Description
Master’s thesis in cooperation with Fraunhofer AISEC
Enhancing Software Fuzzing Through Dynamic Instrumentation
Fuzzing is a technique used to find software errors. Fuzzers such as AFL++ generate semi-random inputs that aim to crash the software under test. To facilitate crashes un- der erroneous inputs, AFL++ utilizes memory sanitizing to identify erroneous memory ac- cesses, such as buffer overflows or use-after-frees. However, memory sanitizing is costly due to the need for instrumenting the software with checks and executing them at runtime.
Task Description In this work, we aim to reduce the overhead of memory sanitizing by implementing a dynamic approach that avoids instrumenting uninteresting parts of the software. For in- stance, if the fuzzer has already tested certain functions within the software, we want to exclude those functions from instrumentation. Your task will be to develop such a dynamic instrumentation approach based on AFL++ and its sanitizer QASan.
Requirements • Ability to work independently and accurately • Interest in fuzzing, binary virtualization, and binary instrumentation • Good programming skills in C/C++
Contact Please send your application with current CV and transcript of records to: Ferdinand Jarisch Fraunhofer Institute for Applied and Integrated Security (AISEC) Product Protection and Industrial Security Lichtenbergstr. 11, 85748 Garching near Munich Mail: ferdinand.jarisch@aisec.fraunhofer.de Phone: +49 89 322 9986-166
Publication Date: 20.02.2024
|