Collaborative Research: SaTC: CORE: Small: Self-Driving Continuous Fuzzing
协作研究:SaTC:核心:小型:自驱动连续模糊测试
基本信息
- 批准号:2247881
- 负责人:
- 金额:$ 30万
- 依托单位:
- 依托单位国家:美国
- 项目类别:Continuing Grant
- 财政年份:2023
- 资助国家:美国
- 起止时间:2023-08-01 至 2026-07-31
- 项目状态:未结题
- 来源:
- 关键词:
项目摘要
Continuous fuzzing is an emerging software testing paradigm that has gained significant traction in recent years. In this paradigm, a fuzzer is applied 24/7 to a piece of software as it is being developed/updated, hoping that the fuzzer can find the software bugs as soon as possible. It has been shown to be effective in finding bugs in large and complex pieces of software such as the Linux kernel, e.g., finding thousands of bugs and vulnerabilities in the past few years. Despite its perceived success, this project identifies an important limitation in today’s continuous fuzzing: a significant delay in finding a bug. This is fundamentally due to the lack of built-in features to make adjustments/improvements and be aware of its performance over time in general. We refer to this ability as “self-drive”. We argue that this is a critical ability because continuous fuzzing (1) by design needs to support the rapidly changing fuzzing target (under development) and (2) invests a large amount of resources and should use them effectively. The project further finds that (1) the first part of this delay is because the continuous fuzzer is initially incapable of finding some bugs, and (2) the second part of this delay is because the continuous fuzzer fails to use its resources effectively to find the bugs that it is already capable of finding. The successful completion of the project will enable continuous fuzzing to find bugs and vulnerabilities faster. Consequently, the project will help improve the quality of software systems tested with continuous fuzzing, which ultimately benefits society and the economy at large. This project investigates two research thrusts to address the aforementioned limitation. The goal of the first thrust is to improve the capability of the continuous fuzzer to find bugs that it could not find before. More specifically, it develops the capability of continuous generation and refinement of software interface descriptions. It investigates novel methods that combine various analysis techniques to overcome the challenge of analyzing a large-scale piece of software, providing the ability of self-correction and better precision and scalability. The goal of the second thrust is to enable the continuous fuzzer to find the bugs that it is capable of finding faster. This thrust investigates a scheduler for the continuous fuzzer. The goal of the scheduler is to optimize the use of existing resources of a continuous fuzzer to adequately fuzz all the interfaces of a given piece of software. It also explores a resource planning strategy for the continuous fuzzer to dynamically and automatically adjust the amount of resources available to it to achieve acceptable performance in terms of bug-finding delay.This award reflects NSF's statutory mission and has been deemed worthy of support through evaluation using the Foundation's intellectual merit and broader impacts review criteria.
连续模糊测试是一种新兴的软件测试范例,近年来获得了巨大的吸引力。在这个范例中,一个模糊器24/7应用于一个软件,因为它正在开发/更新,希望模糊器可以尽快找到软件错误。它已被证明在大型和复杂的软件中发现错误是有效的,例如Linux内核,例如,在过去的几年里发现了成千上万的错误和漏洞。尽管它的成功,这个项目确定了一个重要的限制,在今天的连续模糊:一个显着的延迟在寻找一个错误。这从根本上是由于缺乏内置的功能来进行调整/改进,并了解其性能随着时间的推移。我们把这种能力称为“自我驱动”。我们认为,这是一个关键的能力,因为连续模糊(1)的设计需要支持快速变化的模糊目标(正在开发中)和(2)投资了大量的资源,应该有效地利用它们。该项目进一步发现,(1)该延迟的第一部分是因为连续模糊器最初无法找到一些错误,以及(2)该延迟的第二部分是因为连续模糊器未能有效地使用其资源来找到它已经能够找到的错误。该项目的成功完成将使持续的模糊搜索能够更快地找到错误和漏洞。因此,该项目将有助于提高连续模糊测试的软件系统的质量,最终造福于社会和经济。本项目调查了两个研究重点,以解决上述限制。第一个推进的目标是提高连续模糊器发现以前无法发现的错误的能力。更具体地说,它开发了软件接口描述的连续生成和细化的能力。它研究了新的方法,联合收割机的各种分析技术,以克服分析一个大规模的软件,提供自我校正的能力和更好的精度和可扩展性的挑战。第二个推进的目标是使连续模糊器能够更快地找到它能够找到的错误。本文研究了连续模糊器的调度算法。调度器的目标是优化连续模糊器的现有资源的使用,以充分模糊给定软件的所有接口。它还探讨了一个资源规划策略的连续模糊动态和自动调整的资源量提供给它,以实现可接受的性能方面的缺陷发现delay.This奖项反映了NSF的法定使命,并已被认为是值得通过评估使用基金会的智力价值和更广泛的影响审查标准的支持。
项目成果
期刊论文数量(0)
专著数量(0)
科研奖励数量(0)
会议论文数量(0)
专利数量(0)
数据更新时间:{{ journalArticles.updateTime }}
{{
item.title }}
{{ item.translation_title }}
- DOI:
{{ item.doi }} - 发表时间:
{{ item.publish_year }} - 期刊:
- 影响因子:{{ item.factor }}
- 作者:
{{ item.authors }} - 通讯作者:
{{ item.author }}
数据更新时间:{{ journalArticles.updateTime }}
{{ item.title }}
- 作者:
{{ item.author }}
数据更新时间:{{ monograph.updateTime }}
{{ item.title }}
- 作者:
{{ item.author }}
数据更新时间:{{ sciAawards.updateTime }}
{{ item.title }}
- 作者:
{{ item.author }}
数据更新时间:{{ conferencePapers.updateTime }}
{{ item.title }}
- 作者:
{{ item.author }}
数据更新时间:{{ patent.updateTime }}
Zhiyun Qian其他文献
Used by device administration to set the maximum screen off timeout . *
由设备管理用来设置最大屏幕关闭超时。
- DOI:
- 发表时间:
2015 - 期刊:
- 影响因子:0
- 作者:
Yuru Shao;Jason Ott;Qi Alfred Chen;Zhiyun Qian;Z. Morley Mao - 通讯作者:
Z. Morley Mao
Packet Header Obfuscation Using MIMO
使用 MIMO 进行数据包标头混淆
- DOI:
10.1109/tnet.2020.2998398 - 发表时间:
2020 - 期刊:
- 影响因子:0
- 作者:
Yue Cao;A. Atya;Shailendra Singh;Zhiyun Qian;S. Krishnamurthy;T. L. Porta;P. Krishnamurthy;L. Marvel - 通讯作者:
L. Marvel
Where Is the Weakest Link? A Study on Security Discrepancies Between Android Apps and Their Website Counterparts
最薄弱的环节在哪里?
- DOI:
10.1007/978-3-319-54328-4_8 - 发表时间:
2017 - 期刊:
- 影响因子:0
- 作者:
Arash Alavi;Alan Quach;Hang Zhang;Bryan Marsh;Farhan ul Haq;Zhiyun Qian;Long Lu;Rajiv Gupta - 通讯作者:
Rajiv Gupta
Who Moves My App Promotion Investment? A Systematic Study About App Distribution Fraud
- DOI:
10.1109/tdsc.2021.3068209 - 发表时间:
2021 - 期刊:
- 影响因子:7.3
- 作者:
Shaoyong Du;Minrui Zhao;Jingyu Hua;Hang Zhang;Xiaoyu Chen;Zhiyun Qian;Sheng Zhong - 通讯作者:
Sheng Zhong
Investigation of the 2016 Linux TCP Stack Vulnerability at Scale
对 2016 年 Linux TCP 堆栈漏洞的大规模调查
- DOI:
- 发表时间:
2017 - 期刊:
- 影响因子:0
- 作者:
Alan Quach;Zhongjie Wang;Zhiyun Qian - 通讯作者:
Zhiyun Qian
Zhiyun Qian的其他文献
{{
item.title }}
{{ item.translation_title }}
- DOI:
{{ item.doi }} - 发表时间:
{{ item.publish_year }} - 期刊:
- 影响因子:{{ item.factor }}
- 作者:
{{ item.authors }} - 通讯作者:
{{ item.author }}
{{ truncateString('Zhiyun Qian', 18)}}的其他基金
Collaborative Research: SaTC: CORE: Small: Improving Decentralized Kernel Patch Ecosystems
协作研究:SaTC:CORE:小型:改善去中心化内核补丁生态系统
- 批准号:
2155213 - 财政年份:2022
- 资助金额:
$ 30万 - 项目类别:
Standard Grant
SaTC: CORE: Small: Collaborative: Deep and Efficient Dynamic Analysis of Operating System Kernels
SaTC:核心:小型:协作:操作系统内核的深入有效的动态分析
- 批准号:
1953933 - 财政年份:2020
- 资助金额:
$ 30万 - 项目类别:
Standard Grant
SaTC: CORE: Small: Collaborative: The Web Ad Technology Arms Race: Measurement, Analysis, and Countermeasures
SaTC:核心:小型:协作:网络广告技术军备竞赛:测量、分析和对策
- 批准号:
1719147 - 财政年份:2017
- 资助金额:
$ 30万 - 项目类别:
Standard Grant
CAREER: Empowering Attacker-Centric Security Analysis of Network Protocols
职业:支持以攻击者为中心的网络协议安全分析
- 批准号:
1652954 - 财政年份:2017
- 资助金额:
$ 30万 - 项目类别:
Continuing Grant
NeTS: Small: Collaborative Research: Practical HTTPS Traffic Manipulation At Middleboxes
NetS:小型:协作研究:中间盒的实用 HTTPS 流量操纵
- 批准号:
1619391 - 财政年份:2016
- 资助金额:
$ 30万 - 项目类别:
Standard Grant
TWC: Small: Cache-based Side Channel Attacks on Smartphone Graphics Buffers: New Vulnerabilities and Defenses
TWC:小型:针对智能手机图形缓冲区的基于缓存的侧通道攻击:新漏洞和防御
- 批准号:
1619450 - 财政年份:2016
- 资助金额:
$ 30万 - 项目类别:
Standard Grant
CSR: Small: Collaborative Research: Taming Mobile Hardware & OS Diversity for Comprehensive Software Analysis
CSR:小型:协作研究:驯服移动硬件
- 批准号:
1617573 - 财政年份:2016
- 资助金额:
$ 30万 - 项目类别:
Standard Grant
CRII: SaTC: Analyzing and verifying the security of TCP stacks under multi-entity interactions
CRII:SaTC:多实体交互下TCP协议栈的安全性分析与验证
- 批准号:
1464410 - 财政年份:2015
- 资助金额:
$ 30万 - 项目类别:
Standard Grant
TWC: Small: Collaborative: Multipath TCP Side Channel Vulnerabilities and Defenses
TWC:小:协作:多路径 TCP 侧信道漏洞和防御
- 批准号:
1528114 - 财政年份:2015
- 资助金额:
$ 30万 - 项目类别:
Standard Grant
相似国自然基金
Research on Quantum Field Theory without a Lagrangian Description
- 批准号:24ZR1403900
- 批准年份:2024
- 资助金额:0.0 万元
- 项目类别:省市级项目
Cell Research
- 批准号:31224802
- 批准年份:2012
- 资助金额:24.0 万元
- 项目类别:专项基金项目
Cell Research
- 批准号:31024804
- 批准年份:2010
- 资助金额:24.0 万元
- 项目类别:专项基金项目
Cell Research (细胞研究)
- 批准号:30824808
- 批准年份:2008
- 资助金额:24.0 万元
- 项目类别:专项基金项目
Research on the Rapid Growth Mechanism of KDP Crystal
- 批准号:10774081
- 批准年份:2007
- 资助金额:45.0 万元
- 项目类别:面上项目
相似海外基金
Collaborative Research: SaTC: CORE: Medium: Using Intelligent Conversational Agents to Empower Adolescents to be Resilient Against Cybergrooming
合作研究:SaTC:核心:中:使用智能会话代理使青少年能够抵御网络诱骗
- 批准号:
2330940 - 财政年份:2024
- 资助金额:
$ 30万 - 项目类别:
Continuing Grant
Collaborative Research: SaTC: CORE: Medium: Differentially Private SQL with flexible privacy modeling, machine-checked system design, and accuracy optimization
协作研究:SaTC:核心:中:具有灵活隐私建模、机器检查系统设计和准确性优化的差异化私有 SQL
- 批准号:
2317232 - 财政年份:2024
- 资助金额:
$ 30万 - 项目类别:
Continuing Grant
Collaborative Research: NSF-BSF: SaTC: CORE: Small: Detecting malware with machine learning models efficiently and reliably
协作研究:NSF-BSF:SaTC:核心:小型:利用机器学习模型高效可靠地检测恶意软件
- 批准号:
2338301 - 财政年份:2024
- 资助金额:
$ 30万 - 项目类别:
Continuing Grant
Collaborative Research: SaTC: CORE: Medium: Differentially Private SQL with flexible privacy modeling, machine-checked system design, and accuracy optimization
协作研究:SaTC:核心:中:具有灵活隐私建模、机器检查系统设计和准确性优化的差异化私有 SQL
- 批准号:
2317233 - 财政年份:2024
- 资助金额:
$ 30万 - 项目类别:
Continuing Grant
Collaborative Research: NSF-BSF: SaTC: CORE: Small: Detecting malware with machine learning models efficiently and reliably
协作研究:NSF-BSF:SaTC:核心:小型:利用机器学习模型高效可靠地检测恶意软件
- 批准号:
2338302 - 财政年份:2024
- 资助金额:
$ 30万 - 项目类别:
Continuing Grant
Collaborative Research: SaTC: CORE: Medium: Using Intelligent Conversational Agents to Empower Adolescents to be Resilient Against Cybergrooming
合作研究:SaTC:核心:中:使用智能会话代理使青少年能够抵御网络诱骗
- 批准号:
2330941 - 财政年份:2024
- 资助金额:
$ 30万 - 项目类别:
Continuing Grant
Collaborative Research: SaTC: CORE: Small: Towards Secure and Trustworthy Tree Models
协作研究:SaTC:核心:小型:迈向安全可信的树模型
- 批准号:
2413046 - 财政年份:2024
- 资助金额:
$ 30万 - 项目类别:
Standard Grant
Collaborative Research: SaTC: EDU: RoCCeM: Bringing Robotics, Cybersecurity and Computer Science to the Middled School Classroom
合作研究:SaTC:EDU:RoCCeM:将机器人、网络安全和计算机科学带入中学课堂
- 批准号:
2312057 - 财政年份:2023
- 资助金额:
$ 30万 - 项目类别:
Standard Grant
Collaborative Research: SaTC: CORE: Small: Investigation of Naming Space Hijacking Threat and Its Defense
协作研究:SaTC:核心:小型:命名空间劫持威胁及其防御的调查
- 批准号:
2317830 - 财政年份:2023
- 资助金额:
$ 30万 - 项目类别:
Continuing Grant
Collaborative Research: SaTC: CORE: Small: Towards a Privacy-Preserving Framework for Research on Private, Encrypted Social Networks
协作研究:SaTC:核心:小型:针对私有加密社交网络研究的隐私保护框架
- 批准号:
2318843 - 财政年份:2023
- 资助金额:
$ 30万 - 项目类别:
Continuing Grant