[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
Fuzzing PSPP
|
From: |
John Darrington |
|
Subject: |
Fuzzing PSPP |
|
Date: |
Tue, 4 Jul 2017 07:05:04 +0200 |
|
User-agent: |
Mutt/1.5.23 (2014-03-12) |
On Tue, Jul 04, 2017 at 07:06:23AM +0800, Chao Zhang wrote:
We are using smart fuzzing to test open source applications, including
pspp. Our tool collAFL is an enhanced version of AFL.
The core of AFL is an genetic algorithm to automatically discover
interesting test cases that trigger new internal states in the targeted
application, which leads to a high code coverage. Our tool collAFL's
improvement over AFL is that, it reduces some collisions in AFL's
algorithm, and increases the code coverage of AFL.
The evaluation result is good so far. We found dozens of vulnerabilities
in open source applications using collAFL. We are writing a paper about
it. More details will be discussed in the paper. Once the paper is ready,
we can share a copy with you, if you are interested.
The fuzzer I used to harden PSPP was Sam Hocevar's zzuf application,
http://caca.zoy.org/wiki/zzuf
I think the AFL fuzzer is somewhat more sofisticated to could well find a few
other issues.
J'
--
Avoid eavesdropping. Send strong encrypted email.
PGP Public key ID: 1024D/2DE827B3
fingerprint = 8797 A26D 0854 2EAB 0285 A290 8A67 719C 2DE8 27B3
See http://sks-keyservers.net or any PGP keyserver for public key.
signature.asc
Description: Digital signature