- Overview
- Symposium Organizers
- Registration Information
- Registration Discounts
- At a Glance
- Calendar
- Technical Sessions
- Birds-of-a-Feather Sessions
- Poster Session
- Sponsorship
- Workshops
- Activities
- Hotel and Travel Information
- Services
- Students
- Questions
- Help Promote!
- Flyer PDF
- For Participants
- Call for Papers
- Past Symposia
sponsors
usenix conference policies
Dowsing for Overflows: A Guided Fuzzer to Find Buffer Boundary Violations
Istvan Haller and Asia Slowinska, VU University Amsterdam; Matthias Neugschwandtner, Vienna University of Technology; Herbert Bos, VU University Amsterdam
Dowser is a ‘guided’ fuzzer that combines taint tracking, program analysis and symbolic execution to find buffer overflow and underflow vulnerabilities buried deep in a program’s logic. The key idea is that analysis of a program lets us pinpoint the right areas in the program code to probe and the appropriate inputs to do so.
Intuitively, for typical buffer overflows, we need consider only the code that accesses an array in a loop, rather than all possible instructions in the program. After finding all such candidate sets of instructions, we rank them according to an estimation of how likely they are to contain interesting vulnerabilities. We then subject the most promising sets to further testing. Specifically, we first use taint analysis to determine which input bytes influence the array index and then execute the program symbolically, making only this set of inputs symbolic. By constantly steering the symbolic execution along branch outcomes most likely to lead to overflows, we were able to detect deep bugs in real programs (like the nginx webserver, the inspircd IRC server, and the ffmpeg videoplayer). Two of the bugs we found were previously undocumented buffer overflows in ffmpeg and the poppler PDF rendering library.
Open Access Media
USENIX is committed to Open Access to the research presented at our events. Papers and proceedings are freely available to everyone once the event begins. Any video, audio, and/or slides that are posted after the event are also free and open to everyone. Support USENIX and our commitment to Open Access.
author = {Istvan Haller and Asia Slowinska and Matthias Neugschwandtner and Herbert Bos},
title = {Dowsing for {Overflows}: A Guided Fuzzer to Find Buffer Boundary Violations},
booktitle = {22nd USENIX Security Symposium (USENIX Security 13)},
year = {2013},
isbn = {978-1-931971-03-4},
address = {Washington, D.C.},
pages = {49--64},
url = {https://www.usenix.org/conference/usenixsecurity13/technical-sessions/papers/haller},
publisher = {USENIX Association},
month = aug
}
connect with us