Collaborative Research: SaTC: CORE: Medium: Rethinking Fuzzing for Security

协作研究:SaTC:核心:中:重新思考安全性模糊测试

基本信息

  • 批准号:
    2031377
  • 负责人:
  • 金额:
    $ 59.6万
  • 依托单位:
  • 依托单位国家:
    美国
  • 项目类别:
    Standard Grant
  • 财政年份:
    2020
  • 资助国家:
    美国
  • 起止时间:
    2020-10-01 至 2022-02-28
  • 项目状态:
    已结题

项目摘要

In software, a vulnerability is a flaw in the code that can be exploited by a malicious actor to perform unauthorized activities or change the behavior of the software. Although a topic heavily studied by security researchers, finding software vulnerabilities is becoming increasingly challenging because the software widely used in day-to-day life is growing larger and more complicated. This project addresses this challenge by rethinking a classic technique called fuzzing for finding vulnerabilities from large software. The high-level idea of fuzzing is to create a large number of random inputs to run software and in turn trigger vulnerabilities. The novelties of this project are the new approaches, techniques, and tools that revolutionize fuzzing and make the nearly random testing process more intelligent and targeted. This way, this project will enhance security of various types of widely used software, ranging from web browsers to server-side programs.To that end, this project is investigating vulnerability-coverage-driven fuzzing. Existing fuzzing techniques primarily followed an approach called code-coverage-driven fuzzing, motivated by the belief that code coverage and vulnerability finding are strongly correlated. Challenging this widely held belief, this project shows that code coverage has weaker-than-expected ties with vulnerabilities and code-coverage-driven fuzzing is not well suited for vulnerability finding. Pioneering vulnerability-coverage-driven fuzzing, this project invents a series of novel techniques to (1) obtain feedback on vulnerability coverage (2) prioritize test inputs that can reach more vulnerabilities and (3) maximize the chance to trigger vulnerabilities reached by the test inputs. This project also produces new metrics, new benchmarks, and new frameworks for comprehensively evaluating the use of fuzzing for vulnerability finding. With the investigators' experience in research of software security and system security, this project provides a group of education, training, and research opportunities for both undergraduate and graduate students. Through industry outreach, the investigators pursue technology transfers and raise the awareness of software security.This award reflects NSF's statutory mission and has been deemed worthy of support through evaluation using the Foundation's intellectual merit and broader impacts review criteria.
在软件中,漏洞是代码中的缺陷,可以被恶意行为者利用来执行未经授权的活动或更改软件的行为。虽然安全研究人员大量研究的一个主题,发现软件漏洞正变得越来越具有挑战性,因为在日常生活中广泛使用的软件越来越大,越来越复杂。该项目通过重新思考一种称为模糊的经典技术来解决这一挑战,该技术用于从大型软件中查找漏洞。模糊化的高级思想是创建大量的随机输入来运行软件,并反过来触发漏洞。该项目的新颖之处在于新的方法、技术和工具,它们彻底改变了模糊测试,使几乎随机的测试过程更加智能和有针对性。通过这种方式,该项目将增强从Web浏览器到服务器端程序的各种广泛使用的软件的安全性。为此,该项目正在研究可验证性覆盖率驱动的模糊。现有的模糊技术主要遵循一种称为代码覆盖率驱动模糊的方法,其动机是相信代码覆盖率和漏洞发现是密切相关的。支持这一广泛持有的信念,该项目表明,代码覆盖率与漏洞的联系弱于预期,代码覆盖率驱动的模糊不适合漏洞发现。该项目开创性地提出了一系列新技术,以(1)获得漏洞覆盖率的反馈(2)优先考虑可以到达更多漏洞的测试输入(3)最大化触发测试输入到达的漏洞的机会。该项目还产生了新的指标,新的基准,和新的框架,全面评估使用模糊漏洞发现。本计画结合研究人员在软体安全与系统安全研究的经验,提供一群教育、训练与研究的机会给本科生与研究生。该奖项反映了NSF的法定使命,并通过使用基金会的知识价值和更广泛的影响审查标准进行评估,被认为值得支持。

项目成果

期刊论文数量(1)
专著数量(0)
科研奖励数量(0)
会议论文数量(0)
专利数量(0)
Facilitating Parallel Fuzzing with mutually-exclusive Task Distribution
  • DOI:
    10.1007/978-3-030-90022-9_10
  • 发表时间:
    2021-09
  • 期刊:
  • 影响因子:
    0
  • 作者:
    Yifan Wang;Yuchen Zhang;Chengbin Pang;Peng Li;Nikolaos Triandopoulos;Jun Xu
  • 通讯作者:
    Yifan Wang;Yuchen Zhang;Chengbin Pang;Peng Li;Nikolaos Triandopoulos;Jun Xu
{{ item.title }}
{{ item.translation_title }}
  • DOI:
    {{ item.doi }}
  • 发表时间:
    {{ item.publish_year }}
  • 期刊:
  • 影响因子:
    {{ item.factor }}
  • 作者:
    {{ item.authors }}
  • 通讯作者:
    {{ item.author }}

数据更新时间:{{ journalArticles.updateTime }}

{{ item.title }}
  • 作者:
    {{ item.author }}

数据更新时间:{{ monograph.updateTime }}

{{ item.title }}
  • 作者:
    {{ item.author }}

数据更新时间:{{ sciAawards.updateTime }}

{{ item.title }}
  • 作者:
    {{ item.author }}

数据更新时间:{{ conferencePapers.updateTime }}

{{ item.title }}
  • 作者:
    {{ item.author }}

数据更新时间:{{ patent.updateTime }}

Jun Xu其他文献

Randomized Algorithms for Dynamic Storage Load-Balancing
动态存储负载平衡的随机算法
Metal Active Sites and Their Catalytic Functions in Zeolites: Insights from Solid-State NMR Spectroscopy
沸石中的金属活性位点及其催化功能:来自固态核磁共振波谱的见解
  • DOI:
    10.1021/acs.accounts.9b00125
  • 发表时间:
    2019
  • 期刊:
  • 影响因子:
    18.3
  • 作者:
    Jun Xu;Qiang Wang;Feng Deng
  • 通讯作者:
    Feng Deng
Fe and N Co-doped Carbons Derived from an Ionic Liquid as Active Bifunctional Oxygen Catalysts
作为活性双功能氧催化剂的离子液体衍生的 Fe 和 N 共掺杂碳
  • DOI:
    10.1002/celc.201700049
  • 发表时间:
    2017
  • 期刊:
  • 影响因子:
    4
  • 作者:
    Jun Xu;Liang Shi;Junsheng Li;Cong Liang;Hui Wu;Jiaheng Lei;Dan Liu;Deyu Qu;Zhizhong Xie;Haolin Tang
  • 通讯作者:
    Haolin Tang
Stress-induced precocious aging in PD-patientiPSC-derivedNSCsmayunderlie the pathophysiology of Parkinson’s disease
压力诱导的帕金森病患者 iPSC 衍生的 NSC 早衰可能是帕金森病病理生理学的基础
  • DOI:
    10.1038/s41419-019-1313-y
  • 发表时间:
    2019
  • 期刊:
  • 影响因子:
    9
  • 作者:
    Liang Zhu;Chenxi Sun;Jie Ren;Guangming Wang;Rongjie Ma;Lixin Sun;Danjing Yang;Shane Gao;Ke Ning;Zhigang Wang;Xu Chen;Shengdi Chen;Hongwen Zhu;Zhengliang Gao;Jun Xu
  • 通讯作者:
    Jun Xu
Recent Advances in the Catalytic Synthesis of 4-Quinolones
4-喹诺酮类化合物催化合成研究新进展
  • DOI:
    10.1016/j.chempr.2019.01.006
  • 发表时间:
    2019
  • 期刊:
  • 影响因子:
    23.5
  • 作者:
    Chao Shen;Wang Anming;Jun Xu;Zhongfu An;Kang Yong Loh;Pengfei Zhang;Xiaogang Liu
  • 通讯作者:
    Xiaogang Liu

Jun Xu的其他文献

{{ item.title }}
{{ item.translation_title }}
  • DOI:
    {{ item.doi }}
  • 发表时间:
    {{ item.publish_year }}
  • 期刊:
  • 影响因子:
    {{ item.factor }}
  • 作者:
    {{ item.authors }}
  • 通讯作者:
    {{ item.author }}

{{ truncateString('Jun Xu', 18)}}的其他基金

CAREER: Fuzzing Large Software: Principles, Methods, and Tools
职业:模糊大型软件:原理、方法和工具
  • 批准号:
    2340198
  • 财政年份:
    2024
  • 资助金额:
    $ 59.6万
  • 项目类别:
    Continuing Grant
Travel: NSF Student Travel Grant for 2023 ACM Conference on Computer and Communications Security (CCS)
旅行:2023 年 ACM 计算机和通信安全 (CCS) 会议 NSF 学生旅行补助金
  • 批准号:
    2341773
  • 财政年份:
    2023
  • 资助金额:
    $ 59.6万
  • 项目类别:
    Standard Grant
CICI: TCR: Prompt, Reliable, and Safe Security Update for Cyberinfrastructure
CICI:TCR:网络基础设施的及时、可靠和安全的安全更新
  • 批准号:
    2319880
  • 财政年份:
    2023
  • 资助金额:
    $ 59.6万
  • 项目类别:
    Standard Grant
Collaborative Research: SaTC: CORE: Medium: Rethinking Fuzzing for Security
协作研究:SaTC:核心:中:重新思考安全性模糊测试
  • 批准号:
    2213727
  • 财政年份:
    2022
  • 资助金额:
    $ 59.6万
  • 项目类别:
    Standard Grant
CNS Core: Small: Towards Hybrid Data Center Switching Using Partially Reconfigurable Circuit Switch
CNS 核心:小型:使用部分可重构电路交换机实现混合数据中心交换
  • 批准号:
    2007006
  • 财政年份:
    2020
  • 资助金额:
    $ 59.6万
  • 项目类别:
    Standard Grant
CNS Core: Small: Ultra-Low-Complexity Switching Algorithms for Scalable High Network Performance
CNS 核心:小型:超低复杂度交换算法,实现可扩展的高网络性能
  • 批准号:
    1909048
  • 财政年份:
    2019
  • 资助金额:
    $ 59.6万
  • 项目类别:
    Standard Grant
NeTS: Small: Collaborative Research: Research into Worst-Case Large Deviation Theory for Network Algorithmics
NeTS:小型:协作研究:网络算法最坏情况大偏差理论的研究
  • 批准号:
    1423182
  • 财政年份:
    2014
  • 资助金额:
    $ 59.6万
  • 项目类别:
    Standard Grant
NeTS: Medium: Collaborative Research: Towards Building Time Capsule for Online Social Activities
NeTS:媒介:协作研究:为在线社交活动构建时间胶囊
  • 批准号:
    1302197
  • 财政年份:
    2013
  • 资助金额:
    $ 59.6万
  • 项目类别:
    Standard Grant
NeTS: Small: Collaborative Research: Towards Principled Network Troubleshooting via Efficient Packet Stream Processing
NetS:小型:协作研究:通过高效的数据包流处理实现有原则的网络故障排除
  • 批准号:
    1218092
  • 财政年份:
    2012
  • 资助金额:
    $ 59.6万
  • 项目类别:
    Standard Grant
SBIR Phase I: Nanocomposites for Electronic Packaging
SBIR 第一阶段:用于电子封装的纳米复合材料
  • 批准号:
    0912544
  • 财政年份:
    2009
  • 资助金额:
    $ 59.6万
  • 项目类别:
    Standard Grant

相似国自然基金

Research on Quantum Field Theory without a Lagrangian Description
  • 批准号:
    24ZR1403900
  • 批准年份:
    2024
  • 资助金额:
    0.0 万元
  • 项目类别:
    省市级项目
Cell Research
  • 批准号:
    31224802
  • 批准年份:
    2012
  • 资助金额:
    24.0 万元
  • 项目类别:
    专项基金项目
Cell Research
  • 批准号:
    31024804
  • 批准年份:
    2010
  • 资助金额:
    24.0 万元
  • 项目类别:
    专项基金项目
Cell Research (细胞研究)
  • 批准号:
    30824808
  • 批准年份:
    2008
  • 资助金额:
    24.0 万元
  • 项目类别:
    专项基金项目
Research on the Rapid Growth Mechanism of KDP Crystal
  • 批准号:
    10774081
  • 批准年份:
    2007
  • 资助金额:
    45.0 万元
  • 项目类别:
    面上项目

相似海外基金

Collaborative Research: SaTC: CORE: Medium: Using Intelligent Conversational Agents to Empower Adolescents to be Resilient Against Cybergrooming
合作研究:SaTC:核心:中:使用智能会话代理使青少年能够抵御网络诱骗
  • 批准号:
    2330940
  • 财政年份:
    2024
  • 资助金额:
    $ 59.6万
  • 项目类别:
    Continuing Grant
Collaborative Research: SaTC: CORE: Medium: Differentially Private SQL with flexible privacy modeling, machine-checked system design, and accuracy optimization
协作研究:SaTC:核心:中:具有灵活隐私建模、机器检查系统设计和准确性优化的差异化私有 SQL
  • 批准号:
    2317232
  • 财政年份:
    2024
  • 资助金额:
    $ 59.6万
  • 项目类别:
    Continuing Grant
Collaborative Research: NSF-BSF: SaTC: CORE: Small: Detecting malware with machine learning models efficiently and reliably
协作研究:NSF-BSF:SaTC:核心:小型:利用机器学习模型高效可靠地检测恶意软件
  • 批准号:
    2338301
  • 财政年份:
    2024
  • 资助金额:
    $ 59.6万
  • 项目类别:
    Continuing Grant
Collaborative Research: SaTC: CORE: Medium: Differentially Private SQL with flexible privacy modeling, machine-checked system design, and accuracy optimization
协作研究:SaTC:核心:中:具有灵活隐私建模、机器检查系统设计和准确性优化的差异化私有 SQL
  • 批准号:
    2317233
  • 财政年份:
    2024
  • 资助金额:
    $ 59.6万
  • 项目类别:
    Continuing Grant
Collaborative Research: NSF-BSF: SaTC: CORE: Small: Detecting malware with machine learning models efficiently and reliably
协作研究:NSF-BSF:SaTC:核心:小型:利用机器学习模型高效可靠地检测恶意软件
  • 批准号:
    2338302
  • 财政年份:
    2024
  • 资助金额:
    $ 59.6万
  • 项目类别:
    Continuing Grant
Collaborative Research: SaTC: CORE: Medium: Using Intelligent Conversational Agents to Empower Adolescents to be Resilient Against Cybergrooming
合作研究:SaTC:核心:中:使用智能会话代理使青少年能够抵御网络诱骗
  • 批准号:
    2330941
  • 财政年份:
    2024
  • 资助金额:
    $ 59.6万
  • 项目类别:
    Continuing Grant
Collaborative Research: SaTC: CORE: Small: Towards Secure and Trustworthy Tree Models
协作研究:SaTC:核心:小型:迈向安全可信的树模型
  • 批准号:
    2413046
  • 财政年份:
    2024
  • 资助金额:
    $ 59.6万
  • 项目类别:
    Standard Grant
Collaborative Research: SaTC: EDU: RoCCeM: Bringing Robotics, Cybersecurity and Computer Science to the Middled School Classroom
合作研究:SaTC:EDU:RoCCeM:将机器人、网络安全和计算机科学带入中学课堂
  • 批准号:
    2312057
  • 财政年份:
    2023
  • 资助金额:
    $ 59.6万
  • 项目类别:
    Standard Grant
Collaborative Research: SaTC: CORE: Small: Investigation of Naming Space Hijacking Threat and Its Defense
协作研究:SaTC:核心:小型:命名空间劫持威胁及其防御的调查
  • 批准号:
    2317830
  • 财政年份:
    2023
  • 资助金额:
    $ 59.6万
  • 项目类别:
    Continuing Grant
Collaborative Research: SaTC: CORE: Small: Towards a Privacy-Preserving Framework for Research on Private, Encrypted Social Networks
协作研究:SaTC:核心:小型:针对私有加密社交网络研究的隐私保护框架
  • 批准号:
    2318843
  • 财政年份:
    2023
  • 资助金额:
    $ 59.6万
  • 项目类别:
    Continuing Grant
{{ showInfoDetail.title }}

作者:{{ showInfoDetail.author }}

知道了