Smarter fuzzing using sound and precise static analyzers
Size: px
Start display at page:

Download "Smarter fuzzing using sound and precise static analyzers"

Transcription

1 Smarter fuzzing using sound and precise static analyzers Pascal Cuoq, Chief Scientist, TrustInSoft January 31, 2017 Pascal Cuoq, Chief Scientist, TrustInSoft smarter fuzzing January 31, / 8

2 Introduction Basis of this presentation: Result graphs for an abstract interpretation-based static analyzer JFLA 2017 Pascal Cuoq, Chief Scientist, TrustInSoft smarter fuzzing January 31, / 8

3 Fuzzing American Fuzzy Lop (a-fuzz) Work of Michal Zalewski (lcamtuf) Now a constellation of tools, some contributed by others Easy to use compile target with a-gcc (instrumenting compiler) let a-fuzz discover input les that explore program behaviors Pascal Cuoq, Chief Scientist, TrustInSoft smarter fuzzing January 31, / 8

4 Fuzzing American Fuzzy Lop (a-fuzz) Work of Michal Zalewski (lcamtuf) Now a constellation of tools, some contributed by others Easy to use compile target with a-gcc (instrumenting compiler) let a-fuzz discover input les that explore program behaviors Genetic: new inputs are generated by random mutations of existing inputs Pascal Cuoq, Chief Scientist, TrustInSoft smarter fuzzing January 31, / 8

5 Fuzzing Example 1: the ASN.1 parser libksba a-fuzz generates a 1KB le. Parsed as a X.509 certicate on a 128GiB workstation, parser allocates 60GiB several seconds to initialize this memory Denial of Service (details: ) Pascal Cuoq, Chief Scientist, TrustInSoft smarter fuzzing January 31, / 8

6 Fuzzing Example 2: mbedtls ASN.1 parser int main(int c, char*v[]) {... int ret = mbedtls_x509_crt_parse_file( &crt, v[1] ); if( ret!= 0 ) { printf( "failed\n" ); } else { printf( "success\n" ); uint32_t flags; ret = mbedtls_x509_crt_verify( &crt, &crt, NULL, NULL, &flags } Function crt_parse_file is very well-tested by AFL-generated inputs Pascal Cuoq, Chief Scientist, TrustInSoft smarter fuzzing January 31, / 8

7 Fuzzing Example 2: mbedtls ASN.1 parser int main(int c, char*v[]) {... int ret = mbedtls_x509_crt_parse_file( &crt, v[1] ); if( ret!= 0 ) { } else { } printf( "failed\n" ); printf( "success\n" ); uint32_t flags; ret = mbedtls_x509_crt_verify( &crt, &crt, NULL, NULL, &flags Function crt_parse_file is very well-tested by AFL-generated inputs Problem: only a few tests nd their way through to crt_verify Pascal Cuoq, Chief Scientist, TrustInSoft smarter fuzzing January 31, / 8

8 Improving fuzzing First example: dicult to reproduce: requires 60GiB or RAM Pascal Cuoq, Chief Scientist, TrustInSoft smarter fuzzing January 31, / 8

9 Improving fuzzing First example: dicult to reproduce: requires 60GiB or RAM Solution: whole-program dependency analysis Identies bytes in input le that are decoded into a size passed to calloc Pascal Cuoq, Chief Scientist, TrustInSoft smarter fuzzing January 31, / 8

10 Improving fuzzing First example: dicult to reproduce: requires 60GiB or RAM Solution: whole-program dependency analysis Identies bytes in input le that are decoded into a size passed to calloc Second example: adequate coverage requires too much patience Pascal Cuoq, Chief Scientist, TrustInSoft smarter fuzzing January 31, / 8

11 Improving fuzzing First example: dicult to reproduce: requires 60GiB or RAM Solution: whole-program dependency analysis Identies bytes in input le that are decoded into a size passed to calloc Second example: adequate coverage requires too much patience Solution: whole-program dependency analysis Identies input bytes that can be changed while still passing validation focus on exploring second phase of program, with each testcase Pascal Cuoq, Chief Scientist, TrustInSoft smarter fuzzing January 31, / 8

12 Whole-program dependency analysis Whole-program dependencies analysis data dependencies: y is computed from z path dependencies: y is computed dierently depending on c address dependencies: y is dierent depending where p points if (c) y = 0; else y = z + *p; int res = f(); if (res) error(); else g(y); Pascal Cuoq, Chief Scientist, TrustInSoft smarter fuzzing January 31, / 8

13 Conclusion ABS as a metaphor for sound static analysis The Anti-lock Breaking System initially was mostly reserved to aircrafts Concorde sported the rst fully electronic ABS system Pascal Cuoq, Chief Scientist, TrustInSoft smarter fuzzing January 31, / 8

14 Conclusion ABS as a metaphor for sound static analysis The Anti-lock Breaking System initially was mostly reserved to aircrafts Concorde sported the rst fully electronic ABS system Then race cars Pascal Cuoq, Chief Scientist, TrustInSoft smarter fuzzing January 31, / 8

15 Conclusion ABS as a metaphor for sound static analysis The Anti-lock Breaking System initially was mostly reserved to aircrafts Concorde sported the rst fully electronic ABS system Then race cars Then everybody's car Pascal Cuoq, Chief Scientist, TrustInSoft smarter fuzzing January 31, / 8

16 Conclusion ABS as a metaphor for sound static analysis The Anti-lock Breaking System initially was mostly reserved to aircrafts Concorde sported the rst fully electronic ABS system Then race cars Then everybody's car Fuzzing does not guarantee to nd all bugs Wouldn't do a precise, sound dependency analysis just to help with fuzzing But if you have such an analysis, it really helps Pascal Cuoq, Chief Scientist, TrustInSoft smarter fuzzing January 31, / 8

Similar documents

Fuzzing. compass-security.com 1

Fuzzing. compass-security.com 1 Fuzzing compass-security.com 1 Fuzzing Finding bugs by bombarding target with nonconform data Think: Flip a few bits in a PDF, then start Acrobat with that PDF Just more automated Steps: Create input corpus

More information

The Fuzzing Project https://fuzzing-project.org/

The Fuzzing Project https://fuzzing-project.org/ The Fuzzing Project https://fuzzing-project.org/ Hanno Böck 1 / 18 Motivation Motivation Fuzzing C Memory Bugs Invalid memory access example Do you use tools like strings, less, file, convert, ldd, unzip,...?

More information

Writing a fuzzer. for any language with american fuzzy lop. Ariel Twistlock Labs

Writing a fuzzer. for any language with american fuzzy lop. Ariel Twistlock Labs Writing a fuzzer for any language with american fuzzy lop Ariel Zelivansky @ Twistlock Labs What is fuzzing? Technique for testing software by providing it with random, unexpected or invalid input Dumb

More information

Rabbit in the Loop. A primer on feedback directed fuzzing using American Fuzzy Lop. by Kevin Läufer

Rabbit in the Loop. A primer on feedback directed fuzzing using American Fuzzy Lop. by Kevin Läufer Rabbit in the Loop A primer on feedback directed fuzzing using American Fuzzy Lop Abstract by Kevin Läufer This guide aims to provide the reader with a good intuition about the

More information

Coverage-guided Fuzzing of Individual Functions Without Source Code

Coverage-guided Fuzzing of Individual Functions Without Source Code Coverage-guided Fuzzing of Individual Functions Without Source Code Alessandro Di Federico Politecnico di Milano October 25, 2018 1 Index Coverage-guided fuzzing An overview of rev.ng Experimental results

More information

Automatic program generation for detecting vulnerabilities and errors in compilers and interpreters

Automatic program generation for detecting vulnerabilities and errors in compilers and interpreters Automatic program generation for detecting vulnerabilities and errors in compilers and interpreters 0368-3500 Nurit Dor Shir Landau-Feibish Noam Rinetzky Preliminaries Students will group in teams of 2-3

More information

KLEE Workshop Feeding the Fuzzers. with KLEE. Marek Zmysłowski MOBILE SECURITY TEAM R&D INSTITUTE POLAND

KLEE Workshop Feeding the Fuzzers. with KLEE. Marek Zmysłowski MOBILE SECURITY TEAM R&D INSTITUTE POLAND Feeding the Fuzzers with KLEE Marek Zmysłowski MOBILE SECURITY TEAM R&D INSTITUTE POLAND This presentation was created with help and commitment of the Samsung R&D Poland Mobile Security team. KLEE and

More information

residual residual program final result

residual residual program final result C-Mix: Making Easily Maintainable C-Programs run FAST The C-Mix Group, DIKU, University of Copenhagen Abstract C-Mix is a tool based on state-of-the-art technology that solves the dilemma of whether to

More information

NAME gcov coverage testing tool SYNOPSIS

NAME gcov coverage testing tool SYNOPSIS NAME gcov coverage testing tool SYNOPSIS gcov [ v version] [ h help] [ a all blocks] [ b branch probabilities] [ c branch counts] [ n no output] [ l long le names] [ p preserve paths] [ f function summaries]

More information

logistics: ROP assignment

logistics: ROP assignment bug-finding 1 logistics: ROP assignment 2 2013 memory safety landscape 3 2013 memory safety landscape 4 different design points memory safety most extreme disallow out of bounds usually even making out-of-bounds

More information

Copyright 2015 MathEmbedded Ltd.r. Finding security vulnerabilities by fuzzing and dynamic code analysis

Copyright 2015 MathEmbedded Ltd.r. Finding security vulnerabilities by fuzzing and dynamic code analysis Finding security vulnerabilities by fuzzing and dynamic code analysis Security Vulnerabilities Top code security vulnerabilities don t change much: Security Vulnerabilities Top code security vulnerabilities

More information

Structure-aware fuzzing

Structure-aware fuzzing Structure-aware fuzzing for real-world projects Réka Kovács Eötvös Loránd University, Hungary rekanikolett@gmail.com 1 Overview tutorial, no groundbreaking discoveries Motivation growing code size -> growing

More information

Chapter 11 Introduction to Programming in C

Chapter 11 Introduction to Programming in C Chapter 11 Introduction to Programming in C C: A High-Level Language Gives symbolic names to values don t need to know which register or memory location Provides abstraction of underlying hardware operations

More information

Applications. Cloud. See voting example (DC Internet voting pilot) Select * from userinfo WHERE id = %%% (variable)

Applications. Cloud. See voting example (DC Internet voting pilot) Select * from userinfo WHERE id = %%% (variable) Software Security Requirements General Methodologies Hardware Firmware Software Protocols Procedure s Applications OS Cloud Attack Trees is one of the inside requirement 1. Attacks 2. Evaluation 3. Mitigation

More information

Important From Last Time

Important From Last Time Important From Last Time Embedded C Pros and cons Macros and how to avoid them Intrinsics Interrupt syntax Inline assembly Today Advanced C What C programs mean How to create C programs that mean nothing

More information

Important From Last Time

Important From Last Time Important From Last Time Embedded C Ø Pros and cons Macros and how to avoid them Intrinsics Interrupt syntax Inline assembly Today Advanced C What C programs mean How to create C programs that mean nothing

More information

Reverse Engineering with a CASE Tool. Bret Johnson. Research advisors: Spencer Rugaber and Rich LeBlanc. October 6, Abstract

Reverse Engineering with a CASE Tool. Bret Johnson. Research advisors: Spencer Rugaber and Rich LeBlanc. October 6, Abstract Reverse Engineering with a CASE Tool Bret Johnson Research advisors: Spencer Rugaber and Rich LeBlanc October 6, 994 Abstract We examine using a CASE tool, Interactive Development Environment's Software

More information

CS 161 Computer Security

CS 161 Computer Security Popa & Wagner Spring 2016 CS 161 Computer Security Homework 2 Due: Monday, February 22nd, at 11:59pm Instructions. This homework is due Monday, February 22nd, at 11:59pm. It must be submitted electronically

More information

Software Security IV: Fuzzing

Software Security IV: Fuzzing 1 Software Security IV: Fuzzing Chengyu Song Slides modified from Dawn Song 2 Administrivia Homework1 Due: Friday Oct 27 11:59pm Questions regarding reading materials Talk Security R&D in a Security Company:

More information

Chapter 11 Introduction to Programming in C

Chapter 11 Introduction to Programming in C Chapter 11 Introduction to Programming in C C: A High-Level Language Gives symbolic names to values don t need to know which register or memory location Provides abstraction of underlying hardware operations

More information

A First Book of ANSI C

A First Book of ANSI C A First Book of ANSI C Fourth Edition Chapter 13 Dynamic Data Structures Objectives Introduction to Linked Lists Dynamic Memory Allocation Dynamically Linked Lists Common Programming and Compiler Errors

More information

Name :. Roll No. :... Invigilator s Signature : INTRODUCTION TO PROGRAMMING. Time Allotted : 3 Hours Full Marks : 70

Name :. Roll No. :... Invigilator s Signature : INTRODUCTION TO PROGRAMMING. Time Allotted : 3 Hours Full Marks : 70 Name :. Roll No. :..... Invigilator s Signature :.. 2011 INTRODUCTION TO PROGRAMMING Time Allotted : 3 Hours Full Marks : 70 The figures in the margin indicate full marks. Candidates are required to give

More information

JOE ROZNER RE-TARGETABLE GRAMMAR BASED TEST CASE GENERATION

JOE ROZNER RE-TARGETABLE GRAMMAR BASED TEST CASE GENERATION JOE ROZNER / @JROZNER RE-TARGETABLE GRAMMAR BASED TEST CASE GENERATION 2 TESTING PARSERS IS HARD 3 HOW WE GOT HERE Mostly black box (ish) implementation of complex languages (context-free-ish) ~35k lines

More information

SlowFuzz: Automated Domain-Independent Detection of Algorithmic Complexity Vulnerabilities

SlowFuzz: Automated Domain-Independent Detection of Algorithmic Complexity Vulnerabilities SlowFuzz: Automated Domain-Independent Detection of Algorithmic Complexity Vulnerabilities Theofilos Petsios, Jason Zhao, Angelos D. Keromytis, and Suman Jana Columbia University ACM Conference on Computer

More information

Finding media bugs in Android using file format fuzzing. Costel Maxim Intel OTC Security

Finding media bugs in Android using file format fuzzing. Costel Maxim Intel OTC Security Finding media bugs in Android using file format fuzzing Costel Maxim Intel OTC Security 1 Agenda File format fuzzing Generate high-quality corpus of files Fuzzing the Stagefright Framework Logging & Triage

More information

Security Testing. Ulf Kargén Department of Computer and Information Science (IDA) Division for Database and Information Techniques (ADIT)

Security Testing. Ulf Kargén Department of Computer and Information Science (IDA) Division for Database and Information Techniques (ADIT) Security Testing TDDC90 Software Security Ulf Kargén Department of Computer and Information Science (IDA) Division for Database and Information Techniques (ADIT) Security testing vs regular testing Regular

More information

Fuzzing For Worms 16/06/2018. Fuzzing For Worms. AFL for Linux Network Servers

Fuzzing For Worms 16/06/2018. Fuzzing For Worms. AFL for Linux Network Servers 1 AFL for Linux Network Servers 16/6/218 Fuzzing For Worms. About Me 2 1 16/6/218 SSL/TLS Recommendations // OWASP Switzerland 213 Dobin Rutishauser 2 BurpSentinel - Semi Automated Web Scanner // BSides

More information

CS 5513 Entry Quiz. Systems Programming (CS2213/CS3423))

CS 5513 Entry Quiz. Systems Programming (CS2213/CS3423)) Name (please print): CS 5513 Entry Quiz Systems Programming (CS2213/CS3423)) 1. What is a compiler? In addition to the definition, give examples of compilers you have used. A compiler is a program that

More information

Microarchitecture Overview. Performance

Microarchitecture Overview. Performance Microarchitecture Overview Prof. Scott Rixner Duncan Hall 3028 rixner@rice.edu January 18, 2005 Performance 4 Make operations faster Process improvements Circuit improvements Use more transistors to make

More information

Lab Exam 1 D [1 mark] Give an example of a sample input which would make the function

Lab Exam 1 D [1 mark] Give an example of a sample input which would make the function Grade: / 20 Lab Exam 1 D500 1. [1 mark] Give an example of a sample input which would make the function scanf( "%f", &f ) return 0? Answer: Anything that is not a floating point number such as 4.567 or

More information

Dynamic memory allocation

Dynamic memory allocation Dynamic memory allocation outline Memory allocation functions Array allocation Matrix allocation Examples Memory allocation functions (#include ) malloc() Allocates a specified number of bytes

More information

Software security, secure programming

Software security, secure programming Software security, secure programming Fuzzing and Dynamic Analysis Master on Cybersecurity Master MoSiG Academic Year 2017-2018 Outline Fuzzing (or how to cheaply produce useful program inputs) A concrete

More information

Control Flow Hijacking Attacks. Prof. Dr. Michael Backes

Control Flow Hijacking Attacks. Prof. Dr. Michael Backes Control Flow Hijacking Attacks Prof. Dr. Michael Backes Control Flow Hijacking malicious.pdf Contains bug in PDF parser Control of viewer can be hijacked Control Flow Hijacking Principles Normal Control

More information

CS 326 Operating Systems C Programming. Greg Benson Department of Computer Science University of San Francisco

CS 326 Operating Systems C Programming. Greg Benson Department of Computer Science University of San Francisco CS 326 Operating Systems C Programming Greg Benson Department of Computer Science University of San Francisco Why C? Fast (good optimizing compilers) Not too high-level (Java, Python, Lisp) Not too low-level

More information

High Performance Computing MPI and C-Language Seminars 2009

High Performance Computing MPI and C-Language Seminars 2009 High Performance Computing - Seminar Plan Welcome to the High Performance Computing seminars for 2009. Aims: Introduce the C Programming Language. Basic coverage of C and programming techniques needed

More information

Fuzzing techniques & software vulnerabilities

Fuzzing techniques & software vulnerabilities Xavier Claude Mathieu Fourcroy William Robinet Conostix S.A. 17th October 2016 Agenda 1 2 3 4 Definition Definition Origins Context Why fuzzing? Fuzzing techniques Definition Automated testing technique

More information

CAN STRACE MAKE YOU FAIL?

CAN STRACE MAKE YOU FAIL? CAN STRACE MAKE YOU FAIL? Nahim El Atmani @brokenpi_pe July 15, 2016 1 DEFINITION 1.0 strace is a diagnostic, debugging and instructional userspace utility for Linux. It is used to monitor interactions

More information

José Costa What is an embedded system? Examples of embedded systems. Characteristics of embedded systems

José Costa What is an embedded system? Examples of embedded systems. Characteristics of embedded systems José Costa (DEI/IST) What is an Embedded System? 2012-02-14 2 / 40 What is an Embedded System? José Costa Software for Embedded Systems Department of Computer Science and Engineering (DEI) Instituto Superior

More information

ST. XAVIER S COLLEGE

ST. XAVIER S COLLEGE ST. XAVIER S COLLEGE MAITIGHAR, KATHMANDU Compiler Design and Construction Lab Assignment #1 Submitted by: Aashish Raj Shrestha 013BSCCSIT002 Submitted to: Mr. Ramesh Shahi Lecturer, Department of Computer

More information

Lecture 03 Bits, Bytes and Data Types

Lecture 03 Bits, Bytes and Data Types Lecture 03 Bits, Bytes and Data Types Computer Languages A computer language is a language that is used to communicate with a machine. Like all languages, computer languages have syntax (form) and semantics

More information

Automatically Finding Patches Using Genetic Programming

Automatically Finding Patches Using Genetic Programming Automatically Finding Patches Using Genetic Programming Authors: Westley Weimer, ThanhVu Nguyen, Claire Le Goues, Stephanie Forrest Presented by: David DeBonis, Qi Lu, Shuang Yang Department of Computer

More information

Building Advanced Coverage-guided Fuzzer for Program Binaries

Building Advanced Coverage-guided Fuzzer for Program Binaries Building Advanced Coverage-guided Fuzzer for Program Binaries NGUYEN Anh Quynh WEI Lei 17/11/2017 Zero Nights, Moscow 2017 Self-introduction NGUYEN Anh Quynh, PhD

More information

CS2141 Software Development using C/C++ Debugging

CS2141 Software Development using C/C++ Debugging CS2141 Software Development using C/C++ Debugging Debugging Tips Examine the most recent change Error likely in, or exposed by, code most recently added Developing code incrementally and testing along

More information

Running a C program Compilation Python and C Variables and types Data and addresses Functions Performance. John Edgar 2

Running a C program Compilation Python and C Variables and types Data and addresses Functions Performance. John Edgar 2 CMPT 125 Running a C program Compilation Python and C Variables and types Data and addresses Functions Performance John Edgar 2 Edit or write your program Using a text editor like gedit Save program with

More information

Equivalence Class Partitioning. Equivalence Partitioning. Definition and Example. Example set of classes

Equivalence Class Partitioning. Equivalence Partitioning. Definition and Example. Example set of classes Equivalence Class Partitioning Equivalence Partitioning From S. Somé, A. Williams 1 Suppose that we were going to test a method that implements the absolute value function for integers. Definition public

More information

Microarchitecture Overview. Performance

Microarchitecture Overview. Performance Microarchitecture Overview Prof. Scott Rixner Duncan Hall 3028 rixner@rice.edu January 15, 2007 Performance 4 Make operations faster Process improvements Circuit improvements Use more transistors to make

More information

Multi-Objective Higher Order Mutation Testing with Genetic Programming

Multi-Objective Higher Order Mutation Testing with Genetic Programming Multi-Objective Higher Order Mutation Testing with Genetic Programming W. B. Langdon King s College, London W. B. Langdon, Crest 1 Introduction What is mutation testing 2 objectives: Hard to kill, little

More information

Analysis/Bug-finding/Verification for Security

Analysis/Bug-finding/Verification for Security Analysis/Bug-finding/Verification for Security VIJAY GANESH University of Waterloo Winter 2013 Analysis/Test/Verify for Security Instrument code for testing Heap memory: Purify Perl tainting (information

More information

Verification & Validation of Open Source

Verification & Validation of Open Source Verification & Validation of Open Source 2011 WORKSHOP ON SPACECRAFT FLIGHT SOFTWARE Gordon Uchenick Coverity, Inc Open Source is Ubiquitous Most commercial and proprietary software systems have some open

More information

Constant-time programming in C

Constant-time programming in C Constant-time programming in C What s our goal? Goal: Write C programs that don t leak sensitive data Assumption: no explicit leaks E.g., writing secret data to public location Approach: constant-time

More information

Chapter 11 Introduction to Programming in C

Chapter 11 Introduction to Programming in C C: A High-Level Language Chapter 11 Introduction to Programming in C Original slides from Gregory Byrd, North Carolina State University Modified slides by Chris Wilcox, Colorado State University Gives

More information

VUzzer: Application-Aware Evolutionary Fuzzing

VUzzer: Application-Aware Evolutionary Fuzzing VUzzer: Application-Aware Evolutionary Fuzzing Sanjay Rawat, Vivek Jain, Ashish Kumar, Lucian Cocojar, Cristiano Giuffrida, Herbert Bos (Presenter: Dennis Andriesse ) Vrije Universiteit Amsterdam IIIT

More information

TR-CS The rsync algorithm. Andrew Tridgell and Paul Mackerras. June 1996

TR-CS The rsync algorithm. Andrew Tridgell and Paul Mackerras. June 1996 TR-CS-96-05 The rsync algorithm Andrew Tridgell and Paul Mackerras June 1996 Joint Computer Science Technical Report Series Department of Computer Science Faculty of Engineering and Information Technology

More information

Building a Literate Parser and Proxy for DNP3. Sven M. Hallberg, Sergey Bratus,

Building a Literate Parser and Proxy for DNP3. Sven M. Hallberg, Sergey Bratus, Building a Literate Parser and Proxy for DNP3 Sven M. Hallberg, Sergey Bratus, Adam Crain Outline Parsers, security, and the LangSec viewpoint Building a safer DNP3 parser from scratch Make the parser

More information

Ricardo Rocha. Department of Computer Science Faculty of Sciences University of Porto

Ricardo Rocha. Department of Computer Science Faculty of Sciences University of Porto Ricardo Rocha Department of Computer Science Faculty of Sciences University of Porto Adapted from the slides Revisões sobre Programação em C, Sérgio Crisóstomo Compilation #include int main()

More information

Tizen/Artik IoT Lecture Chapter 3. JerryScript Parser & VM

Tizen/Artik IoT Lecture Chapter 3. JerryScript Parser & VM 1 Tizen/Artik IoT Lecture Chapter 3. JerryScript Parser & VM Sungkyunkwan University Contents JerryScript Execution Flow JerryScript Parser Execution Flow Lexing Parsing Compact Bytecode (CBC) JerryScript

More information

T Jarkko Turkulainen, F-Secure Corporation

T Jarkko Turkulainen, F-Secure Corporation T-110.6220 2010 Emulators and disassemblers Jarkko Turkulainen, F-Secure Corporation Agenda Disassemblers What is disassembly? What makes up an instruction? How disassemblers work Use of disassembly In

More information

Compiling and Interpreting Programming. Overview of Compilers and Interpreters

Compiling and Interpreting Programming. Overview of Compilers and Interpreters Copyright R.A. van Engelen, FSU Department of Computer Science, 2000 Overview of Compilers and Interpreters Common compiler and interpreter configurations Virtual machines Integrated programming environments

More information

CpSc 1010, Fall 2014 Lab 10: Command-Line Parameters (Week of 10/27/2014)

CpSc 1010, Fall 2014 Lab 10: Command-Line Parameters (Week of 10/27/2014) CpSc 1010, Fall 2014 Lab 10: Command-Line Parameters (Week of 10/27/2014) Goals Demonstrate proficiency in the use of the switch construct and in processing parameter data passed to a program via the command

More information

Orifice Flow Meter

Orifice Flow Meter

More information

Compiler Techniques MN1 The nano-c Language

Compiler Techniques MN1 The nano-c Language Compiler Techniques MN1 The nano-c Language February 8, 2005 1 Overview nano-c is a small subset of C, corresponding to a typical imperative, procedural language. The following sections describe in more

More information

Automatizing vulnerability research

Automatizing vulnerability research Innova&on & Research Symposium Cisco and Ecole Polytechnique 8-9 April 2018 CEDRIC TESSIER INSTRUMENTATION TEAM LEADER / ctessier@quarkslab.com Automatizing vulnerability research to better face new software

More information

CS155: Computer Security Spring Project #1

CS155: Computer Security Spring Project #1 CS155: Computer Security Spring 2018 Project #1 Due: Part 1: Thursday, April 12-11:59pm, Parts 2 and 3: Thursday, April 19-11:59pm. The goal of this assignment is to gain hands-on experience finding vulnerabilities

More information

White Box Testing III

White Box Testing III White Box Testing III Outline Today we continue our look at white box testing methods, with mutation testing We will look at : definition and role of mutation testing what is a mutation? how is mutation

More information

Structures, Unions Alignment, Padding, Bit Fields Access, Initialization Compound Literals Opaque Structures Summary. Structures

Structures, Unions Alignment, Padding, Bit Fields Access, Initialization Compound Literals Opaque Structures Summary. Structures Structures Proseminar C Grundlagen und Konzepte Michael Kuhn Research Group Scientific Computing Department of Informatics Faculty of Mathematics, Informatics und Natural Sciences University of Hamburg

More information

Chapter 11 Introduction to Programming in C

Chapter 11 Introduction to Programming in C C: A High-Level Language Chapter 11 Introduction to Programming in C Original slides from Gregory Byrd, North Carolina State University Modified slides by Chris Wilcox, Colorado State University! Gives

More information

TI2725-C, C programming lab, course

TI2725-C, C programming lab, course Valgrind tutorial Valgrind is a tool which can find memory leaks in your programs, such as buffer overflows and bad memory management. This document will show per example how Valgrind responds to buggy

More information

CSE 565 Computer Security Fall 2018

CSE 565 Computer Security Fall 2018 CSE 565 Computer Security Fall 2018 Lecture 16: Building Secure Software Department of Computer Science and Engineering University at Buffalo 1 Review A large number of software vulnerabilities various

More information

CS 3113 Introduction to Operating Systems Midterm October 11, 2018

CS 3113 Introduction to Operating Systems Midterm October 11, 2018 General instructions: CS 3113 Introduction to Operating Systems Midterm October 11, 2018 Please wait to open this exam booklet until you are told to do so. This examination booklet has 10 pages. You also

More information

CS 3113 Introduction to Operating Systems Midterm October 11, 2018

CS 3113 Introduction to Operating Systems Midterm October 11, 2018 General instructions: CS 3113 Introduction to Operating Systems Midterm October 11, 2018 Please wait to open this exam booklet until you are told to do so. This examination booklet has 10 pages. You also

More information

COP4020 Programming Languages. Compilers and Interpreters Robert van Engelen & Chris Lacher

COP4020 Programming Languages. Compilers and Interpreters Robert van Engelen & Chris Lacher COP4020 ming Languages Compilers and Interpreters Robert van Engelen & Chris Lacher Overview Common compiler and interpreter configurations Virtual machines Integrated development environments Compiler

More information

Software Vulnerability

Software Vulnerability Software Vulnerability Refers to a weakness in a system allowing an attacker to violate the integrity, confidentiality, access control, availability, consistency or audit mechanism of the system or the

More information

Fuzzing AOSP. AOSP for the Masses. Attack Android Right Out of the Box Dan Austin, Google. Dan Austin Google Android SDL Research Team

Fuzzing AOSP. AOSP for the Masses. Attack Android Right Out of the Box Dan Austin, Google. Dan Austin Google Android SDL Research Team Fuzzing AOSP For the Masses AOSP for the Masses Attack Android Right Out of the Box Dan Austin, Google Dan Austin Google Android SDL Research Team Exploitation: Find the Needle Needles are Interesting

More information

Singly linked lists in C.

Singly linked lists in C. Singly linked lists in C http://www.cprogramming.com/tutorial/c/lesson15.html By Alex Allain Linked lists are a way to store data with structures so that the programmer can automatically create a new place

More information

Page 1. Today. Important From Last Time. Is the assembly code right? Is the assembly code right? Which compiler is right?

Page 1. Today. Important From Last Time. Is the assembly code right? Is the assembly code right? Which compiler is right? Important From Last Time Today Embedded C Pros and cons Macros and how to avoid them Intrinsics Interrupt syntax Inline assembly Advanced C What C programs mean How to create C programs that mean nothing

More information

C Programming SYLLABUS COVERAGE SYLLABUS IN DETAILS

C Programming SYLLABUS COVERAGE SYLLABUS IN DETAILS C Programming C SYLLABUS COVERAGE Introduction to Programming Fundamentals in C Operators and Expressions Data types Input-Output Library Functions Control statements Function Storage class Pointer Pointer

More information

Chapter 1 Computer and Programming. By Zerihun Alemayehu

Chapter 1 Computer and Programming. By Zerihun Alemayehu Chapter 1 Computer and Programming By Zerihun Alemayehu What is computer? A device capable of performing computations and making logical decisions at speeds millions (even billions) of times faster than

More information

Information page for written examinations at Linköping University

Information page for written examinations at Linköping University Information page for written examinations at Linköping University Examination date 2017-01-14 Room (1) Time 8-12 Course code Exam code Course name Exam name Department Number of questions in the examination

More information

make and makefile CS 211

make and makefile CS 211 make and makefile CS 211 Steps of a C Program Compilation Step 1 Run the Preprocessor Deals with #include, #define, #ifndef, Step 2 Compile C code into Machine Code Step 2a Lexical Analysis Step 2b Parsing

More information

Coverage-Guided Fuzzing

Coverage-Guided Fuzzing Coverage-Guided Fuzzing Dynamic Coverage Static Structure Security Testing Andreas Zeller, Saarland University Smart Algorithms Our Goal We want to cause the program to fail We have seen random (unstructured)

More information

Chapter 11 Introduction to Programming in C

Chapter 11 Introduction to Programming in C Chapter 11 Introduction to Programming in C Original slides from Gregory Byrd, North Carolina State University Modified slides by Chris Wilcox, Colorado State University C: A High-Level Language! Gives

More information

SOSCON 2016 JerryScript

SOSCON 2016 JerryScript SOSCON 2016 JerryScript An ultra-lightweight JavaScript engine for the Internet of Things Samsung Electronics SRUK OSG Tilmann Scheller 18.11.2016 Overview Introduction JerryScript JerryScript Internals

More information

r.cuda.example Developing custom GRASS GIS CUDA parallel modules Andrej Osterman s51mo.net/fresnel Compiled on 1. junij 2015 at 19:11

r.cuda.example Developing custom GRASS GIS CUDA parallel modules Andrej Osterman s51mo.net/fresnel Compiled on 1. junij 2015 at 19:11 r.cuda.example Developing custom GRASS GIS CUDA parallel modules Andrej Osterman s51mo.net/fresnel Compiled on 1. junij 2015 at 19:11 Contents 1 Introduction.......................................... 3

More information

Exam 1 Prep. Dr. Demetrios Glinos University of Central Florida. COP3330 Object Oriented Programming

Exam 1 Prep. Dr. Demetrios Glinos University of Central Florida. COP3330 Object Oriented Programming Exam 1 Prep Dr. Demetrios Glinos University of Central Florida COP3330 Object Oriented Programming Progress Exam 1 is a Timed Webcourses Quiz You can find it from the "Assignments" link on Webcourses choose

More information

Introduction. 1 Measuring time. How large is the TLB? 1.1 process or wall time. 1.2 the test rig. Johan Montelius. September 20, 2018

Introduction. 1 Measuring time. How large is the TLB? 1.1 process or wall time. 1.2 the test rig. Johan Montelius. September 20, 2018 How large is the TLB? Johan Montelius September 20, 2018 Introduction The Translation Lookaside Buer, TLB, is a cache of page table entries that are used in virtual to physical address translation. Since

More information

Memory. What is memory? How is memory organized? Storage for variables, data, code etc. Text (Code) Data (Constants) BSS (Global and static variables)

Memory. What is memory? How is memory organized? Storage for variables, data, code etc. Text (Code) Data (Constants) BSS (Global and static variables) Memory Allocation Memory What is memory? Storage for variables, data, code etc. How is memory organized? Text (Code) Data (Constants) BSS (Global and static variables) Text Data BSS Heap Stack (Local variables)

More information

Automatically Finding Patches Using Genetic Programming. Westley Weimer, Claire Le Goues, ThanVu Nguyen, Stephanie Forrest

Automatically Finding Patches Using Genetic Programming. Westley Weimer, Claire Le Goues, ThanVu Nguyen, Stephanie Forrest Automatically Finding Patches Using Genetic Programming Westley Weimer, Claire Le Goues, ThanVu Nguyen, Stephanie Forrest Motivation Software Quality remains a key problem Over one half of 1 percent of

More information

Programming in C - Part 2

Programming in C - Part 2 Programming in C - Part 2 CPSC 457 Mohammad Reza Zakerinasab May 11, 2016 These slides are forked from slides created by Mike Clark Where to find these slides and related source code? http://goo.gl/k1qixb

More information

Preview from Notesale.co.uk Page 3 of 79

Preview from Notesale.co.uk Page 3 of 79 ABOUT THE TUTORIAL Computer Prgramming Tutorial Computer programming is the act of writing computer programs, which are a sequence of instructions written using a Computer Programming Language to perform

More information

Two s Complement Review. Two s Complement Review. Agenda. Agenda 6/21/2011

Two s Complement Review. Two s Complement Review. Agenda. Agenda 6/21/2011 Two s Complement Review CS 61C: Great Ideas in Computer Architecture (Machine Structures) Introduction to C (Part I) Instructor: Michael Greenbaum http://inst.eecs.berkeley.edu/~cs61c/su11 Suppose we had

More information

Recitation #11 Malloc Lab. November 7th, 2017

Recitation #11 Malloc Lab. November 7th, 2017 18-600 Recitation #11 Malloc Lab November 7th, 2017 1 2 Important Notes about Malloc Lab Malloc lab has been updated from previous years Supports a full 64 bit address space rather than 32 bit Encourages

More information

DART: Directed Automated Random Testing

DART: Directed Automated Random Testing DART: Directed Automated Random Testing Patrice Godefroid Nils Klarlund Koushik Sen Bell Labs Bell Labs UIUC Presented by Wei Fang January 22, 2015 PLDI 2005 Page 1 June 2005 Motivation Software testing:

More information

pthreads CS449 Fall 2017

pthreads CS449 Fall 2017 pthreads CS449 Fall 2017 POSIX Portable Operating System Interface Standard interface between OS and program UNIX-derived OSes mostly follow POSIX Linux, macos, Android, etc. Windows requires separate

More information

Test Automation. 20 December 2017

Test Automation. 20 December 2017 Test Automation 20 December 2017 The problem of test automation Testing has repetitive components, so automation is justified The problem is cost-benefit evaluation of automation [Kaner] Time for: test

More information

Foreword by Katie Moussouris... Acknowledgments... xvii. Introduction...xix. Chapter 1: The Basics of Networking... 1

Foreword by Katie Moussouris... Acknowledgments... xvii. Introduction...xix. Chapter 1: The Basics of Networking... 1 Brief Contents Foreword by Katie Moussouris.... xv Acknowledgments... xvii Introduction...xix Chapter 1: The Basics of Networking... 1 Chapter 2: Capturing Application Traffic... 11 Chapter 3: Network

More information

What the CPU Sees Basic Flow Control Conditional Flow Control Structured Flow Control Functions and Scope. C Flow Control.

What the CPU Sees Basic Flow Control Conditional Flow Control Structured Flow Control Functions and Scope. C Flow Control. C Flow Control David Chisnall February 1, 2011 Outline What the CPU Sees Basic Flow Control Conditional Flow Control Structured Flow Control Functions and Scope Disclaimer! These slides contain a lot of

More information

Topics so far. Review. scanf/fscanf. How data is read 1/20/2011. All code handin sare at /afs/andrew/course/15/123/handin

Topics so far. Review. scanf/fscanf. How data is read 1/20/2011. All code handin sare at /afs/andrew/course/15/123/handin 15-123 Effective Programming in C and Unix Announcements SL2 is due Thursday 1/20 midnight Complete the Academic Honesty Form in class All code downloads are from /afs/andrew/course/15/123/download All

More information

Chapter 11 Introduction to Programming in C

Chapter 11 Introduction to Programming in C Chapter 11 Introduction to Programming in C Original slides from Gregory Byrd, North Carolina State University Modified by Chris Wilcox, Yashwant Malaiya Colorado State University C: A High-Level Language

More information

CSE 153 Design of Operating Systems

CSE 153 Design of Operating Systems CSE 153 Design of Operating Systems Winter 19 Lecture 7/8: Synchronization (1) Administrivia How is Lab going? Be prepared with questions for this weeks Lab My impression from TAs is that you are on track

More information

143A: Principles of Operating Systems. Lecture 5: Calling conventions. Anton Burtsev January, 2017

143A: Principles of Operating Systems. Lecture 5: Calling conventions. Anton Burtsev January, 2017 143A: Principles of Operating Systems Lecture 5: Calling conventions Anton Burtsev January, 2017 Stack and procedure calls Stack Main purpose: Store the return address for the current procedure Caller

More information
2024 © technodocbox.com Privacy Policy | Terms of Service | Feedback