請用此 Handle URI 來引用此文件:
http://tdr.lib.ntu.edu.tw/jspui/handle/123456789/85562
完整後設資料紀錄
DC 欄位 | 值 | 語言 |
---|---|---|
dc.contributor.advisor | 蕭旭君(Hsu-Chun Hsiao) | |
dc.contributor.author | Chi-Jen Hsieh | en |
dc.contributor.author | 謝啟仁 | zh_TW |
dc.date.accessioned | 2023-03-19T23:18:38Z | - |
dc.date.copyright | 2022-09-29 | |
dc.date.issued | 2022 | |
dc.date.submitted | 2022-09-26 | |
dc.identifier.citation | [1] ACM. Artifact review and badging current, https://www.acm.org/publications/policies/artifact-review-and-badging-current. [2] M. Böhme, Szekere, B. Ray, and C. Cadar. Journal special issue on fuzzing:what about preregistration?, Apr 2021. [3] Y. Chen, Y. Jiang, F. Ma, J. Liang, M. Wang, C. Zhou, X. Jiao, and Z. Su. EnFuzz: Ensemble fuzzing with seed synchronization among diverse fuzzers. In 28th USENIX Security Symposium (USENIX Security 19), pages 1967–1983, Santa Clara, CA, Aug. 2019. USENIX Association. [4] J.F.ClaerboutandM.Karrenbach.Electronicdocumentsgivereproducibleresearch a new meaning: 62nd ann. In SEG Technical Program Expanded Abstracts 1992, 1992. [5] A. Fioraldi, D. Maier, H. Eißfeldt, and M. Heuse. Afl++: Combining incremental steps of fuzzing research. In 14th {USENIX} Workshop on Offensive Technologies ({WOOT} 20), 2020. [6] fuzzingworkshop. Fuzzing workshop 2022. https://fuzzingworkshop.github.io/. [7] A. Hazimeh, A. Herrera, and M. Payer. Magma. Proceedings of the ACM on Measurement and Analysis of Computing Systems, 4(3):1–29, nov 2020. [8] D. Hiemstra, M.-F. Moens, J. Mothe, R. Perego, M. Potthast, and F. Sebastiani. Advances in Information Retrieval: 43rd European Conference on IR Research, ECIR 2021, Virtual Event, March 28–April 1, 2021, Proceedings, Part I, volume 12656. Springer Nature, 2021. [9] C.-C. Hsu, C. Wu, H.-C. Hsiao, and S.-K. Huang. Instrim: Lightweight instrumentation for coverage-guided fuzzing. 2018. [10] G. Klees, A. Ruef, B. Cooper, S. Wei, and M. Hicks. Evaluating fuzz testing. In Proceedings of the 2018 ACM SIGSAC Conference on Computer and Communications Security, CCS ’18, page 2123–2138, New York, NY, USA, 2018. Association for Computing Machinery. [11] C. Lattner and V. Adve. Llvm: A compilation framework for lifelong program analysis & transformation. In International Symposium on Code Generation and Optimization, 2004. CGO 2004., pages 75–86. IEEE, 2004. [12] J.Liang,Y.Jiang,Y.Chen,M.Wang,C.Zhou,andJ.Sun.Pafl:Extendfuzzing optimizations of single mode to industrial parallel mode. In Proceedings of the 2018 26th ACM Joint Meeting on European Software Engineering Conference and Symposium on the Foundations of Software Engineering, ESEC/FSE 2018, page 809–814, New York, NY, USA, 2018. Association for Computing Machinery. [13] llvm-admin team. Libfuzzer a library for coverage-guided fuzz testing. https:// llvm.org/docs/libfuzzer.html, Aug 2022. [14] J. Metzman, L. Szekeres, L. Simon, R. Sprabery, and A. Arya. Fuzzbench: an open fuzzer benchmarking platform and service. In Proceedings of the 29th ACM Joint Meeting on European Software Engineering Conference and Symposium on the Foundations of Software Engineering, pages 1393–1403, 2021. [15] National Academies of Sciences, Engineering, and Medicine. Reproducibility and Replicability in Science. The National Academies Press, Washington, DC, 2019. [16] NeurIPS.Reproducibilityreportformlreproducibilitychallenge2022.https://open- review.net/forum?id=s9ilqhz7hak. [17] J. Pineau, P. Vincent-Lamarre, K. Sinha, V. Larivière, A. Beygelzimer, F. d'Alché Buc, E. Fox, and H. Larochelle. Improving reproducibility in machine learning research: a report from the neurips 2019 reproducibility program. Journal of Machine Learning Research, 22, 2021. [18] K. Serebryany. Oss-fuzz-google’s continuous fuzzing service for open source software. In 26th USENIX Security Symposium, 2017. [19] M. Wang, J. Liang, C. Zhou, Y. Jiang, R. Wang, C. Sun, and J. Sun. RIFF: Reduced instruction footprint for Coverage-Guided fuzzing. In 2021 USENIX Annual Technical Conference (USENIX ATC 21), pages 147–159. USENIX Association, July 2021. [20] M. Zalewski. American fuzzy lop (2.52b). https:// lcamtuf.coredump.cx/ afl/, Jun 2020. | |
dc.identifier.uri | http://tdr.lib.ntu.edu.tw/jspui/handle/123456789/85562 | - |
dc.description.abstract | 模糊測試是一種自動化偵測軟體漏洞的技術,許多模糊測試工具已經被開發出來,並且成功地辨識出真實世界軟體中的關鍵漏洞。然而,因為模糊測試工具 中的運算邏輯存在著非確定行為(例如隨機生成的測試輸入與隨時間變化的條件),研究人員難以驗證關於模糊測試工具的說法(例如更好的代碼覆蓋率或是發現更 多的漏洞)。目前的研究人員只能透過進行多次重覆實驗,並檢查結果是否一致來驗證相關說法。 為了使驗證的過程更簡單,這篇論文探討了具有可重複性的模糊測試。可重複性指的是經過相同的計算過程並產生完全一致的結果,這使得捏造數據或是偽造結果變得更加困難。這篇論文顯示出我們可以在不影響其功能和性能的情況下使得模糊測試具有可重複性。 為了實現這一目標,我們首先找出了使模糊測試無法重現的因素,並將其分 為五類:隨機性、環境、時間、平行化和目標程式。然後我們對每個因素提出補救措施。按照所提出的準則,我們將AFL修改成可重複性的版本並稱之為ReAFL。我們的評估表明,ReAFL成功地重現了各種目標程序的模糊測試實驗。此外,ReAFL在實驗階段和重現階段都取得了與AFL相當的性能。這篇論文可做為引導使得其他研究人員可以自行將自己所進行的模糊測試實驗改為具有可重複性的版本。 | zh_TW |
dc.description.abstract | Fuzzing is a technique to automate the discovery of software vulnerabilities. Many fuzzing tools have been developed and successfully identified critical vulnerabilities in real-world software. However, claims about fuzzing tools are sometimes hard to vali- date because they have ingrained non-deterministic behaviors in their algorithmic logic, such as randomly generated test inputs and time-dependent conditions. To validate such a claim (e.g., better code coverage or more bugs found), researchers today will repeat the experiment multiple times and see whether the results are consistent. This work aims to ease this validation process by exploring the concept of repro- ducible fuzzing. Reproducibility requires generating identical computational procedures and results, making it harder to fabricate data or falsify results. We show that it is possible to make fuzzers reproducible without affecting their func- tionality and performance. To achieve this, we first identify factors that make the fuzzing non-reproducible and group them into five categories: randomness, environment, time, parallelization, and target program. We then propose remediation for each factor. Fol- lowing the proposed guideline, we modify AFL to support reproducibility, and the re- sulting tool is called ReAFL. Our evaluation shows that ReAFL successfully reproduces the fuzzing results on a wide range of target programs. Also, ReAFL achieves comparable performance to AFL during both the fuzzing and reproduction phases. Our work can serve as a guideline for developing reproducible fuzzers. | en |
dc.description.provenance | Made available in DSpace on 2023-03-19T23:18:38Z (GMT). No. of bitstreams: 1 U0001-2409202214395800.pdf: 1842440 bytes, checksum: b8ca034fb446e47be92734a8e5e690b1 (MD5) Previous issue date: 2022 | en |
dc.description.tableofcontents | Verification Letter from the Oral Examination Committee i Acknowledgements iii 摘要 v Abstract vii Contents ix List of Figures xiii List of Tables xv Chapter 1 Introduction p1 Chapter 2 Background & Related Work p7 2.1 Reproducibility p7 2.2 Related work p8 Chapter 3 Factors of Non-reproducibility p11 3.1 Randomness p11 3.1.1 Pseudo-random number generators p11 3.1.2 True random number generators p12 3.2 Environment p12 3.2.1 Configuration p12 3.2.2 Software Dependency p13 3.3.3 Low-level System p13 3.3 Time p14 3.3.1 Execution Time Per Input p14 3.3.2 Overall Execution Time p15 3.4 Parallelization p15 3.5 Target Program p16 Chapter 4 Design Guidelines p17 4.1 Randomness p17 4.1.1 PRNG p17 4.1.2 TRNG p18 4.2 Environment p18 4.3 Time p19 4.3.1 Execution Time Per Input p19 4.3.2 Overall Execution Time p21 4.4 Parallelization p21 4.5 TargetProgram p23 Chapter 5 Implementation p25 5.1 Randomness p25 5.2 Parallelization p26 5.3 Environment p27 5.4 Time p28 5.4.1 Execution Time Per Input p28 5.4.2 Overall Execution Time p29 5.5 TargetProgram p29 Chapter 6 Evaluation p33 6.1 Environment p33 6.2 Target Selection p34 6.3 Experiment p34 Chapter 7 Discussion p43 Chapter 8 Conclusion & Future Work p47 References p49 | |
dc.language.iso | en | |
dc.title | 實現可再現的模糊測試 | zh_TW |
dc.title | Toward Reproducible Fuzzing | en |
dc.type | Thesis | |
dc.date.schoolyear | 110-2 | |
dc.description.degree | 碩士 | |
dc.contributor.oralexamcommittee | 黃世昆(Shih-Kun Huang),黃俊穎(Chun-Ying Huang) | |
dc.subject.keyword | 模糊測試,再現性, | zh_TW |
dc.subject.keyword | Fuzzing,Reproducibility, | en |
dc.relation.page | 51 | |
dc.identifier.doi | 10.6342/NTU202203969 | |
dc.rights.note | 同意授權(全球公開) | |
dc.date.accepted | 2022-09-27 | |
dc.contributor.author-college | 電機資訊學院 | zh_TW |
dc.contributor.author-dept | 資訊工程學研究所 | zh_TW |
dc.date.embargo-lift | 2022-09-29 | - |
顯示於系所單位: | 資訊工程學系 |
文件中的檔案:
檔案 | 大小 | 格式 | |
---|---|---|---|
U0001-2409202214395800.pdf | 1.8 MB | Adobe PDF | 檢視/開啟 |
系統中的文件,除了特別指名其著作權條款之外,均受到著作權保護,並且保留所有的權利。