
LAVA: Large-Scale Automated Vulnerability Addition [pdf] - ingve
http://www.ieee-security.org/TC/SP2016/papers/0824a110.pdf
======
moyix
I'm one of the authors and happy to answer any questions people have!

I gave a 40 minute talk on the work a couple weeks ago, and slides for that
(which may be a little more digestible) are here:

[http://panda.moyix.net/~moyix/LAVA_Sapienza.pdf](http://panda.moyix.net/~moyix/LAVA_Sapienza.pdf)

------
gnu8
What if the government required app store operators to run all of their
software through this process?

~~~
moyix
(Sorry to take so long to reply – I wish HN had a comment reply notification!)

Well, there would be two problems with that:

1\. LAVA works on source, and app devs aren't required to submit source code
to the app store. It's possible in principle to extend it to binaries as well,
but binary modification is actually rather tricky.

2\. If you can insert a backdoor, you really only need to insert one. At that
point, the advantages of LAVA mostly go away – you're going to be able to
insert a single backdoor by hand pretty easily, and the result is likely to be
a lot stealthier than the bugs LAVA injects (e.g., think of something like
this: [https://freedom-to-tinker.com/blog/felten/the-linux-
backdoor...](https://freedom-to-tinker.com/blog/felten/the-linux-backdoor-
attempt-of-2003/) ).

~~~
tosanjay
Hi, Just came to know about this interesting work. I found it very useful for
evaluation. Will it be possible to have those buggy applications available to
test other tools (fuzzers) or source code of LAVA to create buggy
applications?

thanks

