Open Access. Powered by Scholars. Published by Universities.®
Physical Sciences and Mathematics Commons™
Open Access. Powered by Scholars. Published by Universities.®
- Discipline
Articles 1 - 6 of 6
Full-Text Articles in Physical Sciences and Mathematics
Smartfuzz: An Automated Smart Fuzzing Approach For Testing Smartthings Apps, Lwin Khin Shar, Nguyen Binh Duong Ta, Lingxiao Jiang, David Lo, Wei Minn, Kiah Yong Glenn Yeo, Eugene Kim
Smartfuzz: An Automated Smart Fuzzing Approach For Testing Smartthings Apps, Lwin Khin Shar, Nguyen Binh Duong Ta, Lingxiao Jiang, David Lo, Wei Minn, Kiah Yong Glenn Yeo, Eugene Kim
Research Collection School Of Computing and Information Systems
As IoT ecosystem has been fast-growing recently, there have been various security concerns of this new computing paradigm. Malicious IoT apps gaining access to IoT devices and capabilities to execute sensitive operations (sinks), e.g., controlling door locks and switches, may cause serious security and safety issues. Unlike traditional mobile/web apps, IoT apps highly interact with a wide variety of physical IoT devices and respond to environmental events, in addition to user inputs. It is therefore important to conduct comprehensive testing of IoT apps to identify possible anomalous behaviours. On the other hand, it is also important to optimize the number …
Sfuzz: An Efficient Adaptive Fuzzer For Solidity Smart Contracts, Tai D. Nguyen, Long H. Pham, Jun Sun, Yun Lin, Minh Quang Tran
Sfuzz: An Efficient Adaptive Fuzzer For Solidity Smart Contracts, Tai D. Nguyen, Long H. Pham, Jun Sun, Yun Lin, Minh Quang Tran
Research Collection School Of Computing and Information Systems
Smart contracts are Turing-complete programs that execute on the infrastructure of the blockchain, which often manage valuable digital assets. Solidity is one of the most popular programming languages for writing smart contracts on the Ethereum platform. Like traditional programs, smart contracts may contain vulnerabilities. Unlike traditional programs, smart contracts cannot be easily patched once they are deployed. It is thus important that smart contracts are tested thoroughly before deployment. In this work, we present an adaptive fuzzer for smart contracts on the Ethereum platform called sFuzz. Compared to existing Solidity fuzzers, sFuzz combines the strategy in the AFL fuzzer and …
Objsim: Efficient Testing Of Cyber-Physical Systems, Jun Sun, Zijiang Yang
Objsim: Efficient Testing Of Cyber-Physical Systems, Jun Sun, Zijiang Yang
Research Collection School Of Computing and Information Systems
Cyber-physical systems (CPSs) play a critical role in automating public infrastructure and thus attract wide range of attacks. Assessing the effectiveness of defense mechanisms is challenging as realistic sets of attacks to test them against are not always available. In this short paper, we briefly describe smart fuzzing, an automated, machine learning guided technique for systematically producing test suites of CPS network attacks. Our approach uses predictive ma- chine learning models and meta-heuristic search algorithms to guide the fuzzing of actuators so as to drive the CPS into different unsafe physical states. The approach has been proven effective on two …
Active Fuzzing For Testing And Securing Cyber-Physical Systems, Yuqi Chen, Bohan Xuan, Christopher M. Poskitt, Jun Sun, Fan Zhang
Active Fuzzing For Testing And Securing Cyber-Physical Systems, Yuqi Chen, Bohan Xuan, Christopher M. Poskitt, Jun Sun, Fan Zhang
Research Collection School Of Computing and Information Systems
Cyber-physical systems (CPSs) in critical infrastructure face a pervasive threat from attackers, motivating research into a variety of countermeasures for securing them. Assessing the effectiveness of these countermeasures is challenging, however, as realistic benchmarks of attacks are difficult to manually construct, blindly testing is ineffective due to the enormous search spaces and resource requirements, and intelligent fuzzing approaches require impractical amounts of data and network access. In this work, we propose active fuzzing, an automatic approach for finding test suites of packet-level CPS network attacks, targeting scenarios in which attackers can observe sensors and manipulate packets, but have no existing …
Typestate-Guided Fuzzer For Discovering Use-After-Free Vulnerabilities, Haijun Wang, Xiaofei Xie, Yi Li, Cheng Wen, Yuekang Li, Yang Liu, Shengchao Qin, Hongxu Chen, Yulei Sui
Typestate-Guided Fuzzer For Discovering Use-After-Free Vulnerabilities, Haijun Wang, Xiaofei Xie, Yi Li, Cheng Wen, Yuekang Li, Yang Liu, Shengchao Qin, Hongxu Chen, Yulei Sui
Research Collection School Of Computing and Information Systems
Existing coverage-based fuzzers usually use the individual control flow graph (CFG) edge coverage to guide the fuzzing process, which has shown great potential in finding vulnerabilities. However, CFG edge coverage is not effective in discovering vulnerabilities such as use-after-free (UaF). This is because, to trigger UaF vulnerabilities, one needs not only to cover individual edges, but also to traverse some (long) sequence of edges in a particular order, which is challenging for existing fuzzers. To this end, we propose to model UaF vulnerabilities as typestate properties, and develop a typestate-guided fuzzer, named UAFL, for discovering vulnerabilities violating typestate properties. Given …
Learning-Guided Network Fuzzing For Testing Cyber-Physical System Defences, Yuqi Chen, Christopher M. Poskitt, Jun Sun, Sridhar Adepu, Fan Zhang
Learning-Guided Network Fuzzing For Testing Cyber-Physical System Defences, Yuqi Chen, Christopher M. Poskitt, Jun Sun, Sridhar Adepu, Fan Zhang
Research Collection School Of Computing and Information Systems
The threat of attack faced by cyber-physical systems (CPSs), especially when they play a critical role in automating public infrastructure, has motivated research into a wide variety of attack defence mechanisms. Assessing their effectiveness is challenging, however, as realistic sets of attacks to test them against are not always available. In this paper, we propose smart fuzzing, an automated, machine learning guided technique for systematically finding 'test suites' of CPS network attacks, without requiring any knowledge of the system's control programs or physical processes. Our approach uses predictive machine learning models and metaheuristic search algorithms to guide the fuzzing of …