Lehrstuhl für Sicherheit in der Informatik Prof. Dr. Claudia Eckert
Master’s thesis in collaboration with Fraunhofer Research Institute AISEC
Sanitizer Crash Bucketing for Fuzzing
Description
Fuzzing is a method widely used for automated testing of software. Fuzzing frameworks, such as AFL1 and LLVM libfuzzer2, are able to find various bugs by generating more or less random input for the program under test. Bugs are normally detected as crashes of the tested program. A typical fuzz campaign can produce a vast amount of crashing inputs, many of which are caused by the same bug.
Crash bucketing tries to bucket crashing inputs with the same root cause, in order to reduce the effort for the analyst. Current approaches typically rely on comparing stack traces or paths of execution and often still create buckets for crashes caused by the same bug or, even worse, conflate crash inputs for different bugs.
In this work, a crash bucketing approach should be developed that uses information generated by different sanitizers to determine, or at least approximate, the cause of the crash and use it for a more precise bucketing of crashes. Different combinations of widely used sanitizers, such as ASAN3 and UBSAN4, and research approaches, such as Softbound5, should be identified, adapted for bucketing if necessary, and evaluated against each other.
Requirements
• Ability to work independently and accurately
• Basic knowledge of exploit techniques, fuzzing and C++
• Strong interest in compiler-based security, sanitizers, LLVM • Strong interest in fuzzing
Contact
Julian Horsch, Dieter Schuster
E-Mail: julian.horsch@aisec.fraunhofer.de, E-Mail: dieter.schuster@aisec.fraunhofer.de
Fraunhofer-Institut für Angewandte und Integrierte Sicherheit (AISEC) Lichtenbergstr. 11, 85748 Garching (near Munich), Germany http://www.aisec.fraunhofer.de
1 https://github.com/google/AFL
2 http://llvm.org/docs/LibFuzzer.html
3 https://github.com/google/sanitizers/wiki/AddressSanitizer
4 https://clang.llvm.org/docs/UndefinedBehaviorSanitizer.html
5 https://www.cs.rutgers.edu/~santosh.nagarakatte/softbound/