Research Review: Fuzzing Linux Kernel

Posted on by Mustakim

MoonShine: Optimizing OS Fuzzer Seed Selection with Trace Distillation Link: https://www.usenix.org/system/files/conference/usenixsecurity18/sec18-pailoor.pdfSource Code: N/A Summary: Syzkaller is one of the most popular kernel fuzzer. It generates a sequence of random system calls. Due to the randomness, most of them are unrealistic cases. They lose the efficiency because they don’t consider dependency (both implicit and explicit) among system…

Research Review: Control Flow Integrity

Posted on by Mustakim

GRIFFIN: Guarding Control Flows Using Intel Processor Trace Link:https://dl.acm.org/citation.cfm?id=3037716Source Code:https://github.com/TJAndHisStudents/Griffin-Trace Summary: The author only attempt to prove the performance overhead optimization using Intel PT for online verification. They claim to verify the enforcement policy for both backward and forward indirect control transfer with different strictness of policy when they completely discard the discussion regarding how they…

Research Review: Type Confusion Attack

Posted on by Mustakim

HexType: Efficient Detection of Type Confusion Errors for C++ Link: https://dl.acm.org/citation.cfm?id=3134062Source Code: https://github.com/HexHive/HexType Summary: In a type-based programming language, typecasting is a common phenomenon. With the object-oriented programming paradigm, this feature turns into a dangerous attack surface. When a derived class object cast to parent class object (upcast), it is usually safe, considering parent class…

Research Review: Memory Bound Protection

Posted on by Mustakim

Stack Bounds Protection with Low Fat Pointers Link: https://www.comp.nus.edu.sg/~gregory/papers/ndss17stack.pdfSource Code: https://github.com/GJDuck/LowFat Summary: The research work is an extension of their another work (Heap bounds protection with low-fat pointers). The concept of low-fat pointers are originated in the previous paper, they provide well-details of that too. The basic concept of low-fat pointers is: use the pointer memory itself to…

System and Software Security Research Conference

Posted on by Mustakim

Several conferences focus on security, including top-tier and flagship events, where publishing your work should be a priority. Additionally, individual top-tier systems and software conferences can also be good choices for publishing your research. I have categorized the conferences accordingly: Top-tier Security Conference * IEEE Symposium on Security and Privacy (S&P/Oakland)* ACM Computer and Communications Security (CCS) * USENIX…

Research Review: Exploit Generation

Posted on by Mustakim

Block Oriented Programming: Automating Data-Only Attacks Link: https://dl.acm.org/citation.cfm?id=3243739Source Code: https://github.com/HexHive/BOPC Summary: Vulnerable software with an active defense system (e.g. Control-Flow Integrity, Shadow Stack, Address Space Randomization etc.) is hard to exploit. Control Flow Integrity (CFI) restrict execution within valid control flows, although because of the weak control flow graph (CFG), the coarse-grained CFI system allows…

Research Review: Information Leak

Posted on by Mustakim

k-hunt: Pinpointing Insecure Cryptographic Keys from Execution Traces Link: http://web.cse.ohio-state.edu/~lin.3021/file/CCS18.pdfSource Code: https://github.com/GoSSIP-SJTU/k-hunt Summary: It would be useful for attackers if they can identify the memory location where an application store its cryptographic keys. It will be more useful to do taint analysis for various purpose (e.g. identify if a key is insecure). This research uses…