University of Twente Student Theses
Fallaway : High Throughput Stateful Fuzzing by making AFL* State-Aware
Bethe, T.M. (2024) Fallaway : High Throughput Stateful Fuzzing by making AFL* State-Aware.
|
PDF
539kB |
| Abstract: | Fuzzing is a popular software test technique. Stateful fuzzing refers to testing stateful software, such as the software implementing vital network protocols which keep the internet secure. This thesis proposes a new approach to code coverage-based stateful fuzzing. We extend a previously proposed fuzzer, AFL*, which is faster than other approaches but unaware of states. Our approach, called Fallaway, is a code coverage-based stateful fuzzer that combines techniques from AFL* and AFLnet. Fallaway is implemented by extending LibAFL, a library to build modular fuzzers written in Rust. Fallaway outperforms AFLnet in terms of code coverage when fuzzing LightFTP, gaining 16% more code coverage. This improvement largely can largely be attributed to reusing the target process for multiple test cases instead of just one. The state-awareness of the test cases and feedback does not seem to affect the performance in terms of code coverage. There are limitations to the approach of Fallaway, which if solved might increase the benefit gained from having state-aware test cases and feedback. |
| Item Type: | Essay (Master) |
| Faculty: | EEMCS: Electrical Engineering, Mathematics and Computer Science |
| Subject: | 54 computer science |
| Programme: | Computer Science MSc (60300) |
| Link to this item: | https://purl.utwente.nl/essays/99680 |
| Export this item as: | BibTeX EndNote HTML Citation Reference Manager |
Show download statistics for this publication
Show download statistics for this publicationRepository Staff Only: item control page