Figure 6 shows the prompt for code assembly.
Figure 6: Prompts for assembly and file generation. The content enclosed in brackets denotes the need for specific input.
Table 6 shows the precision and recall for Constraint Extraction by ProphetFuzz, CarpetFuzz, and ProphetFuzz𝑁𝑆𝐶 from Documentation of 20 Randomly Selected Programs.
Table 6: Precision (Prec.) and Recall (Rec.) for Constraint Extraction by ProphetFuzz, CarpetFuzz, and ProphetFuzz𝑁𝑆𝐶 from Documentation of 20 Randomly Selected Programs.
| Program | ProphetFuzz | CarpetFuzz | ProphetFuzzNSC | |||
|---|---|---|---|---|---|---|
| Prec. | Rec. | Prec. | Rec. | Prec. | Rec. | |
| cjpeg | 100.0% | 80.0% | 50.0% | 40.0% | 2.1% | 100.0% |
| cmark | 100.0% | 50.0% | 100.0% | 50.0% | 11.1% | 100.0% |
| djpeg | 100.0% | 74.3% | 95.5% | 60.0% | 7.3% | 77.1% |
| exiv2 | 100.0% | 80.0% | 50.0% | 20.0% | 8.5% | 80.0% |
| gif2png | 100.0% | 100.0% | 0.0% | 0.0% | 1.4% | 100.0% |
| img2sixel | 87.5% | 87.5% | 100.0% | 62.5% | 9.2% | 100.0% |
| lrzip | 100.0% | 100.0% | 100.0% | 41.2% | 7.6% | 100.0% |
| openssl-asn1parse | 100.0% | 25.0% | 100.0% | 50.0% | 4.0% | 100.0% |
| openssl-ec | 100.0% | 100.0% | 100.0% | 60.0% | 7.5% | 100.0% |
| pdftopng | 100.0% | 50.0% | 20.0% | 50.0% | 66.7% | 100.0% |
| pdftotext | 100.0% | 94.1% | 22.2% | 11.8% | 6.6% | 100.0% |
| podofoencrypt | 100.0% | 100.0% | 100.0% | 33.3% | 14.3% | 100.0% |
| pspp | 100.0% | 77.8% | 0.0% | 0.0% | 11.2% | 100.0% |
| size | 90.0% | 69.2% | 100.0% | 92.3% | 90.9% | 76.9% |
| speexdec | 100.0% | 100.0% | 45.5% | 50.0% | 19.2% | 100.0% |
| tcpprep | 100.0% | 88.9% | 100.0% | 77.8% | 100.0% | 88.9% |
| tiff2ps | 87.5% | 58.3% | 62.5% | 41.7% | 33.3% | 58.3% |
| tiffinfo | 100.0% | 100.0% | 0.0% | 0.0% | 33.3% | 100.0% |
| xmlwf | 100.0% | 70.0% | 0.0% | 0.0% | 8.1% | 100.0% |
| yara | 100.0% | 100.0% | 100.0% | 100.0% | 2.1% | 100.0% |
| Overall | 97.97% | 80.56% | 77.78% | 46.67% | 8.56% | 89.44% |
The complete list of the extracted 15 pieces of knowledge used by ProphetFuzz to predict high-risk option combinations is as follows:
- Resource Management and Limits. Options that affect resource allocation and limits can lead to vulnerabilities when they conflict with options that increase resource demands, potentially causing resource exhaustion or buffer overflows.
- Complex Data Processing. Combinations of options that lead to complex data processing tasks can increase the risk of vulnerabilities such as memory corruption, especially when involving external data or detailed output formatting.
- Output and Format Manipulation. Options that modify output verbosity or format can lead to vulnerabilities if they result in excessive data being processed or displayed, potentially revealing sensitive information or causing buffer overflows.
- Error Handling Modifications. Options that suppress or alter error handling can hide underlying issues, allowing the program to operate in an unstable state and increasing the risk of vulnerabilities.
- Conflicting Operations. Using options that perform opposing actions can lead to undefined behavior or race conditions, potentially causing the software to enter an unstable state.
- Input/Output Handling. Options that affect how input and output are handled can lead to vulnerabilities if they cause the program to read or write outside of intended memory areas or handle file operations insecurely.
- Concurrency and Parallel Processing. Options that enable multi-threading or parallel processing can introduce vulnerabilities such as race conditions if combined with options that are not thread-safe.
- Verbose and Debugging Modes. Increasing the verbosity of the program's output or enabling debugging modes can inadvertently expose vulnerabilities by providing more data to an attacker or changing the timing and performance characteristics of the application.
- Security Thresholds and Protections. Options that set security thresholds can lead to vulnerabilities when incorrectly configured or combined with complex XML structures, as they may not protect sufficiently or cause legitimate processing to fail.
- External Data and Variable Definition. Allowing external data input or variable definition can lead to vulnerabilities when combined with options that do not properly sanitize or handle this external input.
- Transformation and Canonicalization. Transforming input into detailed or canonical forms can increase the complexity of processing, leading to vulnerabilities due to the increased complexity of the output.
- Specialized Processing Modules. Passing data to specialized processing modules can lead to vulnerabilities if the modules do not properly handle the data, especially when combined with options that modify data handling.
- Scan Optimization. Optimizing scanning for performance can lead to vulnerabilities when it conflicts with thorough scanning required for security, potentially missing critical checks.
- Memory-Intensive Operations. Combining options that are inherently memory-intensive can lead to vulnerabilities, especially if they are not properly optimized for memory usage, potentially resulting in memory leaks or corruption.
- Control Flow Alteration. Changing the program's control flow with certain options can lead to vulnerabilities when combined with extensive processing options, potentially leading to incorrect processing or logic bypass.