Directed fuzzing focuses on automatically testing specific parts of the code by taking advantage of additional information such as (partial) bug stack trace, patches or risky operations. Key applications include bug reproduction, patch testing and static analysis report verification. Although directed fuzzing has received a lot of attention recently, hard-to-detect vulnerabilities such as Use-After-Free (UAF) are still not well addressed, more especially at the binary level. We propose UAFUZZ, the first (binary-level) directed greybox fuzzer dedicated to UAF bugs. The technique features a fuzzing engine tailored to UAF specifics, a lightweight code instrumentation and an efficient bug triage step. Experimental evaluation for bug reproduction on real cases demonstrates that UAFUZZ significantly outperforms state-of-the-art directed fuzzers in terms of fault detection rate, time to exposure and bug triaging. UAFUZZ has also been proven effective in patch testing, leading to the discovery of 20 new bugs in Perl, GPAC and GNU Patch (including a buggy patch) -all of them have been acknowledged and 14 have been fixed. Last but not least, we provide to the community the first fuzzing benchmark dedicated to UAF, built on both real codes and real bugs.
Artificial Intelligence (AI) is envisioned to play a critical role in controlling and orchestrating 5G/IoT networks and their applications, thanks to its capabilities to recognize abnormal patterns in complex situations and produce accurate decisions. However, AI models are vulnerable to adversarial attacks, thus the societal view is far from trustworthy as to its usage in safety critical areas relying on 5G/IoT networks. In this paper, we present ongoing work being done in the H2020 SPATIAL project that targets developing and evaluating AI-based modules for anomaly detection and Root Cause Analysis in the 5G/IoT context regarding different criteria, such as explainability, resilience and performance on a real 5G/IoT testbed.
scite is a Brooklyn-based organization that helps researchers better discover and understand research articles through Smart Citations–citations that display the context of the citation and describe whether the article provides supporting or contrasting evidence. scite is used by students and researchers from around the world and is funded in part by the National Science Foundation and the National Institute on Drug Abuse of the National Institutes of Health.