帳號:guest(3.239.239.71)          離開系統
字體大小: 字級放大   字級縮小   預設字形  

詳目顯示

以作者查詢圖書館館藏以作者&題名查詢臺灣博碩士以作者查詢全國書目
作者:廖峰澤
作者(英文):Liao, Feng-Ze
論文名稱(中文):藉由排程文件物件模型資料之變異與生成 進行瀏覽器模糊測試
論文名稱(英文):Browser Fuzzing by Scheduled Mutation and Generation of Document Object Models
指導教授(中文):林盈達
指導教授(英文):Lin, Ying-Dar
口試委員:林盈達
賴源正
黃世昆
吳育松
口試委員(英文):Lin, Ying-Dar
Lai, Yuan-Cheng
Huang, Shih Kun
Wu, Yu Sung
學位類別:碩士
校院名稱:國立交通大學
系所名稱:網路工程研究所
學號:0256541
出版年(民國):104
畢業學年度:103
語文別:英文
論文頁數:25
中文關鍵詞:瀏覽器模糊測試黑箱測試漏洞失控突變排程法DOM
外文關鍵詞:browser fuzzingblack-box fuzzingvulnerabilitiesexploitsmutationschedulingdocument object modelDOM
相關次數:
  • 推薦推薦:0
  • 點閱點閱:455
  • 評分評分:*****
  • 下載下載:18
  • 收藏收藏:0
網路應用已成為日常不可或缺的一部分,但這些應用系統若被有心者入侵利用,卻可能造成安全性的威脅。因此,尋找與修復弱點、以避免被利用,為當務之急。模糊測試是目前被廣泛運用找尋軟體漏洞的方法,可藉由變異種子測資來有效找尋軟體的弱點。這些方法對 Web 瀏覽器而言仍有不足之處,我們於是提出 DOM 模糊測試排程法(簡稱 SDF),整合多種瀏覽器的測試工具與稱為 BFF 的排程模糊測試框架。我們也提出一個新的機率模式,改善種子選擇與動態變異過程,更有效地產生更多失控的測資。實驗顯示,SDF 生成的失控測資數量,與比較對象衡量,多達2.27倍。我們也在Windows7環境下發現二十三個可脅迫的失控測資。顯示一個較佳的排程法及架構,可改善瀏覽器的模糊測試效能。
Internet applications have made our daily life fruitful. However, they also cause many security problems if these applications are leveraged by intruders. Thus, it is important to find and fix vulnerabilities timely to prevent application vulnerabilities from being exploited. Fuzz testing is a popular methodology that effectively finds vulnerabilities in application programs with seed input mutation. However, it is not a satisfied solution for the web browsers. In this work, we propose a solution, called scheduled DOM fuzzing (SDF), which integrates several related browser fuzzing tools and the fuzzing framework called BFF. To explore more crash possibilities, we revise the browser fuzzing architecture and schedule seed input selection and mutation dynamically. We also propose two probability computing methods in scheduling mechanism which tries to improve the performance by determining which combinations of seed and mutation would produce more crashes. Our experiments show that SDF is 2.27 time more efficient in terms of the number of crashes and vulnerabilities found at most. SDF also has the capacity for finding 23 exploitable crashes in Windows 7 within five days. The experimental results reveals that a good scheduling method for seed and mutations in browser fuzzing is able to find more exploitable crashes than fuzzers with the fixed seed input.
List of Figures v
List of Tables vi
Chapter 1 Introduction 1
Chapter 2 Background 5
2.1 Black-Box Fuzzing 5
2.2 Improvement of black-box fuzzing: schedule 6
2.3 Browser fuzzing 6
Chapter 3 Problem Statement 9
3.1 Terminology and Assumptions 9
3.2 Problem Statement 9
Chapter 4 Scheduled DOM Fuzzing 11
Chapter 5 Implementation 16
Chapter 6 Results 18
Chapter 7 Conclusions 23
References 24
[1] R. Langner, "Stuxnet: Dissecting a cyberwarfare weapon," Security & Privacy, IEEE, vol. 9, pp. 49-51, 2011.
[2] R. Sherstobitoff and M. Itai Liba, "Dissecting Operation Troy: Cyberespionage in South Korea," ed: McAfee White Paper, 2013.
[3] W. A. Arbaugh, W. L. Fithen, and J. McHugh, "Windows of vulnerability: A case study analysis," Computer, vol. 33, pp. 52-59, 2000.
[4] L. F. B. P. Miller, and B. So, "An empirical study of the reliability of UNIX utilities," Communications of the ACM, vol. 33, pp. 32-44, 1990.
[5] M. Sutton, A. Greene, and P. Amini, Fuzzing: brute force vulnerability discovery: Pearson Education, 2007.
[6] B. Liu, L. Shi, Z. Cai, and M. Li, "Software vulnerability discovery techniques: A survey," in Multimedia Information Networking and Security (MINES), 2012 Fourth International Conference on, 2012, pp. 152-156.
[7] S.-K. Huang, M.-H. Huang, P.-Y. Huang, C.-W. Lai, H.-L. Lu, and W.-M. Leong, "CRAX: Software Crash Analysis for Automatic Exploit Generation by Modeling Attacks as Symbolic Continuations," in Software Security and Reliability (SERE), 2012 IEEE Sixth International Conference on, 2012, pp. 78-87.
[8] A. Rebert, S. K. Cha, T. Avgerinos, J. Foote, D. Warren, G. Grieco, et al., "Optimizing seed selection for fuzzing," in Proceedings of the USENIX Security Symposium, 2014, pp. 861-875.
[9] The ZZUF fuzzer. Available: http://caca.zoy.org/wiki/zzuf
[10] W. Dorman, "CERT Basic Fuzzing Framework," 2010.
[11] Failure Observation Engine (FOE). Available: http://www.cert.org/vulnerability-analysis/tools/foe.cfm?
[12] S. K. C. M. Woo, S. Gottlieb, and D. Brumley, "Scheduling black-box mutational fuzzing," in Proceedings of the 2013 ACM SIGSAC conference on Computer & communications security, pp. 511-522, 2013.
[13] Symantec, "Internet Security Threat Report 2014," 2014.
[14] Bf3. Available: http://www.aldeid.com/wiki/Bf3
[15] M. Zalewski. (2011). crossfuzz. Available: http://lcamtuf.blogspot.tw/2011/01/announcing-crossfuzz-potential-0-day-in.html
[16] R. Valotta, "Taking Browsers Fuzzing To The Next (DOM) Level," 2011.
[17] W3C. Document Object Model (DOM) Technical Reports. Available: http://www.w3.org/DOM/DOMTR
[18] S. D. Cook and J. S. Brown, "Bridging epistemologies: The generative dance between organizational knowledge and organizational knowing," Organization science, vol. 10, pp. 381-400, 1999.
[19] A. Aphale. Introduction to browser fuzzing. Available: http://www.slideshare.net/null0x00/introduction-to-browser-fuzzing
[20] Microsoft. !exploitable Crash Analyzer - MSEC Debugger Extensions. Available: https://msecdbg.codeplex.com/
 
 
 
 
第一頁 上一頁 下一頁 最後一頁 top
* *