Ecosyste.ms: Awesome

An open API service indexing awesome lists of open source software.

Awesome Lists | Featured Topics | Projects

https://github.com/panda-re/lava

LAVA: Large-scale Automated Vulnerability Addition
https://github.com/panda-re/lava

Last synced: 24 days ago
JSON representation

LAVA: Large-scale Automated Vulnerability Addition

Awesome Lists containing this project

README

        

# LAVA: Large Scale Automated Vulnerability Addition

Evaluating and improving bug-finding tools is currently difficult due to
a shortage of ground truth corpora (i.e., software that has known bugs
with triggering inputs). LAVA attempts to solve this problem by
automatically injecting bugs into software. Every LAVA bug is
accompanied by an input that triggers it whereas normal inputs are
extremely unlikely to do so. These vulnerabilities are synthetic but, we
argue, still realistic, in the sense that they are embedded deep within
programs and are triggered by real inputs. Our work forms the basis of
an approach for generating large ground-truth vulnerability corpora on
demand, enabling rigorous tool evaluation and providing a high-quality
target for tool developers.

LAVA is the product of a collaboration between MIT Lincoln Laboratory,
NYU, and Northeastern University.

# Quick Start

On a system running Ubuntu 16.04, with the appropriate dependencies installed
(see [docs/setup.md](docs/setup.md) for details), you should be able to just
run `python2 setup.py`. Note that this install script will install packages
and make changes to your system. Once it finishes, you should have
[PANDA](https://github.com/panda-re/panda) installed into `panda/build/`
(PANDA is used to perform dynamic taint analysis).

Next, run `init-host.py` to generate a `host.json`.
This file is used by LAVA to store settings specific
to your machine. You can edit these settings as necessary, but the default
values should work.

Project configurations are located in the `target_configs` directory, where
every configuration is located at `target_configs/projectname/projectname.json`.
Paths specified within these configuration files are relative to values set
in your `host.json` file.

Finally, you can run `./scripts/lava.sh` to actually inject bugs
into a program. Just provide the name of a project that is in the
`target_configs` directory, for example:

```
./scripts/lava.sh toy
```

You should now have a buggy copy of toy!

If you want to inject bugs into a new target, you will likely need to make some
modifications. Check out [How-to-Lava](docs/how-to-lava.md) for guidance.

# Documentation
Check out the [docs](docs/) folder to get started.

# Current Status
## Version 2.0.0

Expected results from test suite:
```
Project RESET CLEAN ADD MAKE TAINT INJECT COMP
blecho PASS PASS PASS PASS PASS PASS PASS
libyaml PASS PASS PASS PASS PASS PASS PASS
file PASS PASS PASS PASS PASS PASS PASS
toy PASS PASS PASS PASS PASS PASS PASS
pcre2 PASS PASS PASS PASS PASS PASS PASS
jq PASS PASS PASS PASS PASS PASS PASS
grep PASS PASS PASS PASS PASS FAIL
libjpeg PASS PASS PASS PASS FAIL
tinyexpr PASS PASS PASS PASS FAIL
duktape PASS PASS PASS FAIL
tweetNaCl PASS PASS FAIL
gzip FAIL
```

# Authors

LAVA is the result of several years of development by many people; a
partial (alphabetical) list of contributors is below:

* Andy Davis
* Brendan Dolan-Gavitt
* Andrew Fasano
* Zhenghao Hu
* Patrick Hulin
* Amy Jiang
* Engin Kirda
* Tim Leek
* Andrea Mambretti
* Wil Robertson
* Aaron Sedlacek
* Rahul Sridhar
* Frederick Ulrich
* Ryan Whelan