Taint-Based Directed Whitebox Fuzzing

Total Page:16

File Type:pdf, Size:1020Kb

Taint-Based Directed Whitebox Fuzzing Taint-based Directed Whitebox Fuzzing The MIT Faculty has made this article openly available. Please share how this access benefits you. Your story matters. Citation Ganesh, V., T. Leek, and M. Rinard. “Taint-based directed whitebox fuzzing.” Software Engineering, 2009. ICSE 2009. IEEE 31st International Conference on. 2009. 474-484. ©2009 Institute of Electrical and Electronics Engineers. As Published http://dx.doi.org/10.1109/ICSE.2009.5070546 Publisher Institute of Electrical and Electronics Engineers Version Final published version Citable link http://hdl.handle.net/1721.1/59320 Terms of Use Article is made available in accordance with the publisher's policy and may be subject to US copyright law. Please refer to the publisher's site for terms of use. Taint-based Directed Whitebox Fuzzing ∗ Vijay Ganesh† and Tim Leek‡ and Martin Rinard† †MIT Computer Science and Artificial Intelligence Lab, ‡MIT Lincoln Laboratory [email protected], [email protected], [email protected] Abstract systems [17, 23, 16]. It is especially useful for testing input parsing components — the randomly generated We present a new automated white box fuzzing tech- inputs often exercise overlooked corner cases in the ini- nique and a tool, BuzzFuzz, that implements this tech- tial parsing and error checking code. nique. Unlike standard fuzzing techniques, which ran- But fuzz testing (or simply fuzzing) has been less domly change parts of the input file with little or no effective at generating syntactically legal inputs that information about the underlying syntactic structure of expose deeper semantic errors in programs [23, 8] — the file, BuzzFuzz uses dynamic taint tracing to au- for many programs virtually all of the randomly gener- tomatically locate regions of original seed input files ated inputs fail to satisfy the basic syntactic constraints that influence values used at key program attack points that characterize well-formed inputs, and hence fail to (points where the program may contain an error). make it past the initial parsing phase to exercise the BuzzFuzz then automatically generates new fuzzed test remaining code. input files by fuzzing these identified regions of the orig- This paper presents a new testing approach, directed inal seed input files. Because these new test files typi- whitebox fuzz testing, and a new tool, BuzzFuzz,that cally preserve the underlying syntactic structure of the implements this testing approach. Instead of generat- original seed input files, they tend to make it past the ing random inputs that primarily exercise the initial initial input parsing components to exercise code deep input parsing components, directed fuzz testing is de- within the semantic core of the computation. signed to produce well-formed test inputs that exercise We have used BuzzFuzz to automatically find er- code deep within the core semantic processing com- rors in two open-source applications: Swfdec (an Adobe ponents of the program under test. As such, it com- Flash player) and MuPDF (a PDF viewer). Our re- plements random fuzzing and significantly extends the sults indicate that our new directed fuzzing technique reach of automated testing techniques. Directed fuzz can effectively expose errors located deep within large testing is based on the following techniques: programs. Because the directed fuzzing technique uses • Taint Tracing: The program under test executes taint to automatically discover and exploit information on one or more valid sample inputs. The execu- about the input file format, it is especially appropriate tion is instrumented to record taint information. for testing programs that have complex, highly struc- Specifically, the instrumented execution records, tured input file formats. for each value that the program computes, the in- 1 Introduction put bytes that influence that value. • Fuzz testing [17] is a form of automatic, black-box Attack Point Selection: Specific points in the testing which uses a fuzzer to randomly generate or mu- program under test are identified as potential at- tate sample inputs. This technique has been shown to tack points, i.e., locations that may exhibit an er- be surprisingly effective in exposing errors in software ror if the program is presented with an appropri- ate error-revealing input. By default, our imple- ∗This research was supported in part by National Sci- mented BuzzFuzz system selects library and sys- ence Foundation grants CCR-0325283, CNS-0509415, and CCF- tem calls as attack points. BuzzFuzz can also be 0811397, and the Department of Defense under the Air Force Cooperative Agreement FA8750-06-2-0189. The Lincoln Labo- configured, under user control, to select any arbi- ratory portion of this work was sponsored by the Department of trary set of program points as attack points. Defense under the Air Force Contract FA8721-05-C-0002. Opin- • Directed Fuzzing: For each attack point and ions, interpretations, conclusions and recommendations are those of the authors and are not necessarily endorsed by the United each sample input, BuzzFuzz computes the set of States Government. input bytes that affect the values at that attack ICSE’09, May 16-24, 2009, Vancouver, Canada 978-1-4244-3452-7/09/$25.00 © 2009 IEEE 474 point. For library and system calls, for example, the values at the attack point are the parameters Program Attack Points passed to the library or system call. BuzzFuzz Program then generates new inputs as follows: Each new BuzzFuzz Fuzzed Test Inputs input is identical to one of the sample inputs, ex- cept that the input bytes that affect the values Seed Inputs at one or more attack points have been altered. By default, our implemented BuzzFuzz system sets Figure 1. BuzzFuzz Inputs and Outputs. The these bytes to extremal values, e.g., large, small, inputs to BuzzFuzz are: source of a C pro- or zero integer values. BuzzFuzz can also be con- gram, seed inputs, and a list of program at- figured to use different policies such as generating tack points. The output of BuzzFuzz is a set of random values for the corresponding input bytes. fuzzed test inputs for the program under test. • Directed Testing: Finally, BuzzFuzz runs the program under test on the newly generated inputs to see if the inputs expose any errors. calls particularly susceptible to the kind of latent er- This approach has several benefits: rors that our directed fuzzing technique is designed to expose. • Preservation of Syntactic Structure: Di- Experimental Results: We have used BuzzFuzz to rected fuzzing tends to target input bytes that can test several programs that process highly structured be changed without violating the legal syntactic binary data (examples of such data include video, im- structure of the original seed inputs. The auto- ages, document, and sound files). We have found that matically generated fuzzed inputs therefore tend directed fuzzing is able to successfully generate inputs to make it past the initial parsing components to that satisfy complex input consistency constraints and exercise code within the semantic core of the com- make it past the initial input processing components putation. to expose errors at attack points within the semantic • Targeted Values: The altered input bytes are core. More specifically, our results show that BuzzFuzz designed to target values that are directly relevant is able to preserve the syntactic structure present in to specific potential vulnerabilities. The generated the original inputs, generate new inputs that satisfy test suite therefore tends to have a high concen- the key properties that characterize legal inputs, and tration of inputs that can expose errors that may successfully target vulnerabilities deep within the se- exist at these potential vulnerabilities. mantic core of the program under test. In the con- text of programs for processing highly structured in- • Coordinated Changes: Finally, directed puts like movies or documents, BuzzFuzz nicely com- fuzzing can identify and alter multiple disjoint re- plements random fuzzing, since random fuzzing usually gions of the input space that must change together uncovers errors in shallower parts of the program such in a coordinated way to expose the presence of an as input validation code. error. All of the experimental results presented in this pa- One of the keys to making this approach work is per are available at http://people.csail.mit. choosing a set of attack points that tend to have la- edu/vganesh/buzzfuzz.html.Thiswebsitein- tent errors. We have found that library calls can com- cludes the source code for our benchmark applications, prise a particularly productive set of attack points. The the automatically generated test files that expose er- program and library are typically developed by differ- rors in these applications, and the seed test input files ent people operating with different perspectives, infor- that BuzzFuzz started with to generate the test files. mation, and assumptions. This cognitive gap between Inputs and Outputs: Figure 1 illustrates the pro- the program and library developers can easily enable gram inputs and outputs of the BuzzFuzz system. The a range of errors — the program may use the library user provides BuzzFuzz with a program and set of seed in ways that the library developer did not anticipate, input files for that program. BuzzFuzz also accepts a corner cases can become lost or forgotten at the inter- specification of attack points. BuzzFuzz comes precon- face between the program and the library, or the pro- figured with a default attack point specification; The gram developer may simply be unaware of some library user can also provide additional attack point specifica- preconditions. Moreover, the large potential execution tions. Given these inputs, BuzzFuzz instruments the space at library calls can be difficult to adequately ex- source to trace taint information, then runs the instru- plore with standard testing practices, making library mented source on the provided inputs to find out which 475 input file locations influence attack point values.
Recommended publications
  • Flash Mx Actionscript Gratis Epub, Ebook
    FLASH MX ACTIONSCRIPT GRATIS Auteur: Bob van Duuren Aantal pagina's: 242 pagina's Verschijningsdatum: 2002-07-20 Uitgever: Duuren Media, Van EAN: 9789059400108 Taal: nl Link: Download hier Macromedia Flash MX & ActionScripting * Hoe worden beoordelingen berekend? Voor het berekenen van de totale sterrenbeoordeling en de procentuele verdeling per ster gebruiken we geen gewoon gemiddelde. In plaats daarvan houdt ons systeem rekening met zaken als hoe recent een recensie is en of de recensent het item op Amazon heeft gekocht. Verder worden recensies ook geanalyseerd om de betrouwbaarheid te verifiëren. Toprecensies Recentste Toprecensies. Beste recensies uit Nederland. Er zijn 0 recensies en 0 beoordelingen van Nederland. Beste recensies uit andere landen. Vertaal alle beoordelingen naar het Nederlands. Geverifieerde aankoop. This is different. Philip achieves this in his own weighty tome nearly pages! Ze kunnen namelijk niet zonder problemen worden vergroot of verkleind. De afbeelding is voor één schermresolutie opgeslagen. Vergroten kan wel, maar dit gaat ten koste van de scherpte van de afbeelding. Vectorafbeeldingen daarentegen kunnen zonder problemen worden aangepast, omdat de coördinaten wiskundig worden herberekend met als gevolg dat vectorafbeeldingen op alle verschillende media hetzelfde worden getoond. Dit garandeert een uniforme presentatie van de gegevens. Samen met de beperkte omvang van het bestand zorgt dit voor een aantal unieke eigenschappen van Flash. Adobe Flash beschikt over een eigen programmeertaal , ActionScript, waarmee men volwaardige websites en applicaties kan ontwikkelen. In nieuwere versies van Flash, vanaf Flash MX, is het door de toevoeging van het LoadVars-object mogelijk gemaakt gemakkelijker te communiceren met MySQL en PHP , waardoor er een wereld opengegaan is voor het gebruiken van dynamische gegevens.
    [Show full text]
  • Using Replicated Execution for a More Secure and Reliable Web Browser
    Using Replicated Execution for a More Secure and Reliable Web Browser Hui Xue Nathan Dautenhahn Samuel T. King University of Illinois at Urbana Champaign huixue2, dautenh1, kingst @uiuc.edu { } Abstract Unfortunately, hackers actively exploit these vulnerabil- ities as indicated in reports from the University of Wash- Modern web browsers are complex. They provide a ington [46], Microsoft [61], and Google [49, 48]. high-performance and rich computational environment Both industry and academia have improved the se- for web-based applications, but they are prone to nu- curity and reliability of web browsers. Current com- merous types of security vulnerabilities that attackers modity browsers make large strides towards improving actively exploit. However, because major browser plat- the security and reliability of plugins by using sandbox- forms differ in their implementations they rarely exhibit ing techniques to isolate plugins from the rest of the the same vulnerabilities. browser [62, 33]. However, these browsers still scatter In this paper we present Cocktail, a system that uses security logic throughout millions of lines of code, leav- three different off-the-shelf web browsers in parallel to ing these systems susceptible to browser-based attacks. provide replicated execution for withstanding browser- Current research efforts, like Tahoma [32], the OP web based attacks and improving browser reliability. Cock- browser [36], the Gazelle web browser [59], and the Illi- tail mirrors inputs to each replica and votes on browser nois Browser Operating System [58] all propose build- states and outputs to detect potential attacks, while con- ing new web browsers to improve security. Although tinuing to run.
    [Show full text]
  • Flash E Software Libero Stefano Sabatini
    Flash e software libero Stefano Sabatini GULCh Cagliari, 2009-10-24 GULCh - Gruppo Utenti Linux Cagliari - www.gulch.it Stefano Sabatini, Flash e software libero 1 La tecnologia alla base di Flash ● Un file flash / SWF (Small Web Format / ShockWave Format) è interpretato da una macchina virtuale Flash ● I file SWF possono essere interpretati sia da un interprete standalone sia da un plugin inserito all'interno del browser. ● Il linguaggio della VM è orientato alla renderizzazione di animazioni ● Motore di rendering basato su grafica scalare ● Il linguaggio solitamente utilizzato per la programmazione degli SWF è un file Action Script (2 / 3), gli ambiente di sviluppo visuale generano automaticamente il codice (programmazione “visuale”). ● Esistono vari formati del linguaggio della VM (SWF 1– SWF 10). ● L'esecuzione di uno swiff è soggetto a delle restrizioni di sicurezza ● Con la tecnologia AIR (Adobe Integrate Realtime) è possibile utilizzare la stessa teconologia di sviluppo e renderizzazione per applicazioni desktop native (senza le limitazioni di sicurezza di Flash) ● A partire da Flash 10, supporto a un motore 3D Cagliari, 2009-10-24 GULCh - Gruppo Utenti Linux Cagliari - www.gulch.it Stefano Sabatini, Flash e software libero 2 La tecnologia alla base di Flash ● Supporto a stream multimediali: ● Video: On2 VP6 (Flash 8), Sorenson Spark (Flash 6/7), H.264 (Flash 10) ● Audio: MP3, Nellymoser, Speex (Flash 10), ADPCM ● Tecnologia di comunicazione e streaming multimediale (RTMP, RTMPT, RTMPS, RTMPE) Cagliari, 2009-10-24 GULCh - Gruppo Utenti Linux Cagliari - www.gulch.it Stefano Sabatini, Flash e software libero 3 Ambiti di utilizzo di Flash ● Presentazione di elementi multimediali all'interno di pagine web (youtube / vimeo / facebook) ● Inclusione di animazioni all'interno di pagine web (e.g.
    [Show full text]
  • Pipenightdreams Osgcal-Doc Mumudvb Mpg123-Alsa Tbb
    pipenightdreams osgcal-doc mumudvb mpg123-alsa tbb-examples libgammu4-dbg gcc-4.1-doc snort-rules-default davical cutmp3 libevolution5.0-cil aspell-am python-gobject-doc openoffice.org-l10n-mn libc6-xen xserver-xorg trophy-data t38modem pioneers-console libnb-platform10-java libgtkglext1-ruby libboost-wave1.39-dev drgenius bfbtester libchromexvmcpro1 isdnutils-xtools ubuntuone-client openoffice.org2-math openoffice.org-l10n-lt lsb-cxx-ia32 kdeartwork-emoticons-kde4 wmpuzzle trafshow python-plplot lx-gdb link-monitor-applet libscm-dev liblog-agent-logger-perl libccrtp-doc libclass-throwable-perl kde-i18n-csb jack-jconv hamradio-menus coinor-libvol-doc msx-emulator bitbake nabi language-pack-gnome-zh libpaperg popularity-contest xracer-tools xfont-nexus opendrim-lmp-baseserver libvorbisfile-ruby liblinebreak-doc libgfcui-2.0-0c2a-dbg libblacs-mpi-dev dict-freedict-spa-eng blender-ogrexml aspell-da x11-apps openoffice.org-l10n-lv openoffice.org-l10n-nl pnmtopng libodbcinstq1 libhsqldb-java-doc libmono-addins-gui0.2-cil sg3-utils linux-backports-modules-alsa-2.6.31-19-generic yorick-yeti-gsl python-pymssql plasma-widget-cpuload mcpp gpsim-lcd cl-csv libhtml-clean-perl asterisk-dbg apt-dater-dbg libgnome-mag1-dev language-pack-gnome-yo python-crypto svn-autoreleasedeb sugar-terminal-activity mii-diag maria-doc libplexus-component-api-java-doc libhugs-hgl-bundled libchipcard-libgwenhywfar47-plugins libghc6-random-dev freefem3d ezmlm cakephp-scripts aspell-ar ara-byte not+sparc openoffice.org-l10n-nn linux-backports-modules-karmic-generic-pae
    [Show full text]
  • A Detailed Look at Cairo's Opengl Spans Compositor Performance
    A Detailed Look at Cairo's OpenGL Spans Compositor Performance Bryce Harrington – Senior Open Source Developer Samsung Research America (Silicon Valley) [email protected] Open Source Group – Silicon Valley 1 © 2013 SAMSUNG Electronics Co. What is Cairo? 2D pen-based drawing model For both display and print Includes backends for acceleration and for vector output formats Open Source Group – Silicon Valley 2 © 2013 SAMSUNG Electronics Co. http://www.tortall.net/mu/wiki/CairoTutorialhttp://www.tortall.net/mu/wiki/CairoTutorial Open Source Group – Silicon Valley 3 © 2013 SAMSUNG Electronics Co. Where is Cairo Used on the Linux Desktop? GTK+/Pango GNOME, XFCE4 Gnuplot Gnucash $$ apt-cache apt-cache rdepends rdepends libcairo2 libcairo2 | |wc wc -l -l Mozilla 712712 Evince (xpdf) Scribus Inkscape : : : Open Source Group – Silicon Valley 4 © 2013 SAMSUNG Electronics Co. Cairo Backends Format backends Platform backends ps image pdf xlib svg xcb cairo-gl quartz win32 beos Open Source Group – Silicon Valley 5 © 2013 SAMSUNG Electronics Co. Cairo-gl on the Linux Desktop Cairo-gl is not enabled for some distros (e.g. Ubuntu): --enable-gl links cairo to libgl NVIDIA's libgl gets linked to every client app Enormous RAM increase per app running (300%) See Launchpad #725434 Several GL backends supported cairo-gl (OpenGL) - EGL, GLX, WGL glesv2 (OpenGL ES 2.0) - EGL glesv3 (OpenGL ES 3.0) - EGL vg (OpenVG) - EGL, GLX cogl - experimental Open Source Group – Silicon Valley 6 © 2013 SAMSUNG Electronics Co. Cairo-gl Compositors Compositing combines visual elements into a single scene The cairo-gl backend has multiple compositors: MSAA Spans Mask Traps cairo-gl heuristically selects best compositor for operation.
    [Show full text]
  • Jabber SDK 9.2 Open Source Documentation
    Open Source Used In Jabber SDK 9.2 This document contains the licenses and notices for open source software used in this product. With respect to the free/open source software listed in this document, if you have any questions or wish to receive a copy of the source code to which you are entitled under the applicable free/open source license(s) (such as the GNU Lesser/General Public License), please contact us at [email protected]. In your requests please include the following reference number 78EE117C99-34115968 Contents 1.1 AES-128 3.0 1.1.1 Available under license 1.2 APR 1.4.6 1.2.1 Available under license 1.3 APR-UTIL 1.4.1 1.3.1 Available under license 1.4 Base64 not versioned 1.4.1 Available under license 1.5 base64.cpp 1.0 1.5.1 Available under license 1.6 csf2g_boost_1.44-modified 1.44 1.6.1 Available under license 1.7 curl 7.25.0 1.7.1 Available under license 1.8 expat 2.1.0 Open Source Used In Jabber SDK 9.2 1 1.8.1 Available under license 1.9 FireBreath 1.6.0 1.9.1 Available under license 1.10 glib 2.27.1 1.10.1 Available under license 1.11 gstreamer 0.10.35.1 1.11.1 Available under license 1.12 gstreamer-plugins-bad 0.10.22.1 1.12.1 Available under license 1.13 gstreamer-plugins-base 0.10.35.1 1.13.1 Available under license 1.14 gstreamer-plugins-good 0.10.30.1 1.14.1 Available under license 1.15 jQuery 1.4.2 1.15.1 Available under license 1.16 ldns 1.6.13 1.16.1 Available under license 1.17 liboil 0.3.16.1 1.17.1 Available under license 1.18 libxml2 2.7.7 1.18.1 Available under license 1.19 libxml2-2.7.7
    [Show full text]
  • Cisco Jabber for Ipad 9.3 Licensing Documentation
    Open Source Used In Cisco Jabber for iPad 9.3(1) Cisco Systems, Inc. www.cisco.com Cisco has more than 200 offices worldwide. Addresses, phone numbers, and fax numbers are listed on the Cisco website at www.cisco.com/go/offices. Text Part Number: 78EE117C99-38358869 Open Source Used In Cisco Jabber for iPad 9.3(1) 1 This document contains the licenses and notices for open source software used in this product. With respect to the free/open source software listed in this document, if you have any questions or wish to receive a copy of the source code to which you are entitled under the applicable free/open source license(s) (such as the GNU Lesser/General Public License), please contact us at [email protected]. In your requests please include the following reference number 78EE117C99-38358869 Contents 1.1 base64.cpp 1.0 1.1.1 Available under license 1.2 Boost 1.39.0 1.2.1 Available under license 1.3 csf2g_boost_1.44-modified 1.44 1.3.1 Available under license 1.4 curl 7.21.1 1.4.1 Available under license 1.5 Expat XML Parser - expat 1.95.8 1.5.1 Available under license 1.6 glib 2.27.1 1.6.1 Available under license 1.7 gstreamer 0.10.35.1 1.7.1 Available under license 1.8 gstreamer-plugins-bad 0.10.22.1 1.8.1 Available under license 1.9 gstreamer-plugins-base 0.10.35.1 1.9.1 Available under license 1.10 gstreamer-plugins-good 0.10.30.1 1.10.1 Available under license 1.11 libxml2-2.7.7 2.7.7 1.11.1 Available under license 1.12 openldap 2.4.7 1.12.1 Available under license 1.13 OpenSSL 0.9.8l 1.13.1 Notifications Open
    [Show full text]
  • Adobe Flash Digitales Video Steffen Puhlmann 15.06.2012 Gliederung
    Adobe Flash Digitales Video Steffen Puhlmann 15.06.2012 Gliederung •Flash im Überblick •Geschichtliches •Adobe Flash Player, Adobe AIR •Zusammenhänge •Das SWF – Format •ActionScript •Das Flash Video •Das FLV - Format •Das F4V – Format •Kritik und Alternativen Flash im Überblick •Plattform für multimediale, interaktive Inhalte •Darstellung von Vektorgrafiken, Rastergrafiken und Videos •Ermöglicht Life-Streaming •Kann Nutzereingaben verarbeiten •Inhalte werden im SWF – Format gespeichert •Programmierung in ActionScript •Abspielprogramm erforderlich Einsatzgebiete •Eigentlich: •Animationswerkzeug •Früher: •Intro-Animationen • Werbebanner •Später: •Rich Internet Applications •Video Streaming •GIF Ersatz •Aktuell: •3D Browsergames Einsatzgebiete ff. Beispiel zeigen! Geschichtliches •1995: FutureWave entwickelt SmartSketch und FutureSplash •1996: Macromedia übernimmt FutureWave •FutureSplash -> Flash •Abspielprogramm: Shockwave Flash Player •1997: Flash Versionen 1 und 2 •1999: Mit Version 4: ActionScript •bis 2004: Verbesserungen vor allem bei ActionScript •2005: Adobe kauft Macromedia für 3,4 Mrd. US-Dollar •2008: Spezifikationen werden offengelegt •2011: 3D Inhalte, 64-Bit, keine Mobilgeräte Adobe Flash Player •Von Macromedia entwickelt •Plattformunabhängiges Abspielprogramm •Multimedia und interaktive Applikationen •3 Möglichkeiten •Web Browser Plug in •Standalone Player •Projector •Spielt SWF – Dateien ab •Ab Flash 6: auch FLV via RTMP – Streaming Server •Ab Flash 7: auch über HTTP - Webserver •Ab Flash 9: auch F4V •Flash Player überprüft
    [Show full text]
  • Instrucciones Para La Preparación De Ponencias Para Informática
    CAZABE: HERRAMIENTA DE AUTOR LIBRE PARA FLASH CAZABE: FREE AUTHORING TOOL FOR FLASH Darien Alonso Camacho Joven Club de Computación y Electrónica, Cuba, [email protected], Colón #222A Sagua la Grande, Villa Clara RESUMEN Cazabe could be useful to designers, cartoons El presente documento refleja un estudio makers and software developers. It might avoid realizado acerca de las opciones para la creación paying for licence of proprietary software. de animaciones y software multimedia usando tecnología flash sobre plataformas GNU/Linux. KeyWords: Flash, free software, linux, open Dada la ausencia de un entorno de desarrollo source integrado para flash en este sistema operativo, se comenzó un proyecto práctico e investigativo que permita suplir esta carencia. Se concibió un 1. INTRODUCCIÓN desarrollo colaborativo, de software libre y código Cuando en el año 2009 fueron creados los abierto, con resultados satisfactorios en la Grupos de Desarrollo de Software en los Joven implementación de la herramienta debido a que Club de Computación y Electrónica (JCCE) de se obtuvo una versión preliminar pero funcional de Cuba, se informó por parte de la dirección que el la misma. perfil de trabajo de los mismos sería el desarrollo Cazabe puede ser útil para diseñadores, de software multimedia y juegos. La plataforma animadores y desarrolladores de software en flash es ampliamente usada en entornos Microsoft general y además evitará el pago de licencias de Windows para la creación de este tipo de programas propietarios de este tipo. programas, sin embargo, al intentar usar únicamente software de código abierto para este Palabras Clave: Flash, software libre, linux, propósito, se llegó a la conclusión de que no código abierto existe una herramienta, distribuida bajo alguna licencia de software libre, que sea lo suficientemente usable para cumplir en tiempo ABSTRACT con un proyecto de envergadura.
    [Show full text]
  • Ubuntu: Powerful Hacks and Customizations
    Hacks, tips, and tricks to Krawetz put your OS into overdrive ubuntu Whether it’s speed, glitz, sounds, or security, you want to get the most out of your Ubuntu Linux system. This book shows you how to do just that. You’ll fi nd out how to customize the user interface, implement networking tools, optimize video, and more. You’ll then be able to build on these hacks to further tune, tweak, and customize Ubuntu to meet all your needs. The basic Ubuntu system is good, but with a few modifi cations, it can be made great. This book is packed with techniques that will help you: • Choose the right options when installing Ubuntu onto a Netbook, server, or other system • Install fi les for interoperability and collaborate with non-Linux systems • Tune the operating system for optimal performance ® • Enhance your graphics to take them to the next level Powerful Hacks and Customizations Powerful • Navigate the desktop, manage windows, and multitask between applications • Check for vulnerabilities and prevent undesirable access • Learn tricks to safely opening up the system with external network services Neal Krawetz, PhD, is a computer security professional with experience in computer forensics, ® profi ling, cryptography and cryptanalysis, artifi cial intelligence, and software solutions. Dr. Krawetz’s company, Hacker Factor, specializes in uncommon forensic techniques and anti-anonymity technologies. He has confi gured Ubuntu on everything from personal workstations to mission-critical servers. ubuntu Visit our Web site at www.wiley.com/compbooks $39.99 US/$47.99 CAN Powerful Hacks and Customizations ISBN 978-0-470-58988-5 Neal Krawetz Operating Systems / Linux Ubuntu® Powerful Hacks and Customizations Dr.
    [Show full text]
  • Automatic Error Elimination by Multi-Application Code Transfer Stelios Sidiroglou-Douskos, Eric Lahtinen, Fan Long, Paolo Piselli, and Martin Rinard
    Computer Science and Artificial Intelligence Laboratory Technical Report MIT-CSAIL-TR-2014-024 October 22, 2014 Automatic Error Elimination by Multi-Application Code Transfer Stelios Sidiroglou-Douskos, Eric Lahtinen, Fan Long, Paolo Piselli, and Martin Rinard massachusetts institute of technology, cambridge, ma 02139 usa — www.csail.mit.edu Automatic Error Elimination by Multi-Application Code Transfer Stelios Sidiroglou-Douskos Eric Lahtinen Fan Long Paolo Piselli Martin Rinard August 11, 2014 ABSTRACT • Error Discovery: pDNA works with a seed input that does not trigger the error and a related input We present pDNA, a system for automatically transfer- that does trigger the error. pDNA currently uses the ring correct code from donor applications into recipient DIODE integer overflow discovery tool, which starts applications to successfully eliminate errors in the recipi- with a seed input, then uses instrumented executions ent. Experimental results using three donor applications of the recipient program to find related inputs that to eliminate seven errors in four recipient applications trigger integer overflow errors at critical memory al- highlight the ability of pDNA to transfer code across appli- location sites. cations to eliminate otherwise fatal integer overflow errors • Donor Selection: pDNA next uses instrumented ex- at critical memory allocation sites. Because pDNA works ecutions of other systems that can process the same with binary donors with no need for source code or sym- inputs to find a donor that processes both the seed and bolic information, it supports a wide range of use cases. error-triggering inputs successfully. The hypothesis To the best of our knowledge, pDNA is the first system is that the donor contains a check, missing in the re- to eliminate software errors via the successful transfer of cipient, that enables it to process the error-triggering correct code across applications.
    [Show full text]
  • How to Install Software Page 1 of 6
    How to Install Software Page 1 of 6 HOW TO INSTALL SOFTWARE A. Howlett, 8 September 2004 Debian Packages A GNU/Linux system includes hundreds of Free and Open Source Software projects. For instance, the Linux kernel is a Free Software project, OpenOffice is an Open Source software project, the XFree86 Window system is an Open Source software project, and the K Desktop Environment is a Free Software project.. You could download the source code for each of these projects, compile the program and install it. Some people do that, but it requires a lot of skill and takes a long time. Another way is to let someone else compile everything and you just copy the resulting “stuff” - manual pages, shared library files, executable binary files, and so on – to your computer. There are several problems with these precompiled binary files. Most importantly, the precompiled binary might require other files on the original computer. For instance, if you compile the mplayer multimedia player, then you must have aalib1, xlibs, libncurses, and about twenty other software projects on your system. If you then copy the mplayer binary to another computer, all those other projects must be copied over also. Almost every project depends upon other projects. Before you can use the binaries from one software project, you need to know which other binaries to install – the project's dependencies. The Debian Project overcame this problem by creating the Debian Package system. Debian Project volunteers compile the software projects and build all the binaries, documentation and so forth into a debian package file.
    [Show full text]