Escaping the Fuzz - Evaluating Fuzzing Techniques and Fooling them with Anti-Fuzzing

Typ
Examensarbete för masterexamen
Master Thesis
Program
Computer systems and networks (MPCSN), MSc
Publicerad
2016
Författare
Edholm, Emil
Göransson, David
Modellbyggare
Tidskriftstitel
ISSN
Volymtitel
Utgivare
Sammanfattning
Fuzzing is used to find vulnerabilities in applications by sending garbled data as input and then monitoring the application for crashes. Over the years, this simple technique has evolved to an advanced testing technique that has been used to find serious vulnerabilities in a wide range of applications. This thesis sets out to evaluate two state-of-the-art fuzzers and pinpoint their weaknesses. The thesis also investigates anti-fuzzing: a technique that masks crashes from fuzzers. By not detecting crashes, fuzzers become useless when it comes to detecting vulnerabilities in software. The fuzzers are tested against a test suite of security vulnerability challenges from the DARPA Cyber Grand Challenge and then against the same test suite when anti-fuzzing capabilities have been incorporated. Our results show that it is relatively easy to implement and apply anti-fuzzing techniques that are able to completely mask crashes and, by extension, vulnerabilities from fuzzers.
Beskrivning
Ämne/nyckelord
Informations- och kommunikationsteknik , Data- och informationsvetenskap , Information & Communication Technology , Computer and Information Science
Citation
Arkitekt (konstruktör)
Geografisk plats
Byggnad (typ)
Byggår
Modelltyp
Skala
Teknik / material
Index