American fuzzy lop (AFL) fuzzing

Abstract

This final year project introduces the concept of fuzzing to discover flaws in code, and expose loopholes that might have the potential to cause damage to computer systems. Fuzzing is a fairly new method of discovering bugs within programs that might not otherwise be easily caught using traditional methods such as source code analysis and limited testing using a set of pre-defined inputs. Attempts will be made to discover bugs by testing the extraction function from the open-source software archiver 7-Zip. The fuzzer American Fuzzy Lop (AFL) will be employed for this project. AFL employs a novel type of compile-time instrumentation and genetic algorithms to generate semi-valid data and increase code coverage, reducing effort and time required to find potential exploitable vulnerabilities. Debugging will form the second half of this paper by detailing how faults can be identified within the application. The paper will conclude by listing of problems found in the paper and possible remediations that could be performed to improve the reliability of 7-Zip.