IIIT Hyderabad Publications |
|||||||||
|
Dynamic Security Analysis of Interpreters using Genetic Programming TechniqueAuthor: veggalam.s Date: 2017-07-27 Report no: IIIT/TH/2017/55 Advisor:Sanjay Rawat AbstractIn recent years, there has been a surge in finding vulnerabilities in browsers. This is mainly attributed to the ability of browser to host various services by gluing different applications. However, most of the research has gone into addressing web-related vulnerabilities like, XSS, SSL, SQLi etc. In this work, we focus on other type of vulnerabilities namely low-level or implementation level bugs. We specifically target embedded interpreters in browsers, as these software process codes that may come from a malicious site. Our contribution is to advance state of the art in interpreter testing. Fuzzing is an automated black box testing technique used for finding security vulnerabilities in the software by providing random data as input. Several frameworks for typical applications (e.g. network protocols, files formats, API‘s, applications and other targets) have been written so far. However, for interpreter testing, very few fuzzers exist. We present an automated evolutionary fuzzing technique to find bugs in JavaScript interpreters. However, in the case of an interpreter, fuzzing is challenging because the inputs are piece of codes that should be syntactically / semantically valid to pass the interpreter’s elementary checks. On the other hand, the fuzzed input should also be uncommon enough to trigger exceptional behavior in the interpreter, such as crashes, memory leaks and failing assertions. In our approach, we use evolutionary computing techniques, specifically genetic programming, to guide the fuzzer in generating uncommon input code fragments that may trigger exceptional behavior in the interpreter. We implement a prototype named IFuzzer to evaluate our technique on real-world examples. IFuzzer uses the language grammar to generate valid inputs. We applied IFuzzer first on an older version of the JavaScript interpreter of Mozilla (to allow for a fair comparison to existing work) and found 40 bugs, of which 12 were exploitable. On subsequently targeting the latest builds of the interpreter, IFuzzer found 17 bugs, of which four were security bugs. Full thesis: pdf Centre for Security, Theory and Algorithms |
||||||||
Copyright © 2009 - IIIT Hyderabad. All Rights Reserved. |