Corpus ID: 51904605

Chaff Bugs: Deterring Attackers by Making Software Buggier

  title={Chaff Bugs: Deterring Attackers by Making Software Buggier},
  author={Zhenghao Hu and Yu Hu and Brendan Dolan-Gavitt},
Sophisticated attackers find bugs in software, evaluate their exploitability, and then create and launch exploits for bugs found to be exploitable. Most efforts to secure software attempt either to eliminate bugs or to add mitigations that make exploitation more difficult. In this paper, we introduce a new defensive technique called chaff bugs, which instead target the bug discovery and exploit creation stages of this process. Rather than eliminating bugs, we instead add large numbers of bugs… Expand
Fuzzification: Anti-Fuzzing Techniques
A new mitigation approach that helps developers protect the released, binary-only software from attackers who are capable of applying state-of-the-art fuzzing techniques, and discusses the robustness of FUZZIFICATION techniques against adversarial analysis techniques. Expand
An Empirical Study on Benchmarks of Artificial Software Vulnerabilities
This work performs an empirical study on three artificial vulnerability benchmarks - LAVA-M, Rode0day and CGC and various real-world memory- corruption vulnerabilities and proposes a model to depict the properties of memory-corruption vulnerabilities. Expand


EvilCoder: automated bug insertion
This paper proposes EvilCoder, a system to automatically find potentially vulnerable source code locations and modify the source code to be actually vulnerable, so that exploitation becomes possible and is supported by future bug-finding techniques. Expand
Driller: Augmenting Fuzzing Through Selective Symbolic Execution
Driller is presented, a hybrid vulnerability excavation tool which leverages fuzzing and selective concolic execution in a complementary manner, to find deeper bugs and mitigate their weaknesses, avoiding the path explosion inherent in concolic analysis and the incompleteness of fuzzing. Expand
From Patches to Honey-Patches: Lightweight Attacker Misdirection, Deception, and Disinformation
A methodology is proposed for reformulating a broad class of security patches into honey-patches - patches that offer equivalent security but that frustrate attackers' ability to determine whether their attacks have succeeded or failed. Expand
LAVA: Large-Scale Automated Vulnerability Addition
LAVA, a novel dynamic taint analysis-based technique for producing ground-truth corpora by quickly and automatically injecting large numbers of realistic bugs into program source code, forms the basis of an approach for generating large ground- Truth vulnerability corpora on demand, enabling rigorous tool evaluation and providing a high-quality target for tool developers. Expand
Fox in the trap: thwarting masqueraders via automated decoy document deployment
A placement application that automates the deployment of decoy documents and it is indicated that the automated decoy distribution tool is capable of strategically placing decoy files in a way that offers comparable security to optimal manual deployment. Expand
Manufacturing cheap, resilient, and stealthy opaque constructs
The design of a Java code obfuscator is described, a tool which - through the application of code transformations - converts a Java program into an equivalent one that is more difficult to reverse engineer. Expand
Software decoys for insider threat
A software-based decoy system that aims to deceive insiders, to detect the exfiltration of proprietary source code and generates believable Java source code that appear to an adversary to be entirely valuable proprietary software is proposed. Expand
Escaping the Fuzz - Evaluating Fuzzing Techniques and Fooling them with Anti-Fuzzing
Fuzzing is used to find vulnerabilities in applications by sending garbled data as input and then monitoring the application for crashes. Over the years, this simple technique has evolved to anExpand
Repeatable Reverse Engineering with PANDA
We present PANDA, an open-source tool that has been purpose-built to support whole system reverse engineering. It is built upon the QEMU whole system emulator, and so analyses have access to all codeExpand
Control-flow integrity
Control-Flow Integrity provides a useful foundation for enforcing further security policies, as it is demonstrated with efficient software implementations of a protected shadow call stack and of access control for memory regions. Expand