NIFuzz Tool Developed to Estimate Software Information Leaks
/ 1 min read
🔍 NIFuzz: A New Tool for Quantifying Information Leaks in Software. Researchers have developed NIFuzz, a scalable fuzzer designed to estimate information leaks in software, which can undermine security features like ASLR and PAC. The paper introduces three metrics for assessing the size of these leaks, including a novel method for calculating conditional mutual information. NIFuzz operates with minimal overhead and employs various strategies to enhance leak detection and quantification. Evaluations on 14 programs, including eight real-world CVEs, demonstrate its effectiveness in identifying and estimating known information leaks, highlighting its potential to improve software security assessments.
Source

Original