• Title/Summary/Keyword: Call graph

Search Result 42, Processing Time 0.021 seconds

A Study of Coverage Improvement for Library Fuzzing (라이브러리 퍼징의 커버리지 향상 방법 연구)

  • Kim, Seoyoung;Cho, Mingi;Kim, Jongshin;Kwon, Taekyoung
    • Journal of the Korea Institute of Information Security & Cryptology
    • /
    • v.30 no.6
    • /
    • pp.1079-1085
    • /
    • 2020

  • Fuzzing is used to find vulnerabilities for a library. Because library fuzzing only tests the implemented functions, in order to achieve higher code coverage, additional functions that are not implemented should be implemented. However, if a function is added without regard to the calling relationship of the functions in the library, a problem may arise that the function that has already been tested is added. We propose a novel method to improve the code coverage of library fuzzing. First, we analyze the function call graph of the library to efficiently add the functions for library fuzzing, and additionally implement a library function that has not been implemented. Then, we apply a hybrid fuzzing to explore for branches with complex constraints. As a result of our experiment, we observe that the proposed method is effective in terms of increasing code coverage on OpenSSL, mbedTLS, and Crypto++.

  • https://doi.org/10.13089/JKIISC.2020.30.6.1079 인용 PDF KSCI HTML

A Sanitizer for Detecting Vulnerable Code Patterns in uC/OS-II Operating System-based Firmware for Programmable Logic Controllers (PLC용 uC/OS-II 운영체제 기반 펌웨어에서 발생 가능한 취약점 패턴 탐지 새니타이저)

  • Han, Seungjae;Lee, Keonyong;You, Guenha;Cho, Seong-je
    • Journal of Software Assessment and Valuation
    • /
    • v.16 no.1
    • /
    • pp.65-79
    • /
    • 2020

  • As Programmable Logic Controllers (PLCs), popular components in industrial control systems (ICS), are incorporated with the technologies such as micro-controllers, real-time operating systems, and communication capabilities. As the latest PLCs have been connected to the Internet, they are becoming a main target of cyber threats. This paper proposes two sanitizers that improve the security of uC/OS-II based firmware for a PLC. That is, we devise BU sanitizer for detecting out-of-bounds accesses to buffers and UaF sanitizer for fixing use-after-free bugs in the firmware. They can sanitize the binary firmware image generated in a desktop PC before downloading it to the PLC. The BU sanitizer can also detect the violation of control flow integrity using both call graph and symbols of functions in the firmware image. We have implemented the proposed two sanitizers as a prototype system on a PLC running uC/OS-II and demonstrated the effectiveness of them by performing experiments as well as comparing them with the existing sanitizers. These findings can be used to detect and mitigate unintended vulnerabilities during the firmware development phase.

  • https://doi.org/10.29056/jsav.2020.06.08 인용