Дисертації з теми "Security, Fuzzing"
Оформте джерело за APA, MLA, Chicago, Harvard та іншими стилями
Ознайомтеся з топ-18 дисертацій для дослідження на тему "Security, Fuzzing".
Біля кожної праці в переліку літератури доступна кнопка «Додати до бібліографії». Скористайтеся нею – і ми автоматично оформимо бібліографічне посилання на обрану працю в потрібному вам стилі цитування: APA, MLA, «Гарвард», «Чикаго», «Ванкувер» тощо.
Також ви можете завантажити повний текст наукової публікації у форматі «.pdf» та прочитати онлайн анотацію до роботи, якщо відповідні параметри наявні в метаданих.
Переглядайте дисертації для різних дисциплін та оформлюйте правильно вашу бібліографію.
Sayed, Shereef. "Black-Box Fuzzing of the REDHAWK Software Communications Architecture." Thesis, Virginia Tech, 2015. http://hdl.handle.net/10919/54566.
Повний текст джерелаMaster of Science
Sletmo, Patrik. "Introducing probabilities within grey-box fuzzing." Thesis, Linköpings universitet, Databas och informationsteknik, 2019. http://urn.kb.se/resolve?urn=urn:nbn:se:liu:diva-161893.
Повний текст джерелаMcDonough, Kenton Robert. "Torpedo: A Fuzzing Framework for Discovering Adversarial Container Workloads." Thesis, Virginia Tech, 2021. http://hdl.handle.net/10919/104159.
Повний текст джерелаMaster of Science
Over the last decade, container technology has fundamentally changed the landscape of commercial cloud computing services. By abstracting away many of the system details required to deploy software, developers can rapidly prototype, deploy, and take advantage of massive distributed frameworks when deploying new software products. These paradigms are supported with corresponding business models offered by cloud providers, who allocate space on powerful physical hardware among many potentially competing services. Unfortunately, recent work has shown that the isolation guarantees provided by containers are not absolute. Due to inconsistencies in the way containers have been implemented by the Linux kernel, there exist vulnerabilities that allow containerized programs to generate "out of band" workloads and negatively impact the performance of other containers. In general, these vulnerabilities are difficult to identify, but can be very severe. In this work, we present TORPEDO, a set of modifications to the SYZKALLER fuzzing framework that creates containerized workloads and searches for programs that negatively impact other containers. TORPEDO uses a novel technique that combines resource monitoring with code coverage approximations, and initial testing on common container software has revealed new interesting vulnerabilities and bugs.
Dutta, Rahul Kumar. "A Framework for Software Security Testing and Evaluation." Thesis, Linköpings universitet, Institutionen för datavetenskap, 2015. http://urn.kb.se/resolve?urn=urn:nbn:se:liu:diva-121645.
Повний текст джерелаDuchene, Fabien. "Detection of web vulnerabilities via model inference assisted evolutionary fuzzing." Thesis, Grenoble, 2014. http://www.theses.fr/2014GRENM022/document.
Повний текст джерелаTesting is a viable approach for detecting implementation bugs which have a security impact, a.k.a. vulnerabilities. When the source code is not available, it is necessary to use black-box testing techniques. We address the problem of automatically detecting a certain class of vulnerabilities (Cross Site Scripting a.k.a. XSS) in web applications in a black-box test context. We propose an approach for inferring models of web applications and fuzzing from such models and an attack grammar. We infer control plus taint flow automata, from which we produce slices, which narrow the fuzzing search space. Genetic algorithms are then used to schedule the malicious inputs which are sent to the application. We incorporate a test verdict by performing a double taint inference on the browser parse tree and combining this with taint aware vulnerability patterns. Our implementations LigRE and KameleonFuzz outperform current open-source black-box scanners. We discovered 0-day XSS (i.e., previously unknown vulnerabilities) in web applications used by millions of users
Huang, Jin. "Detecting Server-Side Web Applications with Unrestricted File Upload Vulnerabilities." Wright State University / OhioLINK, 2021. http://rave.ohiolink.edu/etdc/view?acc_num=wright163007760528389.
Повний текст джерелаLone, Sang Fernand. "Protection des systèmes informatiques contre les attaques par entrées-sorties." Phd thesis, INSA de Toulouse, 2012. http://tel.archives-ouvertes.fr/tel-00863020.
Повний текст джерелаPotnuru, Srinath. "Fuzzing Radio Resource Control messages in 5G and LTE systems : To test telecommunication systems with ASN.1 grammar rules based adaptive fuzzer." Thesis, KTH, Skolan för elektroteknik och datavetenskap (EECS), 2021. http://urn.kb.se/resolve?urn=urn:nbn:se:kth:diva-294140.
Повний текст джерела5G-telekommunikationssystem måste vara extremt tillförlitliga för att möta behoven för den kommande utvecklingen inom kommunikation. Systemen som används måste testas noggrant och måste överensstämma med deras standarder. Programvara och nätverksprotokoll testas ofta med tekniker som fuzzing, penetrationstest, kodgranskning, testning av överensstämmelse. Med fuzzing kan testare skicka utformade input för att övervaka System Under Test (SUT) för ett svar. 3GPP, standardiseringsorganet för telekomsystemet, producerar ofta nya versioner av specifikationer för att möta kraven och bristerna från tidigare utgåvor. Detta leder till många versioner av specifikationer för ett nätverksprotokoll som Radio Resource Control (RRC) och testare behöver ständigt uppdatera testverktygen och testmiljön. I detta arbete visar vi att genom att använda den generiska karaktären av RRC-specifikationer, som ges i beskrivningsspråket Abstract Syntax Notation One (ASN.1), kan man designa ett testverktyg för att anpassa sig till alla versioner av 3GPP-specifikationer. Detta uppsatsarbete introducerar en ASN.1-baserad adaptiv fuzzer som kan användas för att testa RRC och andra nätverksprotokoll baserat på ASN.1- beskrivningsspråk. Fuzzer extraherar kunskap om pågående RRC meddelanden med användning av protokollbeskrivningsfiler för RRC, dvs RRC ASN.1 schema från 3GPP, och använder kunskapen för att fuzz RRC meddelanden. Den adaptiva fuzzer identifierar enskilda fält, delmeddelanden och anpassade datatyper enligt specifikationer när innehållet i befintliga meddelanden muteras. Dessutom har den adaptiva fuzzer identifierat en tidigare oidentifierad sårbarhet i Evolved Packet Core (EPC) för srsLTE och openLTE, två opensource LTE-implementeringar, vilket bekräftar tillämpligheten för robusthetsprovning av RRC och andra nätverksprotokoll.
Ahmad, Abbas. "Model-Based Testing for IoT Systems : Methods and tools." Thesis, Bourgogne Franche-Comté, 2018. http://www.theses.fr/2018UBFCD008/document.
Повний текст джерелаThe Internet of Things (IoT) is nowadays globally a mean of innovation and transformation for many companies. Applications extend to a large number of domains, such as smart cities, smart homes, healthcare, etc. The Gartner Group estimates an increase up to 21 billion connected things by 2020. The large span of "things" introduces problematic aspects, such as conformance and interoperability due to the heterogeneity of communication protocols and the lack of a globally-accepted standard. The large span of usages introduces problems regarding secure deployments and scalability of the network over large-scale infrastructures. This thesis deals with the problem of the validation of the Internet of Things to meet the challenges of IoT systems. For that, we propose an approach using the generation of tests from models (MBT). We have confronted this approach through multiple experiments using real systems thanks to our participation in international projects. The important effort which is needed to be placed on the testing aspects reminds every IoT system developer that doing nothing is more expensive later on than doing it on the go
(10746420), Hui Peng. "FUZZING HARD-TO-COVER CODE." Thesis, 2021.
Знайти повний текст джерелаBarbosa, João Fernando da Costa Meireles. "Automated Repair of Security Vulnerabilities using Coverage-guided Fuzzing." Master's thesis, 2021. https://hdl.handle.net/10216/135943.
Повний текст джерелаBarbosa, João Fernando da Costa Meireles. "Automated Repair of Security Vulnerabilities using Coverage-guided Fuzzing." Dissertação, 2021. https://hdl.handle.net/10216/135943.
Повний текст джерелаAtlidakis, Evangelos. "Structure and Feedback in Cloud Service API Fuzzing." Thesis, 2021. https://doi.org/10.7916/d8-2bry-am81.
Повний текст джерела(6640856), Sushant Dinesh. "Retrowrite: Statically Instrumenting COTS Binaries for Fuzzing and Sanitization." Thesis, 2019.
Знайти повний текст джерелаHo, Chia-Lun, and 何嘉倫. "Design and Implementation of a Fuzzing Tool for Enhancing the Security of RESTful Web Services." Thesis, 2018. http://ndltd.ncl.edu.tw/handle/34gpn9.
Повний текст джерела國立交通大學
資訊科學與工程研究所
106
Recently, it had become a trend to build websites using systematic development approaches and frameworks. Among these, the RESTful web service is one of the key development technologies. Many well-known web development frameworks (e.g., Laravel, Ruby on Rails) and websites (e.g., Twitter, LinkedIn, WordPress) had provided RESTful API for ordinary user data access support. Moreover, with the popularity of this RESTful web service, the related security issues had become more diversified and more complex. In this thesis, we would like to accomplish the two requirements: First, to design and build a fuzzing tool for helping identify unknown potential vulnerability of a RESTful website under test; Second, by inspecting the RESTful APIs of the website under check, the security team could use the proposed fuzzing tool to identify the most likely potential vulnerability information. In this study, we proposed a set of hybrid fuzzing scheme(i.e., fuzzing + genetic algorithm) and implemented a prototype of the proposed scheme to help identify potential vulnerabilities of RESTful APIs of a website security under test. We would further elaborate the above as follows: 1. Scope of this study and its extended applications: In consideration of simplifying this thesis, we had mainly focused our study on general web browsing behaviors (i.e., by analyzing the URLs of RESTful web pages). In essence, with minor modifications, the same scheme could be easily adapted (and extended) to conduct the analysis of common anomalies, such as the analysis of invalid login account/password attempts. 2. Different test methodologies and application scopes: Most conventional fuzzing tools mainly focus on the study of common vulnerabilities such as SQL injection and XSS, by injecting specific input strings. However, our proposed hybrid scheme (i.e., fuzzing + Genetic Algorithm, or GA), is mainly designed to help identify unknown potential vulnerabilities of a RESTful website. 3. Fuzzing strategy: In the design of any fuzzing scheme, there should be an important set of fuzzy strategy. As we all known, GA is a good solution candidate for most optimal search problems. Hence, in this study, we chose GA as an adjustment tool for implementing the fuzzy strategy. 4. Performance evaluation: In this study, we built a prototype of the proposed hybrid-fuzzing scheme, to help identify potential vulnerabilities of typical RESTful websites. Using the proposed fuzzing tool, with no more than 100,000 generations, the tester could accomplish the checking of a typical RESTful website within 10 minutes. Overall, by running the proposed fuzzing tool, 80\% of the vulnerabilities cases in this study terminated the process within 50,000 generations. Especially, some potential vulnerability instances had even terminated the search process within 10,000 generations.
(9217391), Yuseok Jeon. "Practical Type and Memory Safety Violation Detection Mechanisms." Thesis, 2020.
Знайти повний текст джерела(10716420), Taegyu Kim. "Cyber-Physical Analysis and Hardening of Robotic Aerial Vehicle Controllers." Thesis, 2021.
Знайти повний текст джерелаIn this thesis, we present cyber-physical analysis and hardening to secure RAV controllers. Through a combination of program analysis and vehicle control modeling, we first developed novel techniques to (1) connect both cyber and physical domains and then (2) analyze individual domains and their interplay. Specifically, we describe how to detect bugs after RAV accidents using provenance (Mayday), how to proactively find bugs using fuzzing (RVFuzzer), and how to patch vulnerable firmware using binary patching (DisPatch). As a result, we have found 91 new bugs in modern RAV control programs, and their developers confirmed 32 cases and patch 11 cases.
(6632954), Kyriakos K. Ispoglou. "INFERENCE OF RESIDUAL ATTACK SURFACE UNDER MITIGATIONS." Thesis, 2019.
Знайти повний текст джерела