-
Evaluating the Fork-Awareness of Coverage-Guided Fuzzers
Authors:
Marcello Maugeri,
Cristian Daniele,
Giampaolo Bella,
Erik Poll
Abstract:
Fuzz testing (or fuzzing) is an effective technique used to find security vulnerabilities. It consists of feeding a software under test with malformed inputs, waiting for a weird system behaviour (often a crash of the system). Over the years, different approaches have been developed, and among the most popular lies the coverage-based one. It relies on the instrumentation of the system to generate…
▽ More
Fuzz testing (or fuzzing) is an effective technique used to find security vulnerabilities. It consists of feeding a software under test with malformed inputs, waiting for a weird system behaviour (often a crash of the system). Over the years, different approaches have been developed, and among the most popular lies the coverage-based one. It relies on the instrumentation of the system to generate inputs able to cover as much code as possible. The success of this approach is also due to its usability as fuzzing techniques research approaches that do not require (or only partial require) human interactions. Despite the efforts, devising a fully-automated fuzzer still seems to be a challenging task. Target systems may be very complex; they may integrate cryptographic primitives, compute and verify check-sums and employ forks to enhance the system security, achieve better performances or manage different connections at the same time. This paper introduces the fork-awareness property to express the fuzzer ability to manage systems using forks. This property is leveraged to evaluate 14 of the most widely coverage-guided fuzzers and highlight how current fuzzers are ineffective against systems using forks.
△ Less
Submitted 12 January, 2023;
originally announced January 2023.
-
High-resolution monthly precipitation climatologies over Norway: assessment of spatial interpolation methods
Authors:
Alice Crespi,
Cristian Lussana,
Michele Brunetti,
Andreas Dobler,
Maurizio Maugeri,
Ole Einar Tveito
Abstract:
Monthly precipitation climatologies at 1 km resolution have been produced over the Norwegian mainland for 1981-2010. The observed station normals are interpolated over a regular grid by applying a multi-linear local regression kriging (MLRK). The statistical method aims at modeling the influence of the main geographical features, such as: latitude, longitude, elevation and sea nearness on the prec…
▽ More
Monthly precipitation climatologies at 1 km resolution have been produced over the Norwegian mainland for 1981-2010. The observed station normals are interpolated over a regular grid by applying a multi-linear local regression kriging (MLRK). The statistical method aims at modeling the influence of the main geographical features, such as: latitude, longitude, elevation and sea nearness on the precipitation field at a local scale. The MLRK is composed of two steps, (i) a background precipitation field is computed through a multi-linear local regression based on the geographical information, then (ii) a kriging interpolation is applied to adjust the field so to better fit the station residuals (i.e., the difference between the observed normals and the background field). The interpolation accuracy is evaluated by reconstructing the station normals with a leave-one-out approach and by comparing the model performances with those of other interpolation methods. The poor observation coverage over remote and mountainous regions in Norway has motivated us to consider precipitation fields produced by numerical models. In fact, numerical model output provides a reference field for the evaluation of MLRK that is not dependent on the station density, though it is not as accurate as the observations. Specifically, a regional climate simulation with a resolution of 2.5 km, based on the dynamical downscaling of the global reanalysis ERAInterim and available for the time period 2003-2016, has been used. In addition to the MLRK validation, the combination of numerical model fields and observed climatologies has been investigated and the results show that this integrated approach provides more accurate high-resolution climatologies over the Country. The numerical background introduces valuable information over remote and mountainous regions, whereas in-situ data correct for model biases.
△ Less
Submitted 13 April, 2018;
originally announced April 2018.
-
Temperature, precipitation and extreme events during the last century in Italy
Authors:
M. Brunetti,
L. Buffoni,
F. Mangianti,
M. Maugeri,
T. Nanni
Abstract:
Around the mid 1990s, the authors set up a broad-based research program with the aim of better understanding the evolution of Italian climate in the last 100/150 years. The program was developed both within European (UE IMPROVE and ALPCLIM projects) and National projects (National Research Council (CNR) project "Reconstruction of the Past Climate in the Mediterranean area"). At present it is in…
▽ More
Around the mid 1990s, the authors set up a broad-based research program with the aim of better understanding the evolution of Italian climate in the last 100/150 years. The program was developed both within European (UE IMPROVE and ALPCLIM projects) and National projects (National Research Council (CNR) project "Reconstruction of the Past Climate in the Mediterranean area"). At present it is in progress within the "Progetto Finalizzato CLIMAGRI", a project of the Italian "Ministero per le Politiche Agricole e Forestali". Moreover, in the next two years, further activities will be performed within the research program "Local climate variability in relation to global climatic change phenomena" funded by the Italian "Ministero per l'Istruzione, l'Universita' e la Ricerca" and by Genoa, Milan, Trieste, Turin and Udine Universities. The studies so far carried out have improved the availability and the quality of Italian data and have produced interesting information on the evolution of temperature, precipitation and some other parameters in the last 100/150 years. The paper summarises the main results obtained within the research program.
△ Less
Submitted 15 November, 2002;
originally announced November 2002.
