Fuzz Testing for Vulnerability Detection
Winter Semester 2016/17
Monday 27.06.2016, 15.00,
John v. Neumann, 00.11.038
Prof. Dr. Alexander Pretschner
Max. Number of participants
Rules for participation and registration
- Plagiarism of any form (blatant copy-paste, summarizing some else's ideas/results without reference etc.) will result in immediate expulsion from the course!
- All submissions are mandatory. Each submission must fulfill a certain level of quality. Submissions that are just collections of buzzword/keywords or coarse document structures will not be accepted. Failing that will be graded 5.0
- Late submissions will invite penalties.
- Non-adherence to submission guidelines will invite penalties.
- Slides must be discussed with the supervisor at least one week before the presentation. Presentation must be held in English!
- Participation and attendance in all seminar presentations is mandatory. Students must read the final submissions of their colleagues and participate in the discussions.
- Registration for the seminar takes place by the TUM Online Matching System.
- Once successfully registered for the seminar
- Students select at most 3 free available individual seminar topics of their choice.
- Send the selected topics via email (subject: "Fuzz Testing Seminar") in a preferred order from 1 (=most preferred topic) to 3 to Saahil Ognawala.
- Once allotted a topic (you will get a confirmation email),
- Students must acknowledge their acceptance of the topic and participation in the seminar latest by TBA.
- Students willing to quit the seminar must send a cancellation email by TBA , failing which they will be graded 5.0
A background in software testing or software engineering is desirable, but not required.
Fuzz testing (or fuzzing) is an automated software testing procedure, that tests the software by passing “seed” inputs provided by the user, typically monitoring the output and side-effects on the system, and mutating the input such that new output or side-effects on the system are observed. The power of fuzzing lies in the fact that the process is usually fully automated and is, therefore, very fast. Due to the dependence of input mutations on the output from previous runs, fuzzing has the tendency to quickly cover many functionally different paths in the program. The most basic fuzzers can be thought of as a variety of random testing tools, because the input mutations are done randomly and quickly, with no relevance to past seen input data and corresponding output information. Advanced techniques of fuzzing, however, involve smarter methods to mutate input data such as taint tracing of input buffers, genetic algorithms, grammar based fuzzing for parsers etc.
Fuzzing is among the most favoured methods of testing large scale applications for discovering vulnerabilities automatically, because of it’s speed and relative independence from user interference, both unlike manual testing process.
Objective of the seminar
The goal of this seminar is twofold: firstly, it aims to introduce participants to an important constituent of scientific method that is concerned with critically reading, understanding, summarizing, explaining and presenting existing scientific literature; secondly, the content of the seminar will provide the participants with an understanding of one of the most widely used and cutting edge method of testing for finding vulnerabilities in software.
Students will read one or more papers that are assigned to them by their supervisors. They are encouraged to find further relevant research on the topic. Understanding the central statements of a paper includes highlighting, complementing and explaining assumptions, as well as deliberately or accidentally incomplete chains of argumentation – typically followed by examples. This understanding should be reflected in the written exposé. This exposé must include the problem that is tackled by the selection of papers, as well as their respective central assumptions, arguments, and results. A highly motivated student will be expected to come up with a classification scheme within which all selected publications may be neatly organized and their crux matter discussed in the context of the corresponding problem.
- Blackbox testing with fuzzing
- Blackbox fuzzing vs. whitebox fuzzing
- Advanced fuzzing strategies with whitebox optimizations
- Input mutation strategies in fuzzing
- Role of machine learning in fuzz testing
- Role of genetic algorithms in fuzz testing
- Compositional analysis of large-scale software with fuzzing
- Fuzzing for mobile applications
- Fuzzing for web applications
- File format and protocol fuzzing
- Fuzzing: Brute force vulnerability discovery; M. Sutton, A. Greene, P. Amini
- Fuzzing: The state of the art; R. McNally, K. Yiu, D. Grove, D. Gerhardy
- Revolutionizing the field of grey-box attack surface testing with evolutionary fuzzing; J. DeMott, R. Enbody, W. Punch
- Fuzzing: The past, the present and the future; A. Takanen
- Fuzzing for software security testing and quality assurance; A. Takanen
- Random testing for security: blackbox vs. whitebox fuzzing; P. Godefroid
- Fuzzing: Breaking software in an automated fashion; I. van Sprudel