Fuzzing is a security testing methodology effective in finding bugs. In a nutshell, a fuzzer sends multiple slightly malformed messages to the software under test, hoping for crashes or weird system behaviour. The methodology is relatively simple, although applications that keep internal states are challenging to fuzz. The research community has responded to this challenge by developing fuzzers tailored to stateful systems, but a clear understanding of the variety of strategies is still missing. In this paper, we present the first taxonomy of fuzzers for stateful systems and provide a systematic comparison and classification of these fuzzers.CCS Concepts: • Security and privacy → Software security engineering.
Risk assessment is core to any institution's evaluation of risk, notably for what concerns people's privacy. The assessment often relies on information stated in a policy shaped as a text document. The risk assessor, or analyst in brief, is called to understand documentation that can be long, unclear or incomplete, hence subjectivity or distraction may strongly influence the process, particularly for identifying each relevant asset and for the assignment of the likelihood value of a given threat to an identified asset. The aim of this paper is to reduce the influence of subjectivity and distraction through risk assessment by means of our methodology for the Automated and Intelligent Likelihood Assignment (AILA). While the analyst's role cannot be emptied, it is facilitated through entities identification and likelihood assignment to threats for assets. The methodology adopts Natural Language Processing for summarisation and entity recognition, it tailors fully-supervised Machine Learning over policy documents and it leverages an existing tool supporting risk assessment, PILAR, in order to gain a more objective likelihood assignment. The paper demonstrates AILA over three real-world case studies from the automotive domain, culminating with the risk assessment exercises over the privacy policies of Toyota, Mercedes and Tesla. The executable components of AILA, the AILA Entity Extractor and the AILA Classifier are released as open source.
This article recognises the widespread application of risk assessment in ICT and aims at reducing the influence of human subjectivity and distraction by means of a methodology for the Automated and Intelligent Likelihood Assignment (AILA). The AILA Methodology, with its various components, applies when risk assessment proceeds exclusively upon information stated in a policy coming as a text document. This scenario is extremely common through small to medium sized institutions. Among the main contributions of this article lies the AILA Entity Extractor, which facilitates the risk assessor in the identification of entities, then of assets, from a given policy. Then, the AILA Classifier automates the assignment of likelihood values to given threats for assets. Moreover, the synergy of AILA with an existing tool for risk assessment demonstrates how to achieve more objective likelihood assignments. AILA is general in support of any risk assessment and, for the sake of demonstration, is applied to assess the privacy risk induced over physical persons by three real-world manufacturers from the automotive domain, namely Toyota, Mercedes and Tesla. AILA is also validated against a risk assessment methodology by ENISA, thereby confirming effectiveness and efficiency of the new methodology (which is dramatically more automated than ENISA's). AILA combines and consolidates together several techniques in an unprecedented fashion, including Natural Language Processing by summarisation and entity recognition, dataset labelling by appeal to the ToS;DR service, and fully-supervised Machine Learning and regression analysis. Finally, to contribute to open knowledge, the general, executable components of AILA, the AILA Entity Extractor and the AILA Classifier are released open source along with the the privacy-specific components, the AILA Privacy Dataset and the AILA Privacy Model.
Fuzz testing (or fuzzing) is an effective technique used to find security vulnerabilities. It consists of feeding a software under test with malformed inputs, waiting for a weird system behaviour (often a crash of the system). Over the years, different approaches have been developed, and among the most popular lies the coverage-based one. It relies on the instrumentation of the system to generate inputs able to cover as much code as possible. The success of this approach is also due to its usability as fuzzing techniques research approaches that do not require (or only partial require) human interactions. Despite the efforts, devising a fully-automated fuzzer still seems to be a challenging task. Target systems may be very complex; they may integrate cryptographic primitives, compute and verify check-sums and employ forks to enhance the system security, achieve better performances or manage different connections at the same time. This paper introduces the fork-awareness property to express the fuzzer ability to manage systems using forks. This property is leveraged to evaluate 14 of the most widely coverage-guided fuzzers and highlight how current fuzzers are ineffective against systems using forks.
scite is a Brooklyn-based organization that helps researchers better discover and understand research articles through Smart Citations–citations that display the context of the citation and describe whether the article provides supporting or contrasting evidence. scite is used by students and researchers from around the world and is funded in part by the National Science Foundation and the National Institute on Drug Abuse of the National Institutes of Health.
hi@scite.ai
10624 S. Eastern Ave., Ste. A-614
Henderson, NV 89052, USA
Copyright © 2024 scite LLC. All rights reserved.
Made with 💙 for researchers
Part of the Research Solutions Family.