Link here

This paper performs the first in-depth investigation on the user-data disposal of used IoT devices, and finds that:

1. Most users lack the awareness of disposing used IoT devices.
2. IoT devices collect more sensitive data than users expect, and current data protections of used IoT devices are inadequate.
3. The disposal methods of used IoT devices are often ineffective.

Implementation:

RQ1: Which kinds of sensitive data reside in used IoT devices?

RQ2: Which methods can be used to dispose of sensitive data?

RQ3: Are existing disposal methods effective in erasing the sensitive data?

Link here

This paper proposed a new approach for $REST^{1}$ API fuzzing, which:

1. Focuses more on the long sequence query.
2. Induces a customized attention model to support fuzzing process.
3. Implements a new data-driven security rule checker to capture the new kind of errors caused by undefined parameters.

[1]: REST standard, usually including GET, POST, PUT, DELETE.

Motivation:

Cloud service testing is important, but early works(like RESTler) fail to generate long request sequence for testing, which is not enough to detect deep errors hidden in hard-to-reach states of cloud services. MINER applies length oriented mechanisms to generate long request sequence, and applies a attention model to help pass the semantic checking. Further more, it applies a data-driven security rule checker to capture the new kind of errors caused by undefined parameters.

Link here

This paper aims to detect the logic bugs in the DBMSs. In this paper, logic bugs are defined as bugs that cause a query to return an incorrect result without crashing the DBMS. It randomly selects a row from the table(called pivot row) and syntheses a query whose result should contain the selected row, and then sends the query to the DBMS. By checking if the pivot row is contained in the result, we will know if there is a logic bug.

Motivation:

Logic bugs in DBMSs are hard to find. While former logic bugs detector RAGS applying differential testing to itself, there are still a lot of problems because of $DBMSs'$ $dialects^{1}$ and the $common$ $bugs^{2}$. So SQLancer is proposed to tackle this problem.

Link here

This paper proposes a new recipe to detect the DBMSs crash.

It’s difficult to ensure the syntactic and semantic correctness when fuzzing the DBMSs, and former methods(mutation-based fuzzers, generation-based fuzzers) are not eligible for it. Mutation-based fuzzers are not able to ensure the syntactic and semantic correctness, and generation-based fuzzers can guarantee the syntax correctness of the inputs, but it does utilize any feedback.

Implementation:

• Change the SQL query into IR(a representation methods proposed in the paper), using AST(Abstract Syntax Tree).

It has been quite a long time since last time I wrote on my blog. The heavy school work makes me hard to breathe, so some topics were suspended(like CSAPP and ITA). But maybe I am not going to keep them alive because they are not my concentration right now. After nearly two years, I’ve already known some basic algorithms and data structures, and the knowledge of computer system was also taught by my teacher.

This semester, I start to do some research. Unlike daily study, I think it’s better to take some notes after reading every paper. And I think it’s quite necessary to record my get-to-research process, which may be helpful to people behind. I start to research almost all by myself, so my experience may be instructive to those who is in the same position.

Anyway, this blog is all for recording. I don’t expect a lot of people to come and learn a lot (actually mainly for myself).

(Please forgive me for my poor English writing skills.)

cbw：把AL扩充成AX，扩充时要考虑负数

cwd：把AX扩充成DX:AX，扩充时要考虑负数

cdq：把EAX扩充成EDX:EAX，扩充时要考虑负数

一般用于放大被除数，为之后的除法做准备

movsx：符号扩充

movzx：零扩充

1
2

movsx ax, al ;将al符号扩充成ax
movzx ax, al ;将al零扩充成ax

• 时间复杂度：O(nlogn)
• 归并排序完全遵循分治模式，直观上操作如下
  • 分解：分解待排序的n个元素的序列成各具n/2个元素的两个子序列
  • 解决：使用归并排序递归排序两个子序列
  • 合并：合并两个已排序的子序列以产生已排序的答案
• 在子序列元素个数为1时直接返回

• 无符号编码
  • 表示≥0的数字
• 补码编码
  • 表示有符号整数
• 浮点数编码
  • 表示实数的科学计数法的以2为基数的版本

信息就是位+上下文

• 8位为一字节
• 只有ASCLL字符构成的文件称为文本文件，所有其他文件都称为二进制文件
• 系统中所有信息都是由一串比特表示的，仅靠数据对象的上下文进行区分
  

后天就要回学校了，寒假是真的要结束了，可我又开了一个坑…
本来在看着CSAPP的网课，后来发现网课讲的还是不够详细，真要学还得是看书，于是我关掉了课程，捡起了书本。