributed Processing Research Foundation under Grant No.6142110190404;and the Research Project of National University of Defense Technology under Grant Nos.ZK20-09 and ZK20-17.
摘 要:Grey-box fuzzing is an effective technology to detect software vulnerabilities,such as memory corruption.Previous fuzzers in detecting memory corruption bugs either use heavy-weight analysis,or use techniques which are not customized for memory corruption detection.In this paper,we propose a novel memory bug guided fuzzer,ovAFLow.To begin with,we broaden the memory corruption targets where we frequently identify bugs.Next,ovAFLow utilizes light-weight and effective methods to build connections between the fuzzing inputs and these corruption targets.Based on the connection results,ovAFLow uses customized techniques to direct the fuzzing process closer to memory corruption.We evaluate ovAFLow against state-of-the-art fuzzers,including AFL(american fuzzy lop),AFLFast,FairPuzz,QSYM,Angora,TIFF,and TortoiseFuzz.The evaluation results show better vulnerability detection ability of ovAFLow,and the performance overhead is acceptable.Moreover,we identify 12 new memory corruption bugs and two CVEs(common vulnerability exposures)with the help of ovAFLow.
关 键 词:FUZZING memory corruption taint inference
分 类 号:TP333.1[自动化与计算机技术—计算机系统结构]
正在载入数据...
正在载入数据...
正在载入数据...
正在载入数据...
正在载入数据...
正在载入数据...
正在载入数据...
正在链接到云南高校图书馆文献保障联盟下载...
云南高校图书馆联盟文献共享服务平台 版权所有©
您的IP:216.73.216.145