Class Central is learner-supported. When you buy through links on our site, we may earn an affiliate commission.

YouTube

Fuzzing JavaScript Engines with Aspect-Preserving Mutation

IEEE via YouTube

Overview

Explore advanced techniques for fuzzing JavaScript engines through a conference talk that delves into aspect-preserving mutation. Learn about the challenges of finding JavaScript bugs and the special conditions required to uncover new vulnerabilities from existing ones. Discover the DIE (Dynamic analysis, Input generation, and Execution) overview, including preprocessing for typed-AST, type analysis through dynamic and static methods, and input generation. Examine aspect-preserving mutation techniques, focusing on type-preserving and structure-preserving mutations. Gain insights into the implementation process, real-world fuzzing of JS engines, and evaluation of the effectiveness of leveraging aspects. Analyze a case study on CVE-2019-0990 and compare the presented approach with state-of-the-art fuzzers. Enhance your understanding of advanced security testing methodologies for JavaScript engines in this informative IEEE presentation.

Syllabus

Everyone uses web browser (+ JS engine)
Finding JS bugs is hard
Motivating example • Special conditions are necessary to discover new bug from old ones
Aspects
DIE overview
Preprocessing for typed-AST
Type Analysis: dynamic analysis
Type Analysis: static analysis
Input generation
Aspect-preserving mutation
Type-preserving mutation
Structure-preserving mutation
Execution with instrumented JS engine
Implementation
Fuzzing JS engines in the wild
Evaluation: effectiveness of leveraging aspect
Case study: CVE-2019-0990
Evaluation: aspect preserving
Evaluation: validity of generated input
Evaluation: comparison w/ state-of-the-art fuzzers
Conclusion

Taught by

IEEE Symposium on Security and Privacy

Reviews

Start your review of Fuzzing JavaScript Engines with Aspect-Preserving Mutation

Never Stop Learning.

Get personalized course recommendations, track subjects and courses with reminders, and more.

Someone learning on their laptop while sitting on the floor.