1,721,064 research outputs found
StateAFL: Greybox Fuzzing for Stateful Network Servers
Full text linkFuzzing network servers is a technical challenge, since the behavior of the
target server depends on its state over a sequence of multiple messages.
Existing solutions are costly and difficult to use, as they rely on
manually-customized artifacts such as protocol models, protocol parsers, and
learning frameworks. The aim of this work is to develop a greybox fuzzer
(StateaAFL) for network servers that only relies on lightweight analysis of the
target program, with no manual customization, in a similar way to what the AFL
fuzzer achieved for stateless programs. The proposed fuzzer instruments the
target server at compile-time, to insert probes on memory allocations and
network I/O operations. At run-time, it infers the current protocol state of
the target server by taking snapshots of long-lived memory areas, and by
applying a fuzzy hashing algorithm (Locality-Sensitive Hashing) to map memory
contents to a unique state identifier. The fuzzer incrementally builds a
protocol state machine for guiding fuzzing.
We implemented and released StateaAFL as open-source software. As a basis for
reproducible experimentation, we integrated StateaAFL with a large set of
network servers for popular protocols, with no manual customization to
accomodate for the protocol. The experimental results show that the fuzzer can
be applied with no manual customization on a large set of network servers for
popular protocols, and that it can achieve comparable, or even better code
coverage and bug detection than customized fuzzing. Moreover, our qualitative
analysis shows that states inferred from memory better reflect the server
behavior than only using response codes from messages.Comment: The tool is available at https://github.com/stateafl/stateaf
Fault Injection for Software Certification
No full textAs software becomes more pervasive and complex, it’s increasingly important to assure that a system will be safe even in the presence of residual software faults (or bugs). Software fault injection consists of the deliberate introduction of software faults for assessing the impact of faulty software on a system and improving its fault tolerance. SFI has been included as a recommended practice in recent safety standards, and has therefore gained interest among practitioners, but it’s still unclear how it can be effectively used for certification purposes. In this article, the authors discuss the adoption of SFI in the context of safety certification, present a tool for the injection of realistic software faults, and show the usage of that tool in evaluating and improving the robustness of an operating system used in the avionic domain
Advancing Fault Injection and Dependability Evaluation in the Software-Driven Telecom Industry
No full textGenerative AI in Cybersecurity: Generating Offensive Code from Natural Language
No full textIn recent years, Generative AI has emerged as a transformative force across a variety of domains. In particular, the ability of Large Language Models (LLMs) to produce coherent and functional source code has generated considerable interest within the cybersecurity community. Offensive security, traditionally characterized by manual and labor-intensive processes, is now being reshaped by these powerful AI-driven tools. Generative models can translate high-level natural language descriptions into working offensive code artifacts, thereby accelerating exploit development and lowering the barrier to entry for adversarial activities [1] , [2]
Overload control for virtual network functions under CPU contention
No full textIn this paper, we analyze the problem of overloads caused by physical CPU contention in cloud infrastructures, from the perspective of time-critical applications (such as Virtual Network Functions) running at guest level. We show that guest-level overload control solutions to counteract traffic spikes (e.g., traffic throttling) are counterproductive against overloads caused by CPU contention. We then propose a general guest-level solution to protect applications from overloads also in the case of CPU contention. We reproduced the phenomena on a IP Multimedia Subsystem (IMS) testbed based on OpenStack on top of KVM. The results show that the approach can dynamically adapt the service throughput to the actual system capacity in both cases of traffic spikes and CPU contention, by guaranteeing at the same time the IMS latency requirements
Timing Covert Channel Analysis of the VxWorks MILS Embedded Hypervisor under the Common Criteria Security Certification
No full textVirtualization technology is nowadays adopted in security-critical embedded systems to achieve higher performance and more design flexibility. However, it also comes with new security threats, where attackers leverage timing covert channels to exfiltrate sensitive infor- mation from a partition using a trojan. This paper presents a novel approach for the exper- imental assessment of timing covert channels in embedded hypervisors, with a case study on security assessment of a commercial hypervisor product ( Wind River VxWorks MILS ), in cooperation with a licensed laboratory for the Common Criteria security certification. Our ex- perimental analysis shows that it is indeed possible to establish a timing covert channel, and that the approach is useful for system designers for assessing that their configuration is robust against this kind of information leakage
Faultprog: Testing the Accuracy of Binary-Level Software Fault Injection
No full textOff-The-Shelf (OTS) software components are the cornerstone of modern systems, including safety-critical ones. However, the dependability of OTS components is uncertain due to the lack of source code, design artifacts and test cases, since only their binary code is supplied. Fault injection in components’ binary code is a solution to understand the risks posed by buggy OTS components. In this paper, we consider the problem of the accurate mutation of binary code for fault injection purposes. Fault injection emulates bugs in high-level programming constructs (assignments, expressions, function calls, ...) by mutating their translation in binary code. However, the semantic gap between the source code and its binary translation often leads to inaccurate mutations. We propose Faultprog, a systematic approach for testing the accuracy of binary mutation tools. Faultprog automatically generates synthetic programs using a stochastic grammar, and mutates both their binary code with the tool under test, and their source code as reference for comparisons. Moreover, we present a case study on a commercial binary mutation tool, where Faultprog was adopted to identify code patterns and compiler optimizations that affect its mutation accuracy
A Recovery-Oriented Approach for Software Fault Diagnosis in Complex Critical Systems
No full textThis paper proposes an approach to software faults diagnosis in complex fault tolerant systems, encompassing the phases of error detection, fault location, and system recovery. Errors are detected in the first phase, exploiting the operating system support. Faults are identified during the location phase, adopting on a machine learning approach; this phase then triggers the proper recovery action for the occurred fault - actuated in the third phase. Feedback actions are also adopted in the location phase to improve detection quality over time. A real world application from the Air Traffic Control field has been used as case study for evaluating the proposed approach. Experimental results, achieved by means of fault injection, show that the diagnosis engine is able to diagnose faults with high accuracy and at a low overhead
On Temporal Isolation Assessment in Virtualized Railway Signaling as a Service Systems
Full text linkIssues and ongoing work on state-driven workload generation for distributed systems
No full textThe dependability of a complex distributed system needs to be assured against the several conditions, namely states, in which it can operate. Generating a workload able to cover a desired target state of a distributed system is still a difficult task, since the relationship between the workload and states is nontrivial due to system complexity and non-deterministic factors. This work discusses our ongoing work on a state-driven workload generation approach for distributed systems, based on an evolutionary algorithm, and its preliminary implementation for testing a fault-tolerant distributed system for flight data processing. ?????? 2013 Springer-Verlag
- …
