Workshop: Fuzz Testing for Finding Vulnerabilities

Background

Fuzz testing is a fully automated software testing technique where randomly generated inputs are fed to a program with the explicit goal of crashing the program. Fuzz testing can be employed on program binaries, and can benefit from an input format specification, or from the presence of sample seed program inputs. Application of fuzzing in vulnerability detection is common, and it constitutes an important technique to enhance software security.

Overview

In this tutorial, we will first distinguish between fuzzing and usual program testing - by clarifying the weak oracles (or expected behavior) needed in fuzzing. We will then distinguish between generation based fuzzing which use input format specifications and mutation based fuzzing which modifies input seeds.

We will also clearly show the differences between blackbox, greybox and whitebox fuzzing. Blackbox fuzzing does not assume any view of the program, while greybox fuzzing only distinguishes different program paths executed by different inputs. The main advantage of these techniques is the ability to avoid extracting control flow from program binaries, which can be notoriously difficult. In comparison, whitebox fuzzing assumes knowledge of the program control flow (even if shown at binary level). On the other hand, it can achieve potentially better coverage of the program behavior by using a program execution technique called symbolic execution. We will also cover the foundations of symbolic execution and its use in whitebox fuzzing in this tutorial.

All of the concepts covered in the tutorial will be demonstrated via hands-on usage of blackbox, greybox and whitebox fuzzing tools. The tool understanding and usage will culminate in an exciting hackathon which will challenge the students to hunt seeded as well as real vulnerabilities in binaries of tools which they would have widely used daily, either as file processing programs or as command line utilities.

Workshop Instructors


Prof. Abhik Roychoudhury
National University of Singapore

Assoc. Prof. Liang Zhenkai
National University of Singapore

Dr Cho Chia Yuan
DSO National Laboratories

Lab Instructors


Chua Zheng Leong
National University of Singapore

Thuan Pham Van
National University of Singapore

Program

Sunday, 19 February 2017

09:00 - 10:10

Basics of Fuzzing, and Foundations of Symbolic Execution
Prof. Abhik Roychoudhury

10:10 - 10:30

Tea break

10:30 - 11:00

Basics of Fuzzing, and Foundations of Symbolic Execution (continued)
Prof. Abhik Roychoudhury

11:00 - 12:00

Discussion on Grey-box and Black-box Fuzzing
Assoc. Prof. Liang Zhenkai

12:00 - 13:00

Lunch

13:00 - 14:00

Invited Talk: Experiences in Fuzzing
Dr Cho Chia Yuan, DSO National Laboratories

14:00 - 15:00

Targeted discussion on tools to be used in Hackathon
Assoc. Prof. Liang Zhenkai

15:00 - 15:30

Tea break

15:30 - 16:30

Hackathon briefing on specific exercises to be solved during hackathon
Chua Zheng Leong and Thuan Pham Van

16:30 onwards

Hackathon (ends on Monday, 20 February 2017, 15:00)

Monday, 20 February 2017

15:00 - 16:30

Hackathon demo and evaluation

16:30 - 17:00

Tea break

17:00 - 17:30

Hackathon prize presentation