diff --git a/README.md b/README.md index 9300975..65fce26 100644 --- a/README.md +++ b/README.md @@ -48,6 +48,15 @@ ### NDSS +#### 2023 + +- [Assessing the Impact of Interface Vulnerabilities in Compartmentalized Software, 2023](https://www.ndss-symposium.org/ndss-paper/assessing-the-impact-of-interface-vulnerabilities-in-compartmentalized-software/) - 针对上下文隔离的 API 接口(CIV,这是作者定义的一个概念,主要是指沙箱等隔离环境,应用划分、隔离后,应用的不同部分之间在交互时的控制和数据依赖关系,会在 interface 引入新的漏洞)进行 Fuzzing 的方案。Github 文档描述非常详细,[已开源](https://github.com/conffuzz/conffuzz),当前作者已针对 Okular/ImageMagick/Apache/exif 等诸多软件进行了模糊测试。该项研究来自曼彻斯特大学。 +- [FUZZILLI: Fuzzing for JavaScript JIT Compiler Vulnerabilities, 2023](https://www.ndss-symposium.org/ndss-paper/fuzzilli-fuzzing-for-javascript-jit-compiler-vulnerabilities/) - 谷歌Project Zero安全团队开发的针对 Javascript JIT 引擎进行 Fuzzing 的工具。[已开源](https://github.com/googleprojectzero/fuzzilli)。 +- [No Grammar, No Problem: Towards Fuzzing the Linux Kernel without System-Call Descriptions, 2023](https://www.ndss-symposium.org/ndss-paper/no-grammar-no-problem-towards-fuzzing-the-linux-kernel-without-system-call-descriptions/) - 不用像 Syzkaller 那样编写复杂的系统调用描述,即可对内核进行 Fuzzing 的工具。[FuzzNG 已开源](https://github.com/BUseclab/FuzzNG)。 +- [DARWIN: Survival of the Fittest Fuzzing Mutators, 2023](https://www.ndss-symposium.org/ndss-paper/darwin-survival-of-the-fittest-fuzzing-mutators/) - 来自于上海交通大学的文章,改进优化 AFL 变异算法,通过实验证明比原生 AFL 多出 66% 的安全漏洞,[已开源](https://github.com/TUDA-SSL/DARWIN),很好奇为啥叫 DARWIN 的软件或者工具这么多🐶。 +- [LOKI: State-Aware Fuzzing Framework for the Implementation of Blockchain Consensus Protocols, 2023](https://www.ndss-symposium.org/ndss-paper/loki-state-aware-fuzzing-framework-for-the-implementation-of-blockchain-consensus-protocols/) - 针对区块链共识协议实现模糊测试的方法,来自清华大学,未见开源。 +- [OBSan: An Out-Of-Bound Sanitizer to Harden DNN Executables, 2023](https://www.ndss-symposium.org/ndss-paper/obsan-an-out-of-bound-sanitizer-to-harden-dnn-executables/) - 来自香港大学的研究,针对深度神经网络相关程序的模糊测试,请注意,并不是将神经网络应用在 Fuzzing 中,而是针对神经网络相关应用进行 Fuzzing,[已开源](https://github.com/yanzuochen/obsan)。 + #### 2022 - [Semantic-Informed Driver Fuzzing Without Both the Hardware Devices and the Emulators](https://www.ndss-symposium.org/ndss-paper/auto-draft-248/) (2022): *西安交通大学* ,*赵文佳* 等人提出了一种无设备驱动程序模糊测试系统 DR .FUZZ,它不需要硬件设备对驱动程序进行 Fuzzing。DR .FUZZ 的核心是一种**语义通知机制**,它有效地生成输入以正确构造相关数据结构,以在驱动初始化时通过“验证链”,从而实现后续的无设备驱动程序模糊测试。 diff --git a/README_en.md b/README_en.md index 1913ef6..54a7ef0 100644 --- a/README_en.md +++ b/README_en.md @@ -29,6 +29,12 @@ This chapter contains top-level information security and classic papers in some ### NDSS +- [Assessing the Impact of Interface Vulnerabilities in Compartmentalized Software, 2023](https://www.ndss-symposium.org/ndss-paper/assessing-the-impact-of-interface-vulnerabilities-in-compartmentalized-software/) +- [FUZZILLI: Fuzzing for JavaScript JIT Compiler Vulnerabilities, 2023](https://www.ndss-symposium.org/ndss-paper/fuzzilli-fuzzing-for-javascript-jit-compiler-vulnerabilities/) +- [No Grammar, No Problem: Towards Fuzzing the Linux Kernel without System-Call Descriptions, 2023](https://www.ndss-symposium.org/ndss-paper/no-grammar-no-problem-towards-fuzzing-the-linux-kernel-without-system-call-descriptions/) +- [DARWIN: Survival of the Fittest Fuzzing Mutators, 2023](https://www.ndss-symposium.org/ndss-paper/darwin-survival-of-the-fittest-fuzzing-mutators/) +- [LOKI: State-Aware Fuzzing Framework for the Implementation of Blockchain Consensus Protocols, 2023](https://www.ndss-symposium.org/ndss-paper/loki-state-aware-fuzzing-framework-for-the-implementation-of-blockchain-consensus-protocols/) +- [OBSan: An Out-Of-Bound Sanitizer to Harden DNN Executables, 2023](https://www.ndss-symposium.org/ndss-paper/obsan-an-out-of-bound-sanitizer-to-harden-dnn-executables/) - [MobFuzz: Adaptive Multi-objective Optimization in Gray-box Fuzzing](https://www.ndss-symposium.org/ndss-paper/auto-draft-199/) (2022) - [FirmWire: Transparent Dynamic Analysis for Cellular Baseband Firmware](https://hernan.de/research/papers/firmwire-ndss22-hernandez.pdf) (2022) - [EMS: History-Driven Mutation for Coverage-based Fuzzing](https://nesa.zju.edu.cn/download/lcy_pdf_ems_ndss22.pdf) (2022)