Internships/ProjectIdeas/SnapshotFuzzingDevice: Difference between revisions
(Created page with "=== Implement a snapshot fuzzing device === '''Summary:''' Add a new emulated device for rapid guest-initiated snapshot/restore functionality for fuzzing. Fuzz testing runs...") |
|||
Line 31: | Line 31: | ||
'''Details:''' | '''Details:''' | ||
* | * Project size: 350 hours | ||
* | * Difficulty: intermediate | ||
* Required skills: C programming | |||
* Desirable skills: previous experience with fuzzing and/or device driver development | |||
* Topic/Skill Areas: Fuzzing, OS/Systems/Drivers | * Topic/Skill Areas: Fuzzing, OS/Systems/Drivers | ||
* Mentor: Alexander Bulekov <alxndr@bu.edu> (a1xndr on IRC) | * Mentor: Alexander Bulekov <alxndr@bu.edu> (a1xndr on IRC) |
Latest revision as of 06:58, 25 February 2022
Implement a snapshot fuzzing device
Summary: Add a new emulated device for rapid guest-initiated snapshot/restore functionality for fuzzing.
Fuzz testing runs a program with random inputs to find bugs that lead to crashes or other program failures. Fuzz testing is a popular technique for finding security bugs.
Many recent fuzzing projects rely on snapshot/restore functionality [1,2,3,4,5]. For example tests/fuzzers that target large targets, such as OS kernels and browsers benefit from full-VM snapshots, where solutions such as manual state-cleanup and fork-servers are insufficient. Many of the existing solutions are based on QEMU, however there is currently no upstream-solution. Furthermore, hypervisors, such as Xen have already incorporated support for snapshot-fuzzing. In this project, you will implement a virtual-device for snapshot fuzzing, following a spec agreed-upon by the community. The device will implement standard fuzzing APIs that allow fuzzing using engines, such as libFuzzer and AFL++. The simple APIs exposed by the device will allow fuzzer developers to build custom harnesses in the VM to request snapshots, memory/device/register restores, request new inputs, and report coverage.
Project goals include:
- Adding a new emulated device for snapshot fuzzing into QEMU.
- Writing documentation and final editing of the hardware interface specification so fuzzer developers can learn how to take advantage of the device from inside a guest.
Links:
- https://arxiv.org/pdf/2111.03013.pdf
- https://blog.mozilla.org/attack-and-defense/2021/01/27/effectively-fuzzing-the-ipc-layer-in-firefox/
- https://www.usenix.org/system/files/sec20-song.pdf
- https://github.com/intel/kernel-fuzzer-for-xen-project
- https://github.com/quarkslab/rewind
Details:
- Project size: 350 hours
- Difficulty: intermediate
- Required skills: C programming
- Desirable skills: previous experience with fuzzing and/or device driver development
- Topic/Skill Areas: Fuzzing, OS/Systems/Drivers
- Mentor: Alexander Bulekov <alxndr@bu.edu> (a1xndr on IRC)