Description
Master’s thesis in cooperation with Fraunhofer AISEC
Enhancing Software Fuzzing Through Dynamic Instrumentation
Fuzzing is a technique used to find software errors. Fuzzers such as AFL++ generate
semi-random inputs that aim to crash the software under test. To facilitate crashes un-
der erroneous inputs, AFL++ utilizes memory sanitizing to identify erroneous memory ac-
cesses, such as buffer overflows or use-after-frees. However, memory sanitizing is costly
due to the need for instrumenting the software with checks and executing them at runtime.
Task Description
In this work, we aim to reduce the overhead of memory sanitizing by implementing a
dynamic approach that avoids instrumenting uninteresting parts of the software. For in-
stance, if the fuzzer has already tested certain functions within the software, we want to
exclude those functions from instrumentation. Your task will be to develop such a dynamic
instrumentation approach based on AFL++ and its sanitizer QASan.
Requirements
• Ability to work independently and accurately
• Interest in fuzzing, binary virtualization, and binary instrumentation
• Good programming skills in C/C++
Contact
Please send your application with current CV and transcript of records to:
Ferdinand Jarisch
Fraunhofer Institute for Applied and Integrated Security (AISEC)
Product Protection and Industrial Security
Lichtenbergstr. 11, 85748 Garching near Munich
Mail: ferdinand.jarisch@aisec.fraunhofer.de
Phone: +49 89 322 9986-166
Publication Date: 20.02.2024
|
Thesis topic in co-operation with the Fraunhofer Institute for Applied and Integrated Security AISEC, Garching