DESIGN AND IMPLEMENTATION OF PARALLEL FUZZ TESTING
Software security is an important aspect in determining software quality. It must be considered in the software development process. Testing software manually is a time-consuming task. Sometimes the software testing process takes longer than the software development process. Therefore, to speed u...
Saved in:
| Main Author: | |
|---|---|
| Format: | Theses |
| Language: | Indonesia |
| Online Access: | https://digilib.itb.ac.id/gdl/view/70654 |
| Tags: |
Add Tag
No Tags, Be the first to tag this record!
|
| Institution: | Institut Teknologi Bandung |
| Language: | Indonesia |
| Summary: | Software security is an important aspect in determining software quality. It must be
considered in the software development process. Testing software manually is a
time-consuming task. Sometimes the software testing process takes longer than the
software development process. Therefore, to speed up the time testing needs to be
done automatically.
Fuzz testing (fuzzing) is an automated software testing technique by sending
abnormal data to the tested program. American Fuzzy Lop (AFL) is one of the most
popular fuzzer. AFL is a grey-box fuzzer with mutation technique to generate
abnormal input for feeding the tested program. Abnormal input is generated by
AFL using deterministic mutation and random mutation. AFL already supports
single mode and parallel mode. In parallel mode, there is a difference between the
master node and the slave node in generating abnormal input. Master node uses
deterministic mutation and random mutation but slave node only uses random
mutation. Performing deterministic mutation in all nodes causes duplicate
abnormal input. Hence, computing resource is utilized inefficient.
In this research, we propose a design system for parallel fuzzing. Virtualization
technology is utilized to perform parallel fuzzing. There is a master node and one
or more containers as slave node. Master node consists of python-based
applications, database and AFL. AFL on master node is used to select initial seed
for others. Multiple AFL instances on container are utilized to run fuzzing process.
Those are controlled by master node. An agent is used to manage information
synchronization between different AFL instances. Our proposed design implement
both mutation techniques in every node. Besides that, information synchronization
such as seed and path coverage is required to prevent task duplication. Therefore,
fuzzing process is more efficient and running faster to find security flaws in the
tested program. |
|---|