[GNUnet-SVN] [taler-schemafuzz] branch master updated: Added references.

gnunet-svn
[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
[GNUnet-SVN] [taler-schemafuzz] branch master updated: Added references.

From:	gnunet
Subject:	[GNUnet-SVN] [taler-schemafuzz] branch master updated: Added references. Did presentation for the front page (can still be impoved).
Date:	Sun, 02 Sep 2018 14:17:12 +0200
This is an automated email from the git hooks/post-receive script.

erwan-ulrich pushed a commit to branch master
in repository schemafuzz.

The following commit(s) were added to refs/heads/master by this push:
     new f25a79a  Added references. Did presentation for the front page (can 
still be impoved).
f25a79a is described below

commit f25a79a47503b073340dc85ecb74bcd469e7b1fb
Author: Feideus <address@hidden>
AuthorDate: Sun Sep 2 14:17:09 2018 +0200

    Added references. Did presentation for the front page (can still be 
impoved).
---
 docs/Documentation.pdf | Bin 987487 -> 1019868 bytes
 docs/Documentation.tex |  56 +++++++++++++++++++++++++++++++++++--------------
 docs/LogoBFH.jpeg      | Bin 0 -> 8229 bytes
 docs/LogoP13.png       | Bin 0 -> 17109 bytes
 docs/testcite.bib      |  31 +++++++++++++++++++++++++--
 5 files changed, 69 insertions(+), 18 deletions(-)

diff --git a/docs/Documentation.pdf b/docs/Documentation.pdf
index 2f85a02..8c81388 100644
Binary files a/docs/Documentation.pdf and b/docs/Documentation.pdf differ
diff --git a/docs/Documentation.tex b/docs/Documentation.tex
index d7cc3bc..d5c4610 100644
--- a/docs/Documentation.tex
+++ b/docs/Documentation.tex
@@ -11,16 +11,44 @@
 \usepackage{pdfpages}
 \usepackage{url}
 \usepackage{emp}
+\usepackage{subcaption}
 \usetikzlibrary{shapes.arrows,chains}
 \usepackage[english]{babel}
 
-\title{Documentation for SchemaFuzz}
+% Definition of \maketitle
+\makeatletter         
address@hidden
+
+\begin{figure}[!h]
+\centering
+\begin{minipage}{0.6\textwidth}
+  \includegraphics[width=1\linewidth]{LogoP13.png}
+\end{minipage}%
+\begin{minipage}{0.6\textwidth}
+  \includegraphics[width=1\linewidth]{LogoBFH.jpeg}
+\end{minipage}
+\end{figure}
+
+\bigskip
+
+\begin{center}
+{\Huge \bfseries \sffamily address@hidden }\\[4ex] 
+{\Large  address@hidden 
address@hidden
+\end{center}}
+\makeatother
+
+\title{Database Oriented Fuzz Testing Tool Development}
 \author{Ulrich "Feideus" Erwan}
 
 \begin{document}
 \begin{empfile}
-       
-\maketitle Documentation For SchemaFuzz
+
+\maketitle
+
+\vspace*{\fill}
+\raggedright{\underline{Supervisor}: Christian Grothoff}       \\
+\underline{Promotion}: 2017-2018
 \clearpage
 
 \tableofcontents
@@ -44,29 +72,29 @@ SchemaFuzz's development enrolls in the global dynamic of 
the past decades regar
 
 It uses the principle of "fuzz testing" or "fuzzing" to help find out which 
are the weak code paths of one's project. 
                                \begin{quotation}
-Traditional fuzzing is defined as "testing an automated software testing 
technique that involves providing invalid, unexpected, or random data as inputs 
to a computer program".
-                               \end{quotation} 
-                               \cite{fuzzing}          
-
-
+Traditional fuzzing is defined as "an automated software testing technique 
that involves providing invalid, unexpected, or random data as inputs to a 
computer program". \end{quotation}\cite{fuzzing}         
 
 This quote is   well illustrated by the following example :
                                \begin{quotation}
 Lets consider an integer in a program, which stores the result of a user's 
choice between 3 questions. When the user picks one, the choice will be 0, 1 or 
2. Which makes three practical cases. But what if we transmit 3, or 255 ? We 
can, because integers are stored a static size variable. If the default switch 
case hasn't been implemented securely, the program may crash and lead to 
"classical" security issues: (un)exploitable buffer overflows, DoS, ... 
                                \end{quotation}
 
-It is declined in severals categories that each focus on a specific type of 
input.
+It is divided in severals categories that each focus on a specific type of 
input.
  
 UI fuzzing focuses on button sequences and more generically any kind of user 
input during the execution of a program. The above example falls into this 
category.
-This principle had already successfully been used in existing fuzzing tool 
such as the well known "American fuzzy loop".
+This principle had already successfully been used in existing fuzzing tool 
such as  "MonkeyFuzz".
 File format fuzzing generates multiple malformed samples, and opens them 
sequentially.
+
+Certificate fuzzing is another interesting fuzzing approach that has emerged 
especially after it was introduced by \cite{Certif} in $Development$ $of$ 
$Intelligent$ $Digital$ $Certificate$ $Fuzzer$ $Tool$
+
 However, SchemaFuzz is a database oriented fuzzer. This means that it focuses 
on triggering unexpected behavior related to the usage of a external database 
content   
 
 This tool is meant to help developers, maintainers and more generically anyone 
that makes use of data coming from a database under his influence in their 
task. A good way to sum up the effect of this tool is to compare it with an 
"cyber attack simulator".
 This means that the idea behind it is to emulate the damage that an attacker 
may cause subtly or not to a database he illegally gained privileges on. This 
might in theory go from a simple boolean flip (subtle modifications) to 
removing/adding content to purely and simply destroying or erasing all the 
content of the database.
 SchemaFuzz focuses on the first part : modification of the content of the 
database by single small modification that may or may not overlap. These 
modifications may be   aggressive of   subtle.
 It is interesting to point out that this last point also qualifies SchemaFuzz 
as a good "database structural flaw detector".
-That is to say that errors typically triggered by a poor management of a 
database (wrong data type usage, incoherence between database structure and use 
of the content etc ...) might also appear clearly during the execution.   
+That is to say that errors typically triggered by a poor management of a 
database (wrong data type usage, incoherence between database structure and use 
of the content etc ...) might also appear clearly during the execution.
+For a more in depth description of different fuzzing approaches and , one can 
refer to $A$ $systematic$ $review$ $of$ $fuzzing$ $techniques$ \cite{Systematic}
                \subsection{Perimeter}
 This tool implement's some of the SchemaSpy tool's source code. More 
precisely, it uses the portion of the code that detect and stores the target 
database's structure.
 The main goal of this project is to build on top of this piece of existing 
code the functionalities required to test the usage of the database content by 
any kind of utility.                 
@@ -104,8 +132,6 @@ This organization will be detailed and discussed in the 
following sections.
                \subsection{SchemaSpy legacy/meta data extraction}
 SchemaSpy source code has provided the meta data extraction routine. The only 
job of this routine is to initialize the connection to the database and 
retrieve its meta data at the   beginning of the execution (before any actual 
SchemaFuzz code is run). These meta data include data types, table and table 
column names, views and foreign/primary key constraints. Having this pool of 
meta data under the shape of Java objects allows the main program to properly 
frame what the possibilities are [...]
 
-\clearpage
-
 \begin{figure} [h!]
 \centering
 \includegraphics[width=\textwidth]{MetaDataExtractionDiagram-1.pdf}
@@ -145,8 +171,6 @@ To do so, the software has a way to transfer the mutation 
from a child to its pa
 A mutation is a Java object that bundles all the informations that are used to 
perform a modification in the database. Every is linked to its parent and 
inherits some of his parent's data. In the case of a follow up mutation the 
child inherits the the database row that was his parent's target.Therefore the 
initial state (state before the injection of the modification) of its target is 
exactly the final state (state after injection of the modification) of his 
parent's target. A mutation i [...]
 It also holds the informations concerning the result of the injection in the 
shape of a data vector. This data vector is then used to perform a clustering 
calculus to determine the "uniqueness" of the mutation. This value is also 
stored inside the mutation object and is used as the weight of this mutation in 
the tree.
 
-\clearpage
-
 \begin{figure} [h!]
 \centering
 \includegraphics[width=\textwidth]{MutationClassDiagram-1.pdf}
@@ -285,7 +309,7 @@ After hashing the file name and the function name into 
numerical values trough L
 It is interesting to note that this triplet is not the most accurate 
representation of a stack trace. The analyzer will be improved in the future is 
that regard.
 
                                \paragraph{The Scoring mechanism}
-The "score" (or rank) of a mutation is a numerical value that reflects how 
interesting the outcome was. Crashes and unexpected behavior are what makes a 
mutation valuable since it indicates a wrongly implemented code piece in the 
target source in most cases. This value is calculated through a modified 
version of a clustering method.
+The "score" (or rank) of a mutation is a numerical value that reflects how 
interesting the outcome was. Unique crashes and unexpected behavior are what 
makes a mutation valuable since it indicates a wrongly implemented code piece 
in the target source in most cases. \cite{CrashUniQ} This value is calculated 
through a modified version of a clustering method.
 This clustering mechanism runs as follows:
        \begin{itemize}
        \item{Represent the triplets in a 3 dimensional space}
diff --git a/docs/LogoBFH.jpeg b/docs/LogoBFH.jpeg
new file mode 100644
index 0000000..81f2457
Binary files /dev/null and b/docs/LogoBFH.jpeg differ
diff --git a/docs/LogoP13.png b/docs/LogoP13.png
new file mode 100644
index 0000000..f145ab3
Binary files /dev/null and b/docs/LogoP13.png differ
diff --git a/docs/testcite.bib b/docs/testcite.bib
index f27dd42..938cfd4 100644
--- a/docs/testcite.bib
+++ b/docs/testcite.bib
@@ -1,5 +1,32 @@
address@hidden,
-author = {Wiki},
address@hidden,
+author = {Pudas Mikko},
+title = {Improving Crash Detection in Fuzzy Testing},
+school = {JAMK University of Applied Sciences},
+year = {2017},
+OPTmonth = {March}
+}
+
address@hidden,
+author = {B. Chandrasekar, S.Sajeev, Patrick K.Mohanty, G.Shobha},
+title = {Development of Intelligent Digital Certificate Fuzzer Tool},
+booktitle = {Proceedings of the 2017 International Conference on Cryptography, 
Security and Privacy},
+OPTpages = {126-130},
+OPTyear = {2017},
+OPTmonth = {march}
+}
+
address@hidden,
+author = {Chen Chen, Baojiang Cui, Jinxin Ma, Runpu Wu, Jianchao Guo, Wenqian 
Liu},
+title = {A systematic review of fuzzing techniques},
+journal = {Computers and Security},
+year = {2017},
+OPTvolume = {75},
+OPTpages = {118-137},
+OPTmonth = {October}
+}
+
address@hidden,
+author = {Wikipedia Contributors},
 title = {Fuzzing},
 url = "https://en.wikipedia.org/w/index.php?title=Plagiarism&oldid=5139350";
 }

-- 
To stop receiving notification emails like this one, please contact
address@hidden
[Prev in Thread]
Current Thread
[Next in Thread]
[GNUnet-SVN] [taler-schemafuzz] branch master updated: Added references. Did presentation for the front page (can still be impoved)., gnunet <=
Prev by Date: [GNUnet-SVN] [taler-schemafuzz] branch master updated: timeline diagram + End to end diagram+ started bibtex file
Next by Date: [GNUnet-SVN] [gnunet] branch master updated: it trans
Previous by thread: [GNUnet-SVN] [taler-schemafuzz] branch master updated: timeline diagram + End to end diagram+ started bibtex file
Next by thread: [GNUnet-SVN] [gnunet] branch master updated: it trans
Index(es):
- Date
- Thread