Repository logo

Infoscience

  • English
  • French
Log In
Logo EPFL, École polytechnique fédérale de Lausanne

Infoscience

  • English
  • French
Log In
  1. Home
  2. Academic and Research Output
  3. Conferences, Workshops, Symposiums, and Seminars
  4. Autodafé: an Act of Software Torture
 
conference paper

Autodafé: an Act of Software Torture

Vuagnoux, Martin  
2005
Proceedings of the 22th Chaos Communication Congress
22th Chaos Communication Congress (22C3)

Automated vulnerability searching tools have led to a dramatic increase of the rate at which such flaws are discovered. One particular searching technique is fault injection i.e. insertion of random data into input files, buffers or protocol packets, combined with a systematic monitoring of memory violations. Even if these tools allow to uncover a lot of vulnerabilities, they are still very primitive; despite their poor efficiency, they are useful because of the very high density of such vulnerabilities in modern software. This paper presents an innovative buffer overflow uncovering technique, which uses a more thorough and reliable approach. This technique, called: Fuzzing by Weighting Attacks with Markers, is a specialized kind of fault injection, which does not need source code or special compilation for the monitored program. As a proof of concept of the efficiency of this technique, a tool called Autodafe has been developed. It allows to detect automatically an impressive number of buffer overflow vulnerabilities.

  • Files
  • Details
  • Metrics
Loading...
Thumbnail Image
Name

Vuagnoux05.pdf

Access type

openaccess

Size

126.13 KB

Format

Adobe PDF

Checksum (MD5)

35a8ae7c5e0676c444675d429d3983d4

Logo EPFL, École polytechnique fédérale de Lausanne
  • Contact
  • infoscience@epfl.ch

  • Follow us on Facebook
  • Follow us on Instagram
  • Follow us on LinkedIn
  • Follow us on X
  • Follow us on Youtube
AccessibilityLegal noticePrivacy policyCookie settingsEnd User AgreementGet helpFeedback

Infoscience is a service managed and provided by the Library and IT Services of EPFL. © EPFL, tous droits réservés