[Review] How IoT Re-using Threatens Your Sensitive Data: Exploring the User-Data Disposal in Used IoT Devices

[Review] How IoT Re-using Threatens Your Sensitive Data: Exploring the User-Data Disposal in Used IoT Devices

Link here

This paper performs the first in-depth investigation on the user-data disposal of used IoT devices, and finds that:

  1. Most users lack the awareness of disposing used IoT devices.
  2. IoT devices collect more sensitive data than users expect, and current data protections of used IoT devices are inadequate.
  3. The disposal methods of used IoT devices are often ineffective.

Implementation:

RQ1: Which kinds of sensitive data reside in used IoT devices?

RQ2: Which methods can be used to dispose of sensitive data?

RQ3: Are existing disposal methods effective in erasing the sensitive data?

Read more
[Review] MINER: A Hybrid Data-Driven Approach for REST API Fuzzing

[Review] MINER: A Hybrid Data-Driven Approach for REST API Fuzzing

Link here

This paper proposed a new approach for API fuzzing, which:

  1. Focuses more on the long sequence query.
  2. Induces a customized attention model to support fuzzing process.
  3. Implements a new data-driven security rule checker to capture the new kind of errors caused by undefined parameters.

[1]: REST standard, usually including GET, POST, PUT, DELETE.

Motivation:

Cloud service testing is important, but early works(like RESTler) fail to generate long request sequence for testing, which is not enough to detect deep errors hidden in hard-to-reach states of cloud services. MINER applies length oriented mechanisms to generate long request sequence, and applies a attention model to help pass the semantic checking. Further more, it applies a data-driven security rule checker to capture the new kind of errors caused by undefined parameters.

Read more
[Review] Testing Database Engines via Pivoted Query Synthesis

[Review] Testing Database Engines via Pivoted Query Synthesis

Link here

This paper aims to detect the logic bugs in the DBMSs. In this paper, logic bugs are defined as bugs that cause a query to return an incorrect result without crashing the DBMS. It randomly selects a row from the table(called pivot row) and syntheses a query whose result should contain the selected row, and then sends the query to the DBMS. By checking if the pivot row is contained in the result, we will know if there is a logic bug.

Motivation:

Logic bugs in DBMSs are hard to find. While former logic bugs detector RAGS applying differential testing to itself, there are still a lot of problems because of and the . So SQLancer is proposed to tackle this problem.

Read more
[Review] Squirrel: Testing Database Management Systems with Language Validity and Coverage Feedback

[Review] Squirrel: Testing Database Management Systems with Language Validity and Coverage Feedback

Link here

This paper proposes a new recipe to detect the DBMSs crash.

It’s difficult to ensure the syntactic and semantic correctness when fuzzing the DBMSs, and former methods(mutation-based fuzzers, generation-based fuzzers) are not eligible for it. Mutation-based fuzzers are not able to ensure the syntactic and semantic correctness, and generation-based fuzzers can guarantee the syntax correctness of the inputs, but it does utilize any feedback.

Implementation:

  • Change the SQL query into IR(a representation methods proposed in the paper), using AST(Abstract Syntax Tree).
Read more
My thoughts towards this blog

My thoughts towards this blog

It has been quite a long time since last time I wrote on my blog. The heavy school work makes me hard to breathe, so some topics were suspended(like CSAPP and ITA). But maybe I am not going to keep them alive because they are not my concentration right now. After nearly two years, I’ve already known some basic algorithms and data structures, and the knowledge of computer system was also taught by my teacher.

This semester, I start to do some research. Unlike daily study, I think it’s better to take some notes after reading every paper. And I think it’s quite necessary to record my get-to-research process, which may be helpful to people behind. I start to research almost all by myself, so my experience may be instructive to those who is in the same position.

Anyway, this blog is all for recording. I don’t expect a lot of people to come and learn a lot (actually mainly for myself).

(Please forgive me for my poor English writing skills.)




x86汇编学习笔记

x86汇编学习笔记

cbw:把AL扩充成AX,扩充时要考虑负数

cwd:把AX扩充成DX:AX,扩充时要考虑负数

cdq:把EAX扩充成EDX:EAX,扩充时要考虑负数

一般用于放大被除数,为之后的除法做准备



movsx:符号扩充

movzx:零扩充

1
2
movsx ax, al ;将al符号扩充成ax
movzx ax, al ;将al零扩充成ax



Read more
《算法导论》ITA(一)归并排序

《算法导论》ITA(一)归并排序

  • 时间复杂度:O(nlogn)
  • 归并排序完全遵循分治模式,直观上操作如下
    • 分解:分解待排序的n个元素的序列成各具n/2个元素的两个子序列
    • 解决:使用归并排序递归排序两个子序列
    • 合并:合并两个已排序的子序列以产生已排序的答案
  • 在子序列元素个数为1时直接返回
Read more
《深入理解计算机系统》CSAPP(二)
《深入理解计算机系统》CSAPP(一)
《算法导论》ITA 前言

《算法导论》ITA 前言

后天就要回学校了,寒假是真的要结束了,可我又开了一个坑…
本来在看着CSAPP的网课,后来发现网课讲的还是不够详细,真要学还得是看书,于是我关掉了课程,捡起了书本。

Read more