Introduction
SPEC CPU 2006 (document is here) is a frequently used benchmark in low level security. Here is the benchmark list of SPEC CPU Integer Benchmarks:
Tool Learning 2 - Migrate ChakraCore to Fuzzilli
Add Extra Target to Fuzzilli
In addition to the existing targets in Fuzzilli's github repo, we can add extra targets, and make fuzzilli works on more JavaScript Engine.
Tool Learning 1 - Use Fuzzilli on Real Target
Fuzzing on Real Target
In this post, I will begin to use fuzzilli and try on the present supported targets. Section 4 I took note of some information about some background knowledge of swift.
Tool Learning 0 - Basic Knowledge of Fuzzilli
Introduction
Fuzzing is a practical, widely-deployed technique to find bugs in complex, real-world programs like JavaScript engines. Some researchers (Park et al., 2020) nowadays have conducted research on this topic and make their attention to some commercial application.
Thus, to learn how to fuzz on JS engine, firstly I need to pay my attention to a open source project. My choice is Fuzzilli. In this post, I will record the experience of learning Fuzzilli, and my attempt to implement this to Chakracore (which is a open source JSE implemented in Edge broswer).
Paper Reading 4 - PCKV: Locally Differentially Private Correlated Key-Value Data Collection with Optimized Utility
One sentence summary
The author proposed a new framework to solving some limitations in PrivKVM, achieving good experiment results on 4 real world dataset.
Paper Reading 3 - A Generic Technique for Automatically Finding Defense-Aware Code Reuse Attacks
One sentence summary
The author proposed Limbo, a new framework for automatically discovering defense-awre code in executables, which overcome the defect that the current defend-aware attacks exists (the feasibility are very are very dependent on the behaviors of the attacked program).
Paper Reading 2 - Semantic-based Patch Presence Testing for Downstream Kernels
One sentence summary
The author proposed PDiff, which is a reliable patch presence testing for downstream kernels, to solve the two main challenges (third-party customization and non-standard building configurations) in existing testing method.
Paper Reading 1 - All You Ever Wanted to Know About x86/x64 Binary Disassembly But Were Afraid to Ask
One sentence summary
The author systematize binary disassembly through the study of nine popular, open-source tools, and try to figure out three important questions.
Paper Reading 0 - where2change
One sentence summary
Proposed a method to advanced Palomba et al.'s work on extracting useful information from user reviews to main and evolve mobile apps.