QSYM: a practical concolic execution engine tailored for hybrid fuzzing

QSYM: a practical concolic execution engine tailored for hybrid fuzzing Yun et al., USENIX Security 2018

There are two main approaches to automated test case generated for uncovering bugs and vulnerabilities: fuzzing and concolic execution. Fuzzing is good at quickly exploring the input space, but can get stuck when trying to get past more complex conditional causes (i.e., when randomly generated inputs are unlikely to satisfy them). Concolic execution, which we saw in action earlier in the week, uses symbolic execution to uncover constraints and pass them to a solver. It can handle complex branch conditions, but it’s much slower. Hybrid fuzzers combine both coverage-guided fuzzing and concolic execution, bringing in the big guns (concolic) when the fuzzer gets stuck. In non-trivial real-world applications though, even the hybrid approach has been too slow. Until now.

For me, the attention grabbing paragraph in this paper is to be found on page 8 (752) in section 5.1. Google’s OSS-Fuzz was previously used to test a number of important real-world applications and libraries including libjpeg, libpng, libtiff, lepton, openjpge, tcpdump, file, libarchive, audiofile, ffmpeg, and binutils.

It is worth noting that Google’s OSS-Fuzz generated 10 trillion test inputs Continue reading

IDG Contributor Network: Are you seeing what I’m seeing?

Enterprises are investing in their networks at an accelerating rate. As legacy IT on-premises infrastructure gives way to hybrid cloud and virtualized environments, and an escalating data tsunami drives data center expansions, increasing investments of time and money are raising the stakes ever higher. Unfortunately, end users’ expectations for service are growing as well, piling additional demands onto network operators and engineers who are already wrestling with network migration challenges.Yet despite the fact that the enterprise networking environment is rapidly changing, IT support teams are still using the same network performance metrics to monitor their networks and evaluate whether or not service delivery is up to par. The problem is that they’re using a one-dimensional tool to measure a subjective experience that tool was not designed to even understand, much less aid in troubleshooting.  It’s kind of like trying to tighten a screw with a hammer.To read this article in full, please click here

IDG Contributor Network: Are you seeing what I’m seeing?

Enterprises are investing in their networks at an accelerating rate. As legacy IT on-premises infrastructure gives way to hybrid cloud and virtualized environments, and an escalating data tsunami drives data center expansions, increasing investments of time and money are raising the stakes ever higher. Unfortunately, end users’ expectations for service are growing as well, piling additional demands onto network operators and engineers who are already wrestling with network migration challenges.Yet despite the fact that the enterprise networking environment is rapidly changing, IT support teams are still using the same network performance metrics to monitor their networks and evaluate whether or not service delivery is up to par. The problem is that they’re using a one-dimensional tool to measure a subjective experience that tool was not designed to even understand, much less aid in troubleshooting.  It’s kind of like trying to tighten a screw with a hammer.To read this article in full, please click here

Vapor IO secures new funding for major U.S. rollout

Vapor IO, the edge computing specialist that builds mini data centers for deployment at locations such as cell phone towers, has secured Series C financing, which the company says will help accelerate the deployment of its Kinetic Edge Platform as a national network for edge colocation.Vapor IO has been all about developing a model for a distributed network of edge colocation sites, with micro modular data centers in containers about the size of a shipping container. The company had been working with Crown Castle, the nation’s largest provider of shared wireless infrastructure, on an edge collaboration project under the name Project Volutus.Vapor IO has now acquired the assets of Project Volutus from Crown Castle and will offer it under the brand name The Kinetic Edge. It uses both wired and wireless connections to create a low-latency network of its colocation sites, allowing cloud providers, wireless carriers and web-scale companies to deliver cloud-based edge computing applications via its data centers.To read this article in full, please click here

Vapor IO secures new funding for major U.S. rollout

Vapor IO, the edge computing specialist that builds mini data centers for deployment at locations such as cell phone towers, has secured Series C financing, which the company says will help accelerate the deployment of its Kinetic Edge Platform as a national network for edge colocation.Vapor IO has been all about developing a model for a distributed network of edge colocation sites, with micro modular data centers in containers about the size of a shipping container. The company had been working with Crown Castle, the nation’s largest provider of shared wireless infrastructure, on an edge collaboration project under the name Project Volutus.Vapor IO has now acquired the assets of Project Volutus from Crown Castle and will offer it under the brand name The Kinetic Edge. It uses both wired and wireless connections to create a low-latency network of its colocation sites, allowing cloud providers, wireless carriers and web-scale companies to deliver cloud-based edge computing applications via its data centers.To read this article in full, please click here

Virtual Cloud Network Deep Dive: Join us in Minneapolis and the Bay Area!

Business moves fast in today’s digital landscape. Applications, services, and data are becoming more distributed, while threats are becoming more sophisticated. From data centers and the cloud to branches and the edge, IT teams are responsible for more environments than ever before, and the complexity is only increasing.

If your IT organization is under pressure to stay productive, increase agility, and help the business innovate, you know that expectations are high. You’re on the hook to:

  • Expand your software fluency and vendor agnostic knowledge for complex, interdependent infrastructures
  • Deliver a seamless and secure cross-cloud networking strategy
  • Keep up with continually changing applications and rapid development lifecycles
  • Identify every threat across environments, no matter how many alerts there are

Traditional, hardware-based approaches to networking and security can’t help you do all that. They’re inflexible and slow-moving; they require time-consuming manual intervention; they can’t connect and protect all the apps your business needs. That’s why it’s time to reinvent the network…in software.

 

Build Your Foundation for a Virtual Cloud Network

Our digital, app-centric world can be daunting, but a programmable network was built to meet these changing demands and evolve right along with them. VMware NSX® delivers the foundation for a Continue reading

1 1,462 1,463 1,464 1,465 1,466 3,833