Smarter fuzzing using sound and precise static analyzers
|
|
- Philip Ray
- 5 years ago
- Views:
Transcription
1 Smarter fuzzing using sound and precise static analyzers Pascal Cuoq, Chief Scientist, TrustInSoft January 31, 2017 Pascal Cuoq, Chief Scientist, TrustInSoft smarter fuzzing January 31, / 8
2 Introduction Basis of this presentation: Result graphs for an abstract interpretation-based static analyzer JFLA 2017 Pascal Cuoq, Chief Scientist, TrustInSoft smarter fuzzing January 31, / 8
3 Fuzzing American Fuzzy Lop (a-fuzz) Work of Michal Zalewski (lcamtuf) Now a constellation of tools, some contributed by others Easy to use compile target with a-gcc (instrumenting compiler) let a-fuzz discover input les that explore program behaviors Pascal Cuoq, Chief Scientist, TrustInSoft smarter fuzzing January 31, / 8
4 Fuzzing American Fuzzy Lop (a-fuzz) Work of Michal Zalewski (lcamtuf) Now a constellation of tools, some contributed by others Easy to use compile target with a-gcc (instrumenting compiler) let a-fuzz discover input les that explore program behaviors Genetic: new inputs are generated by random mutations of existing inputs Pascal Cuoq, Chief Scientist, TrustInSoft smarter fuzzing January 31, / 8
5 Fuzzing Example 1: the ASN.1 parser libksba a-fuzz generates a 1KB le. Parsed as a X.509 certicate on a 128GiB workstation, parser allocates 60GiB several seconds to initialize this memory Denial of Service (details: ) Pascal Cuoq, Chief Scientist, TrustInSoft smarter fuzzing January 31, / 8
6 Fuzzing Example 2: mbedtls ASN.1 parser int main(int c, char*v[]) {... int ret = mbedtls_x509_crt_parse_file( &crt, v[1] ); if( ret!= 0 ) { printf( "failed\n" ); } else { printf( "success\n" ); uint32_t flags; ret = mbedtls_x509_crt_verify( &crt, &crt, NULL, NULL, &flags } Function crt_parse_file is very well-tested by AFL-generated inputs Pascal Cuoq, Chief Scientist, TrustInSoft smarter fuzzing January 31, / 8
7 Fuzzing Example 2: mbedtls ASN.1 parser int main(int c, char*v[]) {... int ret = mbedtls_x509_crt_parse_file( &crt, v[1] ); if( ret!= 0 ) { } else { } printf( "failed\n" ); printf( "success\n" ); uint32_t flags; ret = mbedtls_x509_crt_verify( &crt, &crt, NULL, NULL, &flags Function crt_parse_file is very well-tested by AFL-generated inputs Problem: only a few tests nd their way through to crt_verify Pascal Cuoq, Chief Scientist, TrustInSoft smarter fuzzing January 31, / 8
8 Improving fuzzing First example: dicult to reproduce: requires 60GiB or RAM Pascal Cuoq, Chief Scientist, TrustInSoft smarter fuzzing January 31, / 8
9 Improving fuzzing First example: dicult to reproduce: requires 60GiB or RAM Solution: whole-program dependency analysis Identies bytes in input le that are decoded into a size passed to calloc Pascal Cuoq, Chief Scientist, TrustInSoft smarter fuzzing January 31, / 8
10 Improving fuzzing First example: dicult to reproduce: requires 60GiB or RAM Solution: whole-program dependency analysis Identies bytes in input le that are decoded into a size passed to calloc Second example: adequate coverage requires too much patience Pascal Cuoq, Chief Scientist, TrustInSoft smarter fuzzing January 31, / 8
11 Improving fuzzing First example: dicult to reproduce: requires 60GiB or RAM Solution: whole-program dependency analysis Identies bytes in input le that are decoded into a size passed to calloc Second example: adequate coverage requires too much patience Solution: whole-program dependency analysis Identies input bytes that can be changed while still passing validation focus on exploring second phase of program, with each testcase Pascal Cuoq, Chief Scientist, TrustInSoft smarter fuzzing January 31, / 8
12 Whole-program dependency analysis Whole-program dependencies analysis data dependencies: y is computed from z path dependencies: y is computed dierently depending on c address dependencies: y is dierent depending where p points if (c) y = 0; else y = z + *p; int res = f(); if (res) error(); else g(y); Pascal Cuoq, Chief Scientist, TrustInSoft smarter fuzzing January 31, / 8
13 Conclusion ABS as a metaphor for sound static analysis The Anti-lock Breaking System initially was mostly reserved to aircrafts Concorde sported the rst fully electronic ABS system Pascal Cuoq, Chief Scientist, TrustInSoft smarter fuzzing January 31, / 8
14 Conclusion ABS as a metaphor for sound static analysis The Anti-lock Breaking System initially was mostly reserved to aircrafts Concorde sported the rst fully electronic ABS system Then race cars Pascal Cuoq, Chief Scientist, TrustInSoft smarter fuzzing January 31, / 8
15 Conclusion ABS as a metaphor for sound static analysis The Anti-lock Breaking System initially was mostly reserved to aircrafts Concorde sported the rst fully electronic ABS system Then race cars Then everybody's car Pascal Cuoq, Chief Scientist, TrustInSoft smarter fuzzing January 31, / 8
16 Conclusion ABS as a metaphor for sound static analysis The Anti-lock Breaking System initially was mostly reserved to aircrafts Concorde sported the rst fully electronic ABS system Then race cars Then everybody's car Fuzzing does not guarantee to nd all bugs Wouldn't do a precise, sound dependency analysis just to help with fuzzing But if you have such an analysis, it really helps Pascal Cuoq, Chief Scientist, TrustInSoft smarter fuzzing January 31, / 8
Fuzzing. compass-security.com 1
Fuzzing compass-security.com 1 Fuzzing Finding bugs by bombarding target with nonconform data Think: Flip a few bits in a PDF, then start Acrobat with that PDF Just more automated Steps: Create input corpus
More informationThe Fuzzing Project https://fuzzing-project.org/
The Fuzzing Project https://fuzzing-project.org/ Hanno Böck 1 / 18 Motivation Motivation Fuzzing C Memory Bugs Invalid memory access example Do you use tools like strings, less, file, convert, ldd, unzip,...?
More informationWriting a fuzzer. for any language with american fuzzy lop. Ariel Twistlock Labs
Writing a fuzzer for any language with american fuzzy lop Ariel Zelivansky @ Twistlock Labs What is fuzzing? Technique for testing software by providing it with random, unexpected or invalid input Dumb
More informationRabbit in the Loop. A primer on feedback directed fuzzing using American Fuzzy Lop. by Kevin Läufer
Rabbit in the Loop A primer on feedback directed fuzzing using American Fuzzy Lop Abstract by Kevin Läufer This guide aims to provide the reader with a good intuition about the
More informationCoverage-guided Fuzzing of Individual Functions Without Source Code
Coverage-guided Fuzzing of Individual Functions Without Source Code Alessandro Di Federico Politecnico di Milano October 25, 2018 1 Index Coverage-guided fuzzing An overview of rev.ng Experimental results
More informationAutomatic program generation for detecting vulnerabilities and errors in compilers and interpreters
Automatic program generation for detecting vulnerabilities and errors in compilers and interpreters 0368-3500 Nurit Dor Shir Landau-Feibish Noam Rinetzky Preliminaries Students will group in teams of 2-3
More informationKLEE Workshop Feeding the Fuzzers. with KLEE. Marek Zmysłowski MOBILE SECURITY TEAM R&D INSTITUTE POLAND
Feeding the Fuzzers with KLEE Marek Zmysłowski MOBILE SECURITY TEAM R&D INSTITUTE POLAND This presentation was created with help and commitment of the Samsung R&D Poland Mobile Security team. KLEE and
More informationresidual residual program final result
C-Mix: Making Easily Maintainable C-Programs run FAST The C-Mix Group, DIKU, University of Copenhagen Abstract C-Mix is a tool based on state-of-the-art technology that solves the dilemma of whether to
More informationNAME gcov coverage testing tool SYNOPSIS
NAME gcov coverage testing tool SYNOPSIS gcov [ v version] [ h help] [ a all blocks] [ b branch probabilities] [ c branch counts] [ n no output] [ l long le names] [ p preserve paths] [ f function summaries]
More informationlogistics: ROP assignment
bug-finding 1 logistics: ROP assignment 2 2013 memory safety landscape 3 2013 memory safety landscape 4 different design points memory safety most extreme disallow out of bounds usually even making out-of-bounds
More informationCopyright 2015 MathEmbedded Ltd.r. Finding security vulnerabilities by fuzzing and dynamic code analysis
Finding security vulnerabilities by fuzzing and dynamic code analysis Security Vulnerabilities Top code security vulnerabilities don t change much: Security Vulnerabilities Top code security vulnerabilities
More informationStructure-aware fuzzing
Structure-aware fuzzing for real-world projects Réka Kovács Eötvös Loránd University, Hungary rekanikolett@gmail.com 1 Overview tutorial, no groundbreaking discoveries Motivation growing code size -> growing
More informationChapter 11 Introduction to Programming in C
Chapter 11 Introduction to Programming in C C: A High-Level Language Gives symbolic names to values don t need to know which register or memory location Provides abstraction of underlying hardware operations
More informationApplications. Cloud. See voting example (DC Internet voting pilot) Select * from userinfo WHERE id = %%% (variable)
Software Security Requirements General Methodologies Hardware Firmware Software Protocols Procedure s Applications OS Cloud Attack Trees is one of the inside requirement 1. Attacks 2. Evaluation 3. Mitigation
More informationImportant From Last Time
Important From Last Time Embedded C Pros and cons Macros and how to avoid them Intrinsics Interrupt syntax Inline assembly Today Advanced C What C programs mean How to create C programs that mean nothing
More informationImportant From Last Time
Important From Last Time Embedded C Ø Pros and cons Macros and how to avoid them Intrinsics Interrupt syntax Inline assembly Today Advanced C What C programs mean How to create C programs that mean nothing
More informationReverse Engineering with a CASE Tool. Bret Johnson. Research advisors: Spencer Rugaber and Rich LeBlanc. October 6, Abstract
Reverse Engineering with a CASE Tool Bret Johnson Research advisors: Spencer Rugaber and Rich LeBlanc October 6, 994 Abstract We examine using a CASE tool, Interactive Development Environment's Software
More informationCS 161 Computer Security
Popa & Wagner Spring 2016 CS 161 Computer Security Homework 2 Due: Monday, February 22nd, at 11:59pm Instructions. This homework is due Monday, February 22nd, at 11:59pm. It must be submitted electronically
More informationSoftware Security IV: Fuzzing
1 Software Security IV: Fuzzing Chengyu Song Slides modified from Dawn Song 2 Administrivia Homework1 Due: Friday Oct 27 11:59pm Questions regarding reading materials Talk Security R&D in a Security Company:
More informationChapter 11 Introduction to Programming in C
Chapter 11 Introduction to Programming in C C: A High-Level Language Gives symbolic names to values don t need to know which register or memory location Provides abstraction of underlying hardware operations
More informationA First Book of ANSI C
A First Book of ANSI C Fourth Edition Chapter 13 Dynamic Data Structures Objectives Introduction to Linked Lists Dynamic Memory Allocation Dynamically Linked Lists Common Programming and Compiler Errors
More informationName :. Roll No. :... Invigilator s Signature : INTRODUCTION TO PROGRAMMING. Time Allotted : 3 Hours Full Marks : 70
Name :. Roll No. :..... Invigilator s Signature :.. 2011 INTRODUCTION TO PROGRAMMING Time Allotted : 3 Hours Full Marks : 70 The figures in the margin indicate full marks. Candidates are required to give
More informationJOE ROZNER RE-TARGETABLE GRAMMAR BASED TEST CASE GENERATION
JOE ROZNER / @JROZNER RE-TARGETABLE GRAMMAR BASED TEST CASE GENERATION 2 TESTING PARSERS IS HARD 3 HOW WE GOT HERE Mostly black box (ish) implementation of complex languages (context-free-ish) ~35k lines
More informationSlowFuzz: Automated Domain-Independent Detection of Algorithmic Complexity Vulnerabilities
SlowFuzz: Automated Domain-Independent Detection of Algorithmic Complexity Vulnerabilities Theofilos Petsios, Jason Zhao, Angelos D. Keromytis, and Suman Jana Columbia University ACM Conference on Computer
More informationFinding media bugs in Android using file format fuzzing. Costel Maxim Intel OTC Security
Finding media bugs in Android using file format fuzzing Costel Maxim Intel OTC Security 1 Agenda File format fuzzing Generate high-quality corpus of files Fuzzing the Stagefright Framework Logging & Triage
More informationSecurity Testing. Ulf Kargén Department of Computer and Information Science (IDA) Division for Database and Information Techniques (ADIT)
Security Testing TDDC90 Software Security Ulf Kargén Department of Computer and Information Science (IDA) Division for Database and Information Techniques (ADIT) Security testing vs regular testing Regular
More informationFuzzing For Worms 16/06/2018. Fuzzing For Worms. AFL for Linux Network Servers
1 AFL for Linux Network Servers 16/6/218 Fuzzing For Worms. About Me 2 1 16/6/218 SSL/TLS Recommendations // OWASP Switzerland 213 Dobin Rutishauser 2 BurpSentinel - Semi Automated Web Scanner // BSides
More informationCS 5513 Entry Quiz. Systems Programming (CS2213/CS3423))
Name (please print): CS 5513 Entry Quiz Systems Programming (CS2213/CS3423)) 1. What is a compiler? In addition to the definition, give examples of compilers you have used. A compiler is a program that
More informationMicroarchitecture Overview. Performance
Microarchitecture Overview Prof. Scott Rixner Duncan Hall 3028 rixner@rice.edu January 18, 2005 Performance 4 Make operations faster Process improvements Circuit improvements Use more transistors to make
More informationLab Exam 1 D [1 mark] Give an example of a sample input which would make the function
Grade: / 20 Lab Exam 1 D500 1. [1 mark] Give an example of a sample input which would make the function scanf( "%f", &f ) return 0? Answer: Anything that is not a floating point number such as 4.567 or
More informationDynamic memory allocation
Dynamic memory allocation outline Memory allocation functions Array allocation Matrix allocation Examples Memory allocation functions (#include ) malloc() Allocates a specified number of bytes
More informationSoftware security, secure programming
Software security, secure programming Fuzzing and Dynamic Analysis Master on Cybersecurity Master MoSiG Academic Year 2017-2018 Outline Fuzzing (or how to cheaply produce useful program inputs) A concrete
More informationControl Flow Hijacking Attacks. Prof. Dr. Michael Backes
Control Flow Hijacking Attacks Prof. Dr. Michael Backes Control Flow Hijacking malicious.pdf Contains bug in PDF parser Control of viewer can be hijacked Control Flow Hijacking Principles Normal Control
More informationCS 326 Operating Systems C Programming. Greg Benson Department of Computer Science University of San Francisco
CS 326 Operating Systems C Programming Greg Benson Department of Computer Science University of San Francisco Why C? Fast (good optimizing compilers) Not too high-level (Java, Python, Lisp) Not too low-level
More informationHigh Performance Computing MPI and C-Language Seminars 2009
High Performance Computing - Seminar Plan Welcome to the High Performance Computing seminars for 2009. Aims: Introduce the C Programming Language. Basic coverage of C and programming techniques needed
More informationFuzzing techniques & software vulnerabilities
Xavier Claude Mathieu Fourcroy William Robinet Conostix S.A. 17th October 2016 Agenda 1 2 3 4 Definition Definition Origins Context Why fuzzing? Fuzzing techniques Definition Automated testing technique
More informationCAN STRACE MAKE YOU FAIL?
CAN STRACE MAKE YOU FAIL? Nahim El Atmani @brokenpi_pe July 15, 2016 1 DEFINITION 1.0 strace is a diagnostic, debugging and instructional userspace utility for Linux. It is used to monitor interactions
More informationJosé Costa What is an embedded system? Examples of embedded systems. Characteristics of embedded systems
José Costa (DEI/IST) What is an Embedded System? 2012-02-14 2 / 40 What is an Embedded System? José Costa Software for Embedded Systems Department of Computer Science and Engineering (DEI) Instituto Superior
More informationST. XAVIER S COLLEGE
ST. XAVIER S COLLEGE MAITIGHAR, KATHMANDU Compiler Design and Construction Lab Assignment #1 Submitted by: Aashish Raj Shrestha 013BSCCSIT002 Submitted to: Mr. Ramesh Shahi Lecturer, Department of Computer
More informationLecture 03 Bits, Bytes and Data Types
Lecture 03 Bits, Bytes and Data Types Computer Languages A computer language is a language that is used to communicate with a machine. Like all languages, computer languages have syntax (form) and semantics
More informationAutomatically Finding Patches Using Genetic Programming
Automatically Finding Patches Using Genetic Programming Authors: Westley Weimer, ThanhVu Nguyen, Claire Le Goues, Stephanie Forrest Presented by: David DeBonis, Qi Lu, Shuang Yang Department of Computer
More informationBuilding Advanced Coverage-guided Fuzzer for Program Binaries
Building Advanced Coverage-guided Fuzzer for Program Binaries NGUYEN Anh Quynh WEI Lei 17/11/2017 Zero Nights, Moscow 2017 Self-introduction NGUYEN Anh Quynh, PhD
More informationCS2141 Software Development using C/C++ Debugging
CS2141 Software Development using C/C++ Debugging Debugging Tips Examine the most recent change Error likely in, or exposed by, code most recently added Developing code incrementally and testing along
More informationRunning a C program Compilation Python and C Variables and types Data and addresses Functions Performance. John Edgar 2
CMPT 125 Running a C program Compilation Python and C Variables and types Data and addresses Functions Performance John Edgar 2 Edit or write your program Using a text editor like gedit Save program with
More informationEquivalence Class Partitioning. Equivalence Partitioning. Definition and Example. Example set of classes
Equivalence Class Partitioning Equivalence Partitioning From S. Somé, A. Williams 1 Suppose that we were going to test a method that implements the absolute value function for integers. Definition public
More informationMicroarchitecture Overview. Performance
Microarchitecture Overview Prof. Scott Rixner Duncan Hall 3028 rixner@rice.edu January 15, 2007 Performance 4 Make operations faster Process improvements Circuit improvements Use more transistors to make
More informationMulti-Objective Higher Order Mutation Testing with Genetic Programming
Multi-Objective Higher Order Mutation Testing with Genetic Programming W. B. Langdon King s College, London W. B. Langdon, Crest 1 Introduction What is mutation testing 2 objectives: Hard to kill, little
More informationAnalysis/Bug-finding/Verification for Security
Analysis/Bug-finding/Verification for Security VIJAY GANESH University of Waterloo Winter 2013 Analysis/Test/Verify for Security Instrument code for testing Heap memory: Purify Perl tainting (information
More informationVerification & Validation of Open Source
Verification & Validation of Open Source 2011 WORKSHOP ON SPACECRAFT FLIGHT SOFTWARE Gordon Uchenick Coverity, Inc Open Source is Ubiquitous Most commercial and proprietary software systems have some open
More informationConstant-time programming in C
Constant-time programming in C What s our goal? Goal: Write C programs that don t leak sensitive data Assumption: no explicit leaks E.g., writing secret data to public location Approach: constant-time
More informationChapter 11 Introduction to Programming in C
C: A High-Level Language Chapter 11 Introduction to Programming in C Original slides from Gregory Byrd, North Carolina State University Modified slides by Chris Wilcox, Colorado State University Gives
More informationVUzzer: Application-Aware Evolutionary Fuzzing
VUzzer: Application-Aware Evolutionary Fuzzing Sanjay Rawat, Vivek Jain, Ashish Kumar, Lucian Cocojar, Cristiano Giuffrida, Herbert Bos (Presenter: Dennis Andriesse ) Vrije Universiteit Amsterdam IIIT
More informationTR-CS The rsync algorithm. Andrew Tridgell and Paul Mackerras. June 1996
TR-CS-96-05 The rsync algorithm Andrew Tridgell and Paul Mackerras June 1996 Joint Computer Science Technical Report Series Department of Computer Science Faculty of Engineering and Information Technology
More informationBuilding a Literate Parser and Proxy for DNP3. Sven M. Hallberg, Sergey Bratus,
Building a Literate Parser and Proxy for DNP3 Sven M. Hallberg, Sergey Bratus, Adam Crain Outline Parsers, security, and the LangSec viewpoint Building a safer DNP3 parser from scratch Make the parser
More informationRicardo Rocha. Department of Computer Science Faculty of Sciences University of Porto
Ricardo Rocha Department of Computer Science Faculty of Sciences University of Porto Adapted from the slides Revisões sobre Programação em C, Sérgio Crisóstomo Compilation #include int main()
More informationTizen/Artik IoT Lecture Chapter 3. JerryScript Parser & VM
1 Tizen/Artik IoT Lecture Chapter 3. JerryScript Parser & VM Sungkyunkwan University Contents JerryScript Execution Flow JerryScript Parser Execution Flow Lexing Parsing Compact Bytecode (CBC) JerryScript
More informationT Jarkko Turkulainen, F-Secure Corporation
T-110.6220 2010 Emulators and disassemblers Jarkko Turkulainen, F-Secure Corporation Agenda Disassemblers What is disassembly? What makes up an instruction? How disassemblers work Use of disassembly In
More informationCompiling and Interpreting Programming. Overview of Compilers and Interpreters
Copyright R.A. van Engelen, FSU Department of Computer Science, 2000 Overview of Compilers and Interpreters Common compiler and interpreter configurations Virtual machines Integrated programming environments
More informationCpSc 1010, Fall 2014 Lab 10: Command-Line Parameters (Week of 10/27/2014)
CpSc 1010, Fall 2014 Lab 10: Command-Line Parameters (Week of 10/27/2014) Goals Demonstrate proficiency in the use of the switch construct and in processing parameter data passed to a program via the command
More informationCompiler Techniques MN1 The nano-c Language
Compiler Techniques MN1 The nano-c Language February 8, 2005 1 Overview nano-c is a small subset of C, corresponding to a typical imperative, procedural language. The following sections describe in more
More informationAutomatizing vulnerability research
Innova&on & Research Symposium Cisco and Ecole Polytechnique 8-9 April 2018 CEDRIC TESSIER INSTRUMENTATION TEAM LEADER / ctessier@quarkslab.com Automatizing vulnerability research to better face new software
More informationCS155: Computer Security Spring Project #1
CS155: Computer Security Spring 2018 Project #1 Due: Part 1: Thursday, April 12-11:59pm, Parts 2 and 3: Thursday, April 19-11:59pm. The goal of this assignment is to gain hands-on experience finding vulnerabilities
More informationWhite Box Testing III
White Box Testing III Outline Today we continue our look at white box testing methods, with mutation testing We will look at : definition and role of mutation testing what is a mutation? how is mutation
More informationStructures, Unions Alignment, Padding, Bit Fields Access, Initialization Compound Literals Opaque Structures Summary. Structures
Structures Proseminar C Grundlagen und Konzepte Michael Kuhn Research Group Scientific Computing Department of Informatics Faculty of Mathematics, Informatics und Natural Sciences University of Hamburg
More informationChapter 11 Introduction to Programming in C
C: A High-Level Language Chapter 11 Introduction to Programming in C Original slides from Gregory Byrd, North Carolina State University Modified slides by Chris Wilcox, Colorado State University! Gives
More informationTI2725-C, C programming lab, course
Valgrind tutorial Valgrind is a tool which can find memory leaks in your programs, such as buffer overflows and bad memory management. This document will show per example how Valgrind responds to buggy
More informationCSE 565 Computer Security Fall 2018
CSE 565 Computer Security Fall 2018 Lecture 16: Building Secure Software Department of Computer Science and Engineering University at Buffalo 1 Review A large number of software vulnerabilities various
More informationCS 3113 Introduction to Operating Systems Midterm October 11, 2018
General instructions: CS 3113 Introduction to Operating Systems Midterm October 11, 2018 Please wait to open this exam booklet until you are told to do so. This examination booklet has 10 pages. You also
More informationCS 3113 Introduction to Operating Systems Midterm October 11, 2018
General instructions: CS 3113 Introduction to Operating Systems Midterm October 11, 2018 Please wait to open this exam booklet until you are told to do so. This examination booklet has 10 pages. You also
More informationCOP4020 Programming Languages. Compilers and Interpreters Robert van Engelen & Chris Lacher
COP4020 ming Languages Compilers and Interpreters Robert van Engelen & Chris Lacher Overview Common compiler and interpreter configurations Virtual machines Integrated development environments Compiler
More informationSoftware Vulnerability
Software Vulnerability Refers to a weakness in a system allowing an attacker to violate the integrity, confidentiality, access control, availability, consistency or audit mechanism of the system or the
More informationFuzzing AOSP. AOSP for the Masses. Attack Android Right Out of the Box Dan Austin, Google. Dan Austin Google Android SDL Research Team
Fuzzing AOSP For the Masses AOSP for the Masses Attack Android Right Out of the Box Dan Austin, Google Dan Austin Google Android SDL Research Team Exploitation: Find the Needle Needles are Interesting
More informationSingly linked lists in C.
Singly linked lists in C http://www.cprogramming.com/tutorial/c/lesson15.html By Alex Allain Linked lists are a way to store data with structures so that the programmer can automatically create a new place
More informationPage 1. Today. Important From Last Time. Is the assembly code right? Is the assembly code right? Which compiler is right?
Important From Last Time Today Embedded C Pros and cons Macros and how to avoid them Intrinsics Interrupt syntax Inline assembly Advanced C What C programs mean How to create C programs that mean nothing
More informationC Programming SYLLABUS COVERAGE SYLLABUS IN DETAILS
C Programming C SYLLABUS COVERAGE Introduction to Programming Fundamentals in C Operators and Expressions Data types Input-Output Library Functions Control statements Function Storage class Pointer Pointer
More informationChapter 1 Computer and Programming. By Zerihun Alemayehu
Chapter 1 Computer and Programming By Zerihun Alemayehu What is computer? A device capable of performing computations and making logical decisions at speeds millions (even billions) of times faster than
More informationInformation page for written examinations at Linköping University
Information page for written examinations at Linköping University Examination date 2017-01-14 Room (1) Time 8-12 Course code Exam code Course name Exam name Department Number of questions in the examination
More informationmake and makefile CS 211
make and makefile CS 211 Steps of a C Program Compilation Step 1 Run the Preprocessor Deals with #include, #define, #ifndef, Step 2 Compile C code into Machine Code Step 2a Lexical Analysis Step 2b Parsing
More informationCoverage-Guided Fuzzing
Coverage-Guided Fuzzing Dynamic Coverage Static Structure Security Testing Andreas Zeller, Saarland University Smart Algorithms Our Goal We want to cause the program to fail We have seen random (unstructured)
More informationChapter 11 Introduction to Programming in C
Chapter 11 Introduction to Programming in C Original slides from Gregory Byrd, North Carolina State University Modified slides by Chris Wilcox, Colorado State University C: A High-Level Language! Gives
More informationSOSCON 2016 JerryScript
SOSCON 2016 JerryScript An ultra-lightweight JavaScript engine for the Internet of Things Samsung Electronics SRUK OSG Tilmann Scheller 18.11.2016 Overview Introduction JerryScript JerryScript Internals
More informationr.cuda.example Developing custom GRASS GIS CUDA parallel modules Andrej Osterman s51mo.net/fresnel Compiled on 1. junij 2015 at 19:11
r.cuda.example Developing custom GRASS GIS CUDA parallel modules Andrej Osterman s51mo.net/fresnel Compiled on 1. junij 2015 at 19:11 Contents 1 Introduction.......................................... 3
More informationExam 1 Prep. Dr. Demetrios Glinos University of Central Florida. COP3330 Object Oriented Programming
Exam 1 Prep Dr. Demetrios Glinos University of Central Florida COP3330 Object Oriented Programming Progress Exam 1 is a Timed Webcourses Quiz You can find it from the "Assignments" link on Webcourses choose
More informationIntroduction. 1 Measuring time. How large is the TLB? 1.1 process or wall time. 1.2 the test rig. Johan Montelius. September 20, 2018
How large is the TLB? Johan Montelius September 20, 2018 Introduction The Translation Lookaside Buer, TLB, is a cache of page table entries that are used in virtual to physical address translation. Since
More informationMemory. What is memory? How is memory organized? Storage for variables, data, code etc. Text (Code) Data (Constants) BSS (Global and static variables)
Memory Allocation Memory What is memory? Storage for variables, data, code etc. How is memory organized? Text (Code) Data (Constants) BSS (Global and static variables) Text Data BSS Heap Stack (Local variables)
More informationAutomatically Finding Patches Using Genetic Programming. Westley Weimer, Claire Le Goues, ThanVu Nguyen, Stephanie Forrest
Automatically Finding Patches Using Genetic Programming Westley Weimer, Claire Le Goues, ThanVu Nguyen, Stephanie Forrest Motivation Software Quality remains a key problem Over one half of 1 percent of
More informationProgramming in C - Part 2
Programming in C - Part 2 CPSC 457 Mohammad Reza Zakerinasab May 11, 2016 These slides are forked from slides created by Mike Clark Where to find these slides and related source code? http://goo.gl/k1qixb
More informationPreview from Notesale.co.uk Page 3 of 79
ABOUT THE TUTORIAL Computer Prgramming Tutorial Computer programming is the act of writing computer programs, which are a sequence of instructions written using a Computer Programming Language to perform
More informationTwo s Complement Review. Two s Complement Review. Agenda. Agenda 6/21/2011
Two s Complement Review CS 61C: Great Ideas in Computer Architecture (Machine Structures) Introduction to C (Part I) Instructor: Michael Greenbaum http://inst.eecs.berkeley.edu/~cs61c/su11 Suppose we had
More informationRecitation #11 Malloc Lab. November 7th, 2017
18-600 Recitation #11 Malloc Lab November 7th, 2017 1 2 Important Notes about Malloc Lab Malloc lab has been updated from previous years Supports a full 64 bit address space rather than 32 bit Encourages
More informationDART: Directed Automated Random Testing
DART: Directed Automated Random Testing Patrice Godefroid Nils Klarlund Koushik Sen Bell Labs Bell Labs UIUC Presented by Wei Fang January 22, 2015 PLDI 2005 Page 1 June 2005 Motivation Software testing:
More informationpthreads CS449 Fall 2017
pthreads CS449 Fall 2017 POSIX Portable Operating System Interface Standard interface between OS and program UNIX-derived OSes mostly follow POSIX Linux, macos, Android, etc. Windows requires separate
More informationTest Automation. 20 December 2017
Test Automation 20 December 2017 The problem of test automation Testing has repetitive components, so automation is justified The problem is cost-benefit evaluation of automation [Kaner] Time for: test
More informationForeword by Katie Moussouris... Acknowledgments... xvii. Introduction...xix. Chapter 1: The Basics of Networking... 1
Brief Contents Foreword by Katie Moussouris.... xv Acknowledgments... xvii Introduction...xix Chapter 1: The Basics of Networking... 1 Chapter 2: Capturing Application Traffic... 11 Chapter 3: Network
More informationWhat the CPU Sees Basic Flow Control Conditional Flow Control Structured Flow Control Functions and Scope. C Flow Control.
C Flow Control David Chisnall February 1, 2011 Outline What the CPU Sees Basic Flow Control Conditional Flow Control Structured Flow Control Functions and Scope Disclaimer! These slides contain a lot of
More informationTopics so far. Review. scanf/fscanf. How data is read 1/20/2011. All code handin sare at /afs/andrew/course/15/123/handin
15-123 Effective Programming in C and Unix Announcements SL2 is due Thursday 1/20 midnight Complete the Academic Honesty Form in class All code downloads are from /afs/andrew/course/15/123/download All
More informationChapter 11 Introduction to Programming in C
Chapter 11 Introduction to Programming in C Original slides from Gregory Byrd, North Carolina State University Modified by Chris Wilcox, Yashwant Malaiya Colorado State University C: A High-Level Language
More informationCSE 153 Design of Operating Systems
CSE 153 Design of Operating Systems Winter 19 Lecture 7/8: Synchronization (1) Administrivia How is Lab going? Be prepared with questions for this weeks Lab My impression from TAs is that you are on track
More information143A: Principles of Operating Systems. Lecture 5: Calling conventions. Anton Burtsev January, 2017
143A: Principles of Operating Systems Lecture 5: Calling conventions Anton Burtsev January, 2017 Stack and procedure calls Stack Main purpose: Store the return address for the current procedure Caller
More information