Please use this identifier to cite or link to this item:
Title: Instruction level branch condition penetration for BiFF
Authors: Chen, Taoyu
Keywords: Engineering::Computer science and engineering
Issue Date: 2021
Publisher: Nanyang Technological University
Source: Chen, T. (2021). Instruction level branch condition penetration for BiFF. Final Year Project (FYP), Nanyang Technological University, Singapore.
Project: SCSE20-0191
Abstract: Fuzzing is one of the most widely deployed techniques to discover software security vulnerabilities. Despite the increasing popularity of fuzzing, many existing fuzzers requires source code to conduct fuzzing. For binary-only fuzzing, the execution speed of existing fuzzers is usually slow due to heavy instrumentation. And many of them may not support fuzzing on multiple CPU architectures. A fuzzer named BiFF is designed to support fuzzing cross-architecture and fuzzing for binary-only target with reasonable overhead. Another problem with existing fuzzers is their limited code penetration and effectiveness as the new testing inputs are generated randomly and therefore hard to detect errors that reside on deeper level. A fuzzing approach called Steelix is designed to solve this problem. It collects program-state information (i.e., comparison progress information) and use it to guide the mutation of input. Steelix has proven to be both effective and efficient in terms of penetration and execution. To enhance the branch condition penetration power and support fast fuzzing on binary-only target cross-architecture, we integrated the idea of Steelix into the fuzzer BiFF. This report elaborates the mechanism, implementation and performance of BiFF with Steelix incorporated.
Fulltext Permission: restricted
Fulltext Availability: With Fulltext
Appears in Collections:SCSE Student Reports (FYP/IA/PA/PI)

Files in This Item:
File Description SizeFormat 
  Restricted Access
2.48 MBAdobe PDFView/Open

Page view(s)

Updated on Jun 28, 2022

Download(s) 50

Updated on Jun 28, 2022

Google ScholarTM


Items in DR-NTU are protected by copyright, with all rights reserved, unless otherwise indicated.