Lab Course: Fuzzing Bootcamp

Course:

  • Responsible: Prof. Dr. Matthew Smith,
  • Start: 02.04.2019
  • Dates: workshop 05. - 09.08.2019, 10:00, room U1.011; afterwards weekly meetings
  • Course number: 612113323

Other:

  • Term: Master Computer Science
  • Requirements:
  • Faculty: MA-INF 3323
  • Effort: 4P /9 CP (Master) , 10 CP (B-IT MI)

Information

The Fuzzing Bootcamp is split into three parts:

  • 5 days workshop with theory and hands-on (August 5th (10:00am) - 9th in room U1.011)
  • 8 weeks working on a seminar topic with weekly meetings with one of the supervisors
  • Final presentation

Beschreibung

Recently, enormous progress has been made in fuzzing, a technique to test software interfaces dynamically with the goal to find inputs triggering security issues or producing crashes. While traditional fuzzing operated on random inputs only, modern “smart” fuzzing frameworks (AFL, libFuzzer, Sage) try to predict predict more valid inputs with the help of AI-techniques, to increase the code coverage.

In the “fuzzing bootcamp”, you will first learn how modern fuzzing frameworks operate to increase the code coverage in a short amount of time. To get a better feeling how to use such techniques in a software project, we will write fuzz targets and fuzz real-world code from existing open source projects. It is our goal to find real and severe vulnerabilities in production software.

In the fuzzing bootcamp, we focus on C/C++ as programming languages by using two widespread frameworks: AFL and libFuzzer. The first week covers all the theoretical background. During this week, we will explain the basics behind the fuzzing frameworks and use examples from real code in open source projects. At the end of this week, we will present a few potential topics which have to be addressed by the students in the next 6 weeks. During this time, the students can have meetings with their supervisors to get feedback. At the end of the semester, the students will present their results in a group meeting.