公开(公告)号：US08417998B2

公开(公告)日：2013-04-09

申请号：US12794781

申请日：2010-06-07

Applicant: Gavin Shane Thomas ,  Nitin Kumar Goel ,  Mark Wodrich

Inventor： Gavin Shane Thomas ,  Nitin Kumar Goel ,  Mark Wodrich

IPC: G06F11/263 ,  G06F11/00

CPC classification number: G06F11/3636 ,  G06F11/3684 ,  G06F21/577

Abstract: Technologies are described herein for performing targeted, black-box fuzzing of input data for application testing. A dataflow tracing module traces an application while it reads and processes a set of template data to produce operation mapping data that maps data locations in the template data to operations performed by the application in processing the data at the location. The tracing is performed without requiring the application source code, knowledge of the syntactical structure of the input data, or specially instrumented binaries for the application. A fuzzing module is then utilized to target a specific operation or operations in the application by fuzzing data locations within the template data according to the operation mapping data until the desired outcome is achieved.

Abstract translation: 本文描述了技术，用于执行用于应用测试的输入数据的目标黑盒模糊。 数据流跟踪模块在读取和处理一组模板数据时跟踪应用程序，以产生将模板数据中的数据位置映射到应用程序执行的操作的操作映射数据，以处理该位置的数据。 执行跟踪，而不需要应用程序源代码，输入数据的语法结构的知识或应用程序的特殊检测的二进制文件。 然后，利用模糊模块来根据操作映射数据通过模糊数据位置来模拟应用程序中的特定操作或操作，直到达到期望的结果。

公开(公告)号：US20110302455A1

公开(公告)日：2011-12-08

申请号：US12794781

申请日：2010-06-07

Applicant: Gavin Shane Thomas ,  Nitin Kumar Goel ,  Mark Wodrich

Inventor： Gavin Shane Thomas ,  Nitin Kumar Goel ,  Mark Wodrich

IPC: G06F11/00 ,  G06N5/02

CPC classification number: G06F11/3636 ,  G06F11/3684 ,  G06F21/577

Abstract: Technologies are described herein for performing targeted, black-box fuzzing of input data for application testing. A dataflow tracing module traces an application while it reads and processes a set of template data to produce operation mapping data that maps data locations in the template data to operations performed by the application in processing the data at the location. The tracing is performed without requiring the application source code, knowledge of the syntactical structure of the input data, or specially instrumented binaries for the application. A fuzzing module is then utilized to target a specific operation or operations in the application by fuzzing data locations within the template data according to the operation mapping data until the desired outcome is achieved.

Abstract translation: 本文描述了技术，用于执行用于应用测试的输入数据的目标黑盒模糊。 数据流跟踪模块在读取和处理一组模板数据时跟踪应用程序，以产生将模板数据中的数据位置映射到应用程序执行的操作的操作映射数据，以处理该位置的数据。 执行跟踪，而不需要应用程序源代码，输入数据的语法结构的知识或应用程序的特殊检测的二进制文件。 然后，利用模糊模块来根据操作映射数据通过模糊数据位置来模拟应用程序中的特定操作或操作，直到达到期望的结果。

公开(公告)号：US20130111587A1

公开(公告)日：2013-05-02

申请号：US13283353

申请日：2011-10-27

Applicant: Nitin Kumar Goel ,  Kenneth D. Johnson ,  Matthew Ryan Miller ,  Navin Narayan Pai ,  Grzegorz M. Wroblewski ,  Gregory Justice Riggs

Inventor： Nitin Kumar Goel ,  Kenneth D. Johnson ,  Matthew Ryan Miller ,  Navin Narayan Pai ,  Grzegorz M. Wroblewski ,  Gregory Justice Riggs

IPC: G06F21/00

CPC classification number: G06F21/577 ,  G06F2221/034

Abstract: The subject disclosure is directed towards detecting software vulnerabilities in an isolated computing environment. In order to evaluate each input submission from an external computer, a plurality of tasks are automatically generated for execution on one or more computing units running within the isolated computing environment. Various configurations of the one or more computing units are defined in which each computing unit executes the plurality of tasks. A report is produced comprising results associated with such an execution.

Abstract translation: 主题公开旨在检测孤立计算环境中的软件漏洞。 为了评估来自外部计算机的每个输入提交，自动生成多个任务用于在孤立计算环境内运行的一个或多个计算单元上执行。 定义一个或多个计算单元的各种配置，其中每个计算单元执行多个任务。 制作了包含与此类执行相关联的结果的报告。

公开(公告)号：US09021587B2

公开(公告)日：2015-04-28

申请号：US13283353

申请日：2011-10-27

Applicant: Nitin Kumar Goel ,  Kenneth D. Johnson ,  Matthew Ryan Miller ,  Navin Narayan Pai ,  Grzegorz M. Wroblewski ,  Gregory Justice Riggs

Inventor： Nitin Kumar Goel ,  Kenneth D. Johnson ,  Matthew Ryan Miller ,  Navin Narayan Pai ,  Grzegorz M. Wroblewski ,  Gregory Justice Riggs

IPC: G06F21/00 ,  G06F21/57

CPC classification number: G06F21/577 ,  G06F2221/034

Abstract: The subject disclosure is directed towards detecting software vulnerabilities in an isolated computing environment. In order to evaluate each input submission from an external computer, a plurality of tasks are automatically generated for execution on one or more computing units running within the isolated computing environment. Various configurations of the one or more computing units are defined in which each computing unit executes the plurality of tasks. A report is produced comprising results associated with such an execution.

Abstract translation: 主题公开旨在检测孤立计算环境中的软件漏洞。 为了评估来自外部计算机的每个输入提交，自动生成多个任务用于在孤立计算环境内运行的一个或多个计算单元上执行。 定义一个或多个计算单元的各种配置，其中每个计算单元执行多个任务。 制作了包含与此类执行相关联的结果的报告。

公开(公告)号：US20090193851A1

公开(公告)日：2009-08-06

申请号：US11382811

申请日：2006-05-11

Applicant: Nitin Kumar Goel ,  Rogers H. Stolen ,  Steven H. Morgan ,  Daniel Kominsky

Inventor： Nitin Kumar Goel ,  Rogers H. Stolen ,  Steven H. Morgan ,  Daniel Kominsky

IPC: C03B37/027 ,  C03B37/03

CPC classification number: C03B37/01268

Abstract: Optical fiber preforms which can be drawn into optical fibers of desired dimensions are fabricated by applying a vacuum to a cladding tube and drawing molten glass from a crucible into a bore of the cladding tube while a portion of the cladding tube is within a furnace preferably through a small hole in the top of the furnace. The method and apparatus are particularly applicable to highly non-linear fiber (HNLF) glasses and highly doped or rare earth glasses since materials therein are generally expensive and only a small quantity of molten glass is required but can be applied to virtually any optical fiber construction where the core glass has a lower melting or softening point than that of the cladding tube. Sources of contamination, breakage and other preform defects are substantially avoided and toxic substances, if present are readily confined.

Abstract translation: 通过向包层管施加真空并将熔融玻璃从坩埚抽入包壳管的孔中，而包覆管的一部分优选地在炉内通过 炉顶部有一个小孔。 该方法和装置特别适用于高度非线性光纤（HNLF）玻璃和高掺杂或稀土玻璃，因为其中的材料通常是昂贵的，并且仅需要少量的熔融玻璃，而是可以应用于几乎任何的光纤结构 其中芯玻璃的熔点或软化点低于包层管的熔点或软化点。 基本上避免了污染源，破损和其他预制件缺陷的来源，如果存在有毒物质容易受限制。