University of Twente Student Theses


A QBDI-based Fuzzer Targeting Magic Bytes Comparisons

Geretto, Elia (2018) A QBDI-based Fuzzer Targeting Magic Bytes Comparisons.

[img] PDF
Abstract:In recent times, the automated software testing technique that has enjoyed the most widespread success is probably fuzzing. Indeed, despite the fact that its first application dates back to 1989, its modern variations have been integrated in the software development process of various large companies [10] and open source projects [1]. In addition, fuzzing was also able to gain widespread adoption in the information security community thanks to its good scalability and low requirements regarding the knowledge of the target software. In this context, one of the most influential projects is American Fuzzy Lop [25], which also drove the adoption of grey-box fuzzers. These tools employ lightweight instrumentation in order to obtain information on the executions of the program under test. This information is then used to guide the fuzzer towards a precise goal, which is usually obtaining the highest possible coverage, but it can also be reaching a specific point in the program. However, fuzzing has significant limitations that might hinder its effectiveness. The most important one is that, while trying to explore a program, fuzzers might not be able to reach portions of code that are protected by conditions which have a low probability of being guessed randomly. This is commonly due to the fact that, without applying specific modifications, these tools generate the test cases that are fed to the target program using only random or deterministic mutation operators; these, however, do not take into account the structure of the code. The problem of reaching code protected by complex conditions translates into a variety of less abstract limitations; one of the most common ones is that of matching magic byte sequences and tokens, which will be treated as one and the same for the rest of this document. These conditions are commonly found in parsers and are constituted as follows: they require that a sequence of adjacent input bytes matches a specific sequence of values in order to access a given code branch. The goal of the work presented in this document was to improve the coverage obtained by a specific grey-box fuzzer, called AFL/QBDI, when exploring code containing magic bytes conditions without sacrificing performance.
Item Type:Essay (Master)
Faculty:EEMCS: Electrical Engineering, Mathematics and Computer Science
Subject:54 computer science
Programme:Computer Science MSc (60300)
Link to this item:
Export this item as:BibTeX
HTML Citation
Reference Manager


Repository Staff Only: item control page