直播預告 · Machine Learning Security & Taint Style Vulnerability Research - Week 17

本學期的倒數第三次直播，歡迎關注~

時間: 2018-1-4, 14:00-16:00

鏈接: https://www.douyu.com/nisllive

Practical Attacks Against Graph-based Clustering

• Source: CCS 2017
• Author: Yizheng Chen(Gatech), etc
• Sharer: 鄒源
• Link：https://arxiv.org/pdf/1708.09056.pdf

Abstract: Graph modeling allows numerous security problems to be tackled in a general way, however, little work has been done to understand their ability to withstand adversarial attacks. We design and evaluate two novel graph attacks against a state-of-the-art networklevel, graph-based detection system. Our work highlights areas in adversarial machine learning that have not yet been addressed, specifically: graph-based clustering techniques, and a global feature space where realistic attackers without perfect knowledge must be accounted for (by the defenders) in order to be practical. Even though less informed attackers can evade graph clustering with low cost, we show that some practical defenses are possible.

Static Exploration of Taint-Style Vulnerabilities Found by Fuzzing

• Source: USENIX WOOT 2017
• Author: Bhargava Shastry(TU Berlin), etc
• Sharer: 李賀
• Link: https://www.usenix.org/system/files/conference/woot17/woot17-paper-shastry.pdf

Abstract: Taint-style vulnerabilities comprise a majority of fuzzer discovered program faults. These vulnerabilities usually manifest as memory access violations caused by tainted program input. Although fuzzers have helped uncover a majority of taint-style vulnerabilities in software to date, they are limited by (i) extent of test coverage; and (ii) the availability of fuzzable test cases. Therefore, fuzzing alone cannot provide a high assurance that all taint-style vulnerabilities have been uncovered. In this paper, we use static template matching to find recurrences of fuzzer-discovered vulnerabilities. To compensate for the inherent incompleteness of template matching, we implement a simple yet effective matchranking algorithm that uses test coverage data to focus attention on matches comprising untested code. We prototype our approach using the Clang/LLVM compiler toolchain and use it in conjunction with afl-fuzz, a modern coverage-guided fuzzer. Using a case study carried out on the Open vSwitch codebase, we show that our prototype uncovers corner cases in modules that lack a fuzzable test harness. Our work demonstrates that static analysis can effectively complement fuzz testing, and is a useful addition to the security assessment tool-set. Furthermore, our techniques hold promise for increasing the effectiveness of program analysis and testing, and serve as a building block for a hybrid vulnerability discovery framework.

推薦閱讀：