Workshop: Fuzz Testing for Finding Vulnerabilities
Background
Fuzz testing is a fully automated software testing technique where randomly generated inputs are fed to a program with the explicit goal of crashing the program. Fuzz testing can be employed on program binaries, and can benefit from an input format specification, or from the presence of sample seed program inputs. Application of fuzzing in vulnerability detection is common, and it constitutes an important technique to enhance software security.
Overview
In this tutorial, we will first distinguish between fuzzing and usual program testing - by clarifying the weak oracles (or expected behavior) needed in fuzzing. We will then distinguish between generation based fuzzing which use input format specifications and mutation based fuzzing which modifies input seeds.
We will also clearly show the differences between blackbox, greybox and whitebox fuzzing. Blackbox fuzzing does not assume any view of the program, while greybox fuzzing only distinguishes different program paths executed by different inputs. The main advantage of these techniques is the ability to avoid extracting control flow from program binaries, which can be notoriously difficult. In comparison, whitebox fuzzing assumes knowledge of the program control flow (even if shown at binary level). On the other hand, it can achieve potentially better coverage of the program behavior by using a program execution technique called symbolic execution. We will also cover the foundations of symbolic execution and its use in whitebox fuzzing in this tutorial.
All of the concepts covered in the tutorial will be demonstrated via hands-on usage of blackbox, greybox and whitebox fuzzing tools. The tool understanding and usage will culminate in an exciting hackathon which will challenge the students to hunt seeded as well as real vulnerabilities in binaries of tools which they would have widely used daily, either as file processing programs or as command line utilities.
Workshop Instructors
Prof. Abhik Roychoudhury National University of Singapore |
Assoc. Prof. Liang Zhenkai National University of Singapore |
Dr Cho Chia Yuan DSO National Laboratories |
Lab Instructors
Chua Zheng Leong National University of Singapore |
Thuan Pham Van National University of Singapore |
Program
Sunday, 19 February 2017 |
|
09:00 - 10:10 |
Basics of Fuzzing, and Foundations of Symbolic Execution |
10:10 - 10:30 |
Tea break |
10:30 - 11:00 |
Basics of Fuzzing, and Foundations of Symbolic Execution (continued) |
11:00 - 12:00 |
Discussion on Grey-box and Black-box Fuzzing |
12:00 - 13:00 |
Lunch |
13:00 - 14:00 |
Invited Talk: Experiences in Fuzzing |
14:00 - 15:00 |
Targeted discussion on tools to be used in Hackathon |
15:00 - 15:30 |
Tea break |
15:30 - 16:30 |
Hackathon briefing on specific exercises to be solved during hackathon |
16:30 onwards |
Hackathon (ends on Monday, 20 February 2017, 15:00) |
Monday, 20 February 2017 |
|
15:00 - 16:30 |
Hackathon demo and evaluation |
16:30 - 17:00 |
Tea break |
17:00 - 17:30 |
Hackathon prize presentation |