• Title/Summary/Keyword: 퍼징

Search Result 66, Processing Time 0.025 seconds

A Study on Android Emulation for Bootloader Fuzzing (안드로이드 부트로더 퍼징을 위한 에뮬레이션 연구)

  • Sang-Yu Kim;Byoung-Young Lee
    • Proceedings of the Korea Information Processing Society Conference
    • /
    • 2024.05a
    • /
    • pp.262-264
    • /
    • 2024
  • 본 연구에서는 안드로이드 부트로더의 취약점을 효과적으로 발견하기 위한 에뮬레이션 기반 퍼징 프레임워크를 제안한다. 부트로더는 높은 권한을 가지고 실행되기 때문에 취약점이 존재할 경우 심각한 보안 위협이 될 수 있다. 그러나 부트로더는 다양한 하드웨어와 상호작용하기 때문에 에뮬레이션 하기에 어려움이 많다. 이에 본 연구에서는 QEMU 에뮬레이터를 기반으로 부트로더의 주변 장치를 모델링하여 효율적인 퍼징을 수행하였다. 실험 결과, 에뮬레이션을 통해 실제 기기 대비 높은 퍼징 속도를 달성하였으며, 지속적으로 새로운 코드 영역을 발견할 수 있음을 확인하였다. 본 연구의 프레임워크는 향후 부트로더 취약점 분석 및 보안 검증에 활용될 수 있을 것으로 기대된다.

H-Fuzz: A Snapshot-Based Practical Hybrid Fuzzing (H-Fuzz: 스냅샷 기반의 실용적인 하이브리드 퍼징)

  • Jae-young Chung;Byoung-young Lee
    • Proceedings of the Korea Information Processing Society Conference
    • /
    • 2024.05a
    • /
    • pp.245-247
    • /
    • 2024
  • 프로그램의 버그는 해커에 의해 악용될 수 있기 때문에, 이를 사전에 발견하는 것이 매우 중요하다. 최근에는 프로그램의 취약점을 자동으로 찾기 위해 하이브리드 퍼징 기술이 연구되고 있다. 우리는 기존 하이브리드 퍼저들의 한계점인 부족한 확장성을 해결하고자, 스냅샷 기반 하이브리드 퍼저인 H-Fuzz 를 제안한다. H-Fuzz 는 스냅샷 기반 퍼징을 도입하여 하이브리드 퍼징의 확장성 부족 문제를 해결하였다. 그리고 기존 커버리지 기반 퍼저에 비해 H-Fuzz 가 버그를 발견하는데 효과적임을 실험을 통해 확인하였다.

File Analysis Data Auto-Creation Model For Peach Fuzzing (Peach 퍼징을 위한 파일 분석 데이터 자동 생성 모델)

  • Kim, Minho;Park, Seongbin;Yoon, Jino;Kim, Minsoo;Noh, Bong-Nam
    • Journal of the Korea Institute of Information Security & Cryptology
    • /
    • v.24 no.2
    • /
    • pp.327-333
    • /
    • 2014
  • The rapid expansion of the software industry has brought a serious security threat and vulnerability. Many softwares are constantly attacked by exploit codes using security vulnerabilities. Smart fuzzing is automated method to find software vulnerabilities. However, Many resources are consumed in fuzzing, because the fuzzing needs to create data model for target software and to analyze a data file and software binary. Therefore, The automated method for efficient smart fuzzing is needed to develop the automated data model. In this paper, through analysing the input file format and optimizing the data structure, we propose an efficient data modeling framework for smart fuzzing and implement the framework for detect software vulnerabilities.

Automated Applying Greybox Fuzzing to C/C++ Library Using Unit Test (유닛테스트를 활용한 c/c++ 라이브러리 그레이박스 퍼징 적용 자동화)

  • Jang, Joon Un;Kim, Huy Kang
    • Journal of the Korea Institute of Information Security & Cryptology
    • /
    • v.29 no.4
    • /
    • pp.807-819
    • /
    • 2019
  • Greybox fuzzing is known as an effective method to discover unknown security flaws reside in software and has been actively researched today. However, most of greybox fuzzing tools require an executable file. Because of this, a library, which cannot be executed by itself requires an additional executable file for greybox fuzzing. Generating such an executable file is challengeable because it requires both understanding of the library and fuzzing. In this research, we suggest the approach to generate an executable file automatically for a library and implement this approach as a tool based on the LLVM framework. This tool shows that executable files and seed files can be generated automatically by static/dynamic analysis of a unit test in the target project. A generated executable file is compatible with various greybox fuzzers like AFL because it has a common interface for greybox fuzzers. We show the performance of this tool as code coverage and discovered unknown security bugs using generated executable files and seed files from open source projects through this tool.

A Study of Coverage Improvement for Library Fuzzing (라이브러리 퍼징의 커버리지 향상 방법 연구)

  • Kim, Seoyoung;Cho, Mingi;Kim, Jongshin;Kwon, Taekyoung
    • Journal of the Korea Institute of Information Security & Cryptology
    • /
    • v.30 no.6
    • /
    • pp.1079-1085
    • /
    • 2020
  • Fuzzing is used to find vulnerabilities for a library. Because library fuzzing only tests the implemented functions, in order to achieve higher code coverage, additional functions that are not implemented should be implemented. However, if a function is added without regard to the calling relationship of the functions in the library, a problem may arise that the function that has already been tested is added. We propose a novel method to improve the code coverage of library fuzzing. First, we analyze the function call graph of the library to efficiently add the functions for library fuzzing, and additionally implement a library function that has not been implemented. Then, we apply a hybrid fuzzing to explore for branches with complex constraints. As a result of our experiment, we observe that the proposed method is effective in terms of increasing code coverage on OpenSSL, mbedTLS, and Crypto++.

Firmware Fuzzing Method through Pseudo-HAL Identification (유사 HAL 함수 탐색을 통한 펌웨어 퍼징 기법)

  • Jeong, Seyeon;Hwang, Eunbi;Cho, Yeongpil;Kwon, Taekyoung
    • Journal of the Korea Institute of Information Security & Cryptology
    • /
    • v.32 no.6
    • /
    • pp.1121-1125
    • /
    • 2022
  • HAL-Fuzz, a fuzzing technique to find firmware vulnerabilities, is efficient by using the HAL function of the hardware abstraction layer provided by MCU vendors. However, it cannot handle most firmware that unused the exact HAL function. In this paper, we propose a new method for identifying pseudo-HAL functions to increase the fuzzing availability of HAL-Fuzz. In experiments, we identified not only the HAL but also the pseudo-HAL functions, implemented by the developer, and that fuzzing is possible.

Method of Fuzzing Document Application Based on Android Devices (안드로이드 기반 문서 어플리케이션의 퍼징 방법론 연구)

  • Jo, Je-Gyeong;Ryou, Jae-Cheol
    • Journal of the Korea Institute of Information Security & Cryptology
    • /
    • v.25 no.1
    • /
    • pp.31-37
    • /
    • 2015
  • As the forms of cyberattacks become diverse, there has been reported another case of exploiting vulnerabilities revealed while processing either a document or multimedia file that was distributed for attacking purpose, which would replace the traditional method of distributing malwares directly. The attack is based upon the observation that the softwares such as document editer or multimedia player may reveal inherent vulnerabilities on some specific inputs. The fuzzing methods that provide invalid random inputs for test purpose could discover such exploits. This paper suggests a new fuzzing method on document applications that could work in mobile environments, in order to resolve the drawback that the existing methods run only in PC environments. Our methods could effectively discover the exploits of mobile applications, and thus could be utilized as a means of dealing with APT attacks in mobile environments.

Semantics-Preserving Mutation-Based Fuzzing on JavaScript Interpreters (자바스크립트 엔진에 대한 시맨틱 보존적 변이기반 퍼징)

  • Oh, DongHyeon;Choi, JaeSeung;Cha, SangKil
    • Journal of the Korea Institute of Information Security & Cryptology
    • /
    • v.30 no.4
    • /
    • pp.573-582
    • /
    • 2020
  • Fuzzing is a method of testing software by randomly generating test cases. Since its introduction, a variety of fuzzing techniques have been studied. Among them, mutation-based fuzzing is an efficient method that finds real-world bugs even though it uses a simple approach such as probabilistic bit-flipping and character substitution. However, the interpreter fuzzing has difficulty in applying general mutation techniques because the interpreter requires grammar and semantic correctness input values. In this paper, we present a novel mutation-based fuzzing on JavaScript interpreters with a dynamic data flow analysis. To this end, we implement JMFuzzer that can generate various types of mutated test cases that operate normally without runtime errors in JavaScript interpreter considering syntax and semantics. As a result, we found numerous unknown vulnerabilities in the latest JavaScript interpreters. We reported all of them to the vendors.

Runtime-Guard Coverage Guided Fuzzer Avoiding Deoptimization for Optimized Javascript Functions (최적화 컴파일된 자바스크립트 함수에 대한 최적화 해제 회피를 이용하는 런타임 가드 커버리지 유도 퍼저)

  • Kim, Hong-Kyo;Moon, Jong-sub
    • Journal of the Korea Institute of Information Security & Cryptology
    • /
    • v.30 no.3
    • /
    • pp.443-454
    • /
    • 2020
  • The JavaScript engine is a module that receives JavaScript code as input and processes it, among many functions that are loaded into web browsers and display web pages. Many fuzzing test studies have been conducted as vulnerabilities in JavaScript engines could threaten the system security of end-users running JavaScript through browsers. Some of them have increased fuzzing efficiency by guiding test coverage in JavaScript engines, but no coverage guided fuzzing of optimized, dynamically generated machine code was attempted. Optimized JavaScript codes are difficult to perform sufficient iterative testing through fuzzing due to the function of runtime guards to free the code in the event of exceptional control flow. To solve these problems, this paper proposes a method of performing fuzzing tests on optimized machine code by avoiding deoptimization. In addition, we propose a method to measure the coverage of runtime-guards by the dynamic binary instrumentation and to guide increment of runtime-guard coverage. In our experiment, our method has outperformed the existing method at two measures: runtime coverage and iteration by time.

Implementing a Fuzzing Agent to Dectect Buffer Overflow Vulnerability (버퍼 오버플로우 취약점 탐지를 위한 퍼징 에이전트 구현)

  • Kim, Bong-Han
    • Journal of the Korea Convergence Society
    • /
    • v.12 no.1
    • /
    • pp.11-17
    • /
    • 2021
  • If a vulnerability in the software connected to the network to obtain the user's privilege, a remote attacker could gain the privilege to use the computer. In addition, in a user environment in which an operating system for a specific series is used a lot, if a problem occurs in the operating system, considerable damage can occur. In particular, If an error is a security vulnerability, it can be a very big problem. Various studies have been conducted to find and respond to vulnerabilities in such a situation. Among various security technologies, the fuzzing technology is one of the most effective technologies to find errors in software. In this paper, I designed and implemented a fuzzing agent that can detect buffer overflow vulnerabilities that can occur in various applications. Through this fuzzing agent, application developers will be able to realize a more secure computing environment in which they can discover and fix vulnerabilities in their own applications.