University of Twente Student Theses


Fallaway : High Throughput Stateful Fuzzing by making AFL* State-Aware

Bethe, T.M. (2024) Fallaway : High Throughput Stateful Fuzzing by making AFL* State-Aware.

[img] PDF
Abstract:Fuzzing is a popular software test technique. Stateful fuzzing refers to testing stateful software, such as the software implementing vital network protocols which keep the internet secure. This thesis proposes a new approach to code coverage-based stateful fuzzing. We extend a previously proposed fuzzer, AFL*, which is faster than other approaches but unaware of states. Our approach, called Fallaway, is a code coverage-based stateful fuzzer that combines techniques from AFL* and AFLnet. Fallaway is implemented by extending LibAFL, a library to build modular fuzzers written in Rust. Fallaway outperforms AFLnet in terms of code coverage when fuzzing LightFTP, gaining 16% more code coverage. This improvement largely can largely be attributed to reusing the target process for multiple test cases instead of just one. The state-awareness of the test cases and feedback does not seem to affect the performance in terms of code coverage. There are limitations to the approach of Fallaway, which if solved might increase the benefit gained from having state-aware test cases and feedback.
Item Type:Essay (Master)
Faculty:EEMCS: Electrical Engineering, Mathematics and Computer Science
Subject:54 computer science
Programme:Computer Science MSc (60300)
Link to this item:
Export this item as:BibTeX
HTML Citation
Reference Manager


Repository Staff Only: item control page