Search

Your search keyword '"Anh Nguyen-Tuong"' showing total 105 results
Start Over Author "Anh Nguyen-Tuong"
105 results on '"Anh Nguyen-Tuong"'

43. Same Coverage, Less Bloat: Accelerating Binary-only Fuzzing with Coverage-preserving Coverage-guided Tracing

Author

Matthew Hicks, Stefan Nagy, Jason D. Hiser, Anh Nguyen-Tuong, and Jack W. Davidson

Subjects
FOS: Computer and information sciences, Computer Science - Cryptography and Security, Speedup, Computer science, Code coverage, Fuzz testing, Tracing, Software Engineering (cs.SE), Computer Science - Software Engineering, Test case, Computer engineering, Software security assurance, Basic block, Enhanced Data Rates for GSM Evolution, Cryptography and Security (cs.CR)
Abstract

Coverage-guided fuzzing's aggressive, high-volume testing has helped reveal tens of thousands of software security flaws. While executing billions of test cases mandates fast code coverage tracing, the nature of binary-only targets leads to reduced tracing performance. A recent advancement in binary fuzzing performance is Coverage-guided Tracing (CGT), which brings orders-of-magnitude gains in throughput by restricting the expense of coverage tracing to only when new coverage is guaranteed. Unfortunately, CGT suits only a basic block coverage granularity -- yet most fuzzers require finer-grain coverage metrics: edge coverage and hit counts. It is this limitation which prohibits nearly all of today's state-of-the-art fuzzers from attaining the performance benefits of CGT. This paper tackles the challenges of adapting CGT to fuzzing's most ubiquitous coverage metrics. We introduce and implement a suite of enhancements that expand CGT's introspection to fuzzing's most common code coverage metrics, while maintaining its orders-of-magnitude speedup over conventional always-on coverage tracing. We evaluate their trade-offs with respect to fuzzing performance and effectiveness across 12 diverse real-world binaries (8 open- and 4 closed-source). On average, our coverage-preserving CGT attains near-identical speed to the present block-coverage-only CGT, UnTracer; and outperforms leading binary- and source-level coverage tracers QEMU, Dyninst, RetroWrite, and AFL-Clang by 2-24x, finding more bugs in less time., CCS '21: Proceedings of the 2021 ACM SIGSAC Conference on Computer and Communications Security

Published
2021
Full Text
View/download PDF

47. BigMap: Future-proofing Fuzzers with Efficient Large Maps

Author

Anh Nguyen-Tuong, Jack W. Davidson, Alif Ahmed, Jason D. Hiser, and Kevin Skadron

Subjects
business.industry, Computer science, Hash function, Fuzz testing, computer.file_format, Software, Computer engineering, Scalability, Key (cryptography), Overhead (computing), Bitmap, business, Throughput (business), computer
Abstract

Coverage-guided fuzzing is a powerful technique for finding security vulnerabilities and latent bugs in software. Such fuzzers usually store the coverage information in a small bitmap. Hash collision within this bitmap is a well-known issue and can reduce fuzzers’ ability to discover potential bugs. Prior works noted that collision mitigation with naively enlarging the hash space leads to an unacceptable runtime overhead. This paper describes BigMap, a two-level hashing scheme that enables using an arbitrarily large coverage_bitmap with low overhead. The key observation is that the overhead stems from frequent operations performed on the full bitmap, although only a fraction of the map is actively used. BigMap condenses these scattered active regions on a second bitmap and limits the operations only on that condensed area. We implemented our approach on top of the popular fuzzer AFL and conducted experiments on 19 benchmarks from FuzzBench and OSS-Fuzz. The results indicate that BigMap does not suffer from increased runtime overhead even with large map sizes. Compared to AFL, BigMap achieved an average of 4.5x higher test case generation throughput for a 2MB map and 33.1x for an 8MB map. The throughput gain for the 2MB map increased further to 9.2x with parallel fuzzing sessions, indicating superior scalability of BigMap. More importantly, BigMap’s compatibility with most coverage metrics, along with its efficiency on bigger maps, enabled exploring aggressive compositions of expensive coverage metrics and fuzzing algorithms, uncovering 33% more unique crashes. BigMap makes using large bitmaps practical and enables researchers to explore a wider design space of coverage metrics

Published
2021
Full Text
View/download PDF

49. Xandra: An Autonomous Cyber Battle System for the Cyber Grand Challenge

Author

Derek Morris, Anh Nguyen-Tuong, Ducson Nguyen, Eric F. Rizzi, Michele Co, David Melski, Jack W. Davidson, William Hawkins, and Jason D. Hiser

Subjects
021110 strategic, defence & security studies, Reasoning system, 021103 operations research, Battle, Exploit, Computer Networks and Communications, Event (computing), Computer science, Network security, business.industry, media_common.quotation_subject, 0211 other engineering and technologies, Vulnerability, 02 engineering and technology, Computer security, computer.software_genre, Electrical and Electronic Engineering, business, Law, computer, Hacker, media_common
Abstract

On 4 August 2016, DARPA conducted the final event of the Cyber Grand Challenge (CGC). The challenge in CGC was to build an autonomous system capable of playing in a capture-the-flag hacking competition. The final event pitted the systems from seven finalists against each other, with each system attempting to defend its own network services while proving vulnerabilities in other systems’ defended services. Xandra, our automated cyber reasoning system, took second place overall in the final event. Xandra placed first in security (preventing exploits), second in availability (keeping services operational and efficient), and fourth in evaluation (proving vulnerabilities in competitor services). Xandra also drew the least power of any of the competitor systems. In this article, we describe the high-level strategies applied by Xandra, their realization in Xandra’s architecture, the synergistic interplay between offense and defense, and finally, lessons learned via post-mortem analysis of the final event.

Published
2018
Full Text
View/download PDF

50. Securing Binary Code

Author

Anh Nguyen-Tuong, Jason D. Hiser, Michele Co, William Hawkins, and Jack W. Davidson

Subjects
021110 strategic, defence & security studies, Computer Networks and Communications, Programming language, Computer science, 0211 other engineering and technologies, Code (cryptography), Binary code, 02 engineering and technology, Electrical and Electronic Engineering, computer.software_genre, Law, computer
Abstract

The Zipr tool reverse-engineers binary code and applies specific and generic code transformations, with the goal of securing binary code.

Published
2017
Full Text
View/download PDF

Catalog

Books, media, physical & digital resources
See catalog results