By Adam Cecchetti
This past week Deja vu Security showcased our research from the DARPA Cyber Fast Track program in the sunny center of the Pentagon. Two of the projects we completed "Siren's Song" and "Gödel's Gourd" were selected for demonstration during the I2O demo day. Our other effort "Hungarian Ham" was part of the controlled but unclassified selection for the Cyber Fast Track Day.
Gödel’s Gourd builds a new fuzzing approach capable of detecting when a program doesn't crash, but also doesn't behave quite like it should. Imagine if you walked in to a restricted area without your badge or walked out of a restaurant without paying your check. Gödel attempts to detect these issues while fuzzing (in this case, both the logic issues and the information leaks in a program or device).
Gödel’s Gourd is capable of detecting issues such as Information Disclosure, Authentication Bypass, and State Machine Corruption. During testing Gödel detects HeartBleed within the first few iterations of fuzzing SSL. Analysis runs inline with Peach to catch both classical security issues and logic issues. Gödel uses a flexible system that can tune constraints for each program or device being fuzzed.
Customers of Peach Pro already enjoy features of Gödel's Gourd. Additional development and features will be integrated into Peach later in 2014 depending on customer demand.
Siren's Song will be released based on customer demand.
Interested in hearing more about upcoming Peach features or our research? Reach out to us at firstname.lastname@example.org