TUM Logo

Ranking results of static analysis based on fuzzing progress

Ranking results of static analysis based on fuzzing progress

Supervisor(s): Hannah Schmid, Ferdinand Jarisch
Status: open
Topic: Others
Type of Thesis: Bachelorthesis
Thesis topic in co-operation with the Fraunhofer Institute for Applied and Integrated Security AISEC, Garching


Bachelor’s thesis in cooperation with Fraunhofer AISEC
Ranking results of static analysis based on fuzzing progress
Motivation and Task Description
Static application security testing (SAST) is a powerful tool to find vulnerabilities in source code. However, state of the art SAST-tools produce a vast number of false-positives. Fuzzing, a dynamic security testing method that executes compiled binaries, aims to find
vulnerabilities in the implementation related to, e.g., memory corruptions, and does so with high precision. The idea of this thesis is to combine both methods and incorporate the results of a fuzzing campaign to adapt the ranking of findings generated by SAST-tools.
A common output format of SAST-tools is the SARIF-format, which allows to apply a ranking on the confidence of the finding being a true-positive. This enables an auditor or developer to prioritize further assessment of the findings. A first approach could be to
utilize line coverage information, for example such that a high number of executions of a certain code region without findings while fuzzing reduces the ranking of findings related to this code region in the SAST-tool.
Your task will be to implement such a heuristic to improve the ranking of SAST-related findings using fuzzing, and evaluate its performance on C/C++ source code.
• Basic programming experience (C/C++)
• Ability to work self-directed and systematically
• Experience and knowledge in security testing is an asset (especially in fuzzing)
• Knowledge of different code-representations (AST/IR) is an asset

If you are interested and would like to know more, please refer to the persons mentioned below. Please send your application with current CV and transcript of records to:
Hannah Schmid Ferdinand Jarisch
Tel.: +49 89 322-9986-130 Tel.: +49 89 322-9986-166
E-mail: hannah.schmid@aisec.fraunhofer.de
E-mail: ferdinand.jarisch@aisec.fraunhofer.de
Fraunhofer Research Institute for Applied and Integrated Security AISEC
Department Product Protection and Industrial Security
Lichtenbergstraße 11, 85748 Garching near Munich, Germany
Publication Date: 18.12.2023