[fuzzing] PROTOS Genome Test Suite c10-archive
eugaaa
eugaaa at gmail.com
Mon Mar 17 17:11:29 CDT 2008
I wonder what AV heuristics engines are currently doing to prevent this
type of exploitation? Is there a good paper on heuristic container
protection?
On Mon, 2008-03-17 at 18:04 +0200, Heikki Kortti wrote:
> Hullo everyone,
>
> in case anyone is looking for a diversion from the admittedly
> fascinating certification discussion, this might provide some food for
> thought:
>
> <URL:http://www.ee.oulu.fi/research/ouspg/protos/testing/c10/archive/>
>
> Abstract:
>
> "Archive formats are used to serialise a set of files and directories
> into a single byte stream, usually applying a form of compression in
> the process. The archive files can then be stored or transmitted on
> various media conveniently and economically, and later extracted. The
> use of archiving formats is ubiquitous in transmitting files over
> email and in distribution of software, among other areas. The present
> set of archive formats were chosen as the subject protocols for
> vulnerability assessment through structure inference directed fuzzing
> and test suite creation. A list of frequently observed archiving
> formats was drawn up. Test material was prepared and tests were
> carried out against a sample set of existing anti-virus
> programs. Results were gathered. Most of the implementations available
> for evaluation failed to perform in a robust manner under test. Some
> failures had information security implications, and should be
> considered as vulnerabilities. In order to achieve a robustness
> baseline for archival products, this test material should be adopted
> for their evaluation and development. Anti-virus and other security
> products employing archive formats should be considered the most
> important subjects in this respect."
>
> Disclaimer: I did not have anything to do with this, all kudos goes to
> the fine folks at OUSPG.
>
More information about the fuzzing
mailing list