DESIGN AND IMPLEMENTATION OF PARALLEL FUZZ TESTING
Software security is an important aspect in determining software quality. It must be considered in the software development process. Testing software manually is a time-consuming task. Sometimes the software testing process takes longer than the software development process. Therefore, to speed u...
Saved in:
| Main Author: | |
|---|---|
| Format: | Theses |
| Language: | Indonesia |
| Online Access: | https://digilib.itb.ac.id/gdl/view/70654 |
| Tags: |
Add Tag
No Tags, Be the first to tag this record!
|
| Institution: | Institut Teknologi Bandung |
| Language: | Indonesia |
| id |
id-itb.:70654 |
|---|---|
| spelling |
id-itb.:706542023-01-18T11:27:08ZDESIGN AND IMPLEMENTATION OF PARALLEL FUZZ TESTING Mahendra, Bayu Indonesia Theses Software security, parallel fuzzing, container. INSTITUT TEKNOLOGI BANDUNG https://digilib.itb.ac.id/gdl/view/70654 Software security is an important aspect in determining software quality. It must be considered in the software development process. Testing software manually is a time-consuming task. Sometimes the software testing process takes longer than the software development process. Therefore, to speed up the time testing needs to be done automatically. Fuzz testing (fuzzing) is an automated software testing technique by sending abnormal data to the tested program. American Fuzzy Lop (AFL) is one of the most popular fuzzer. AFL is a grey-box fuzzer with mutation technique to generate abnormal input for feeding the tested program. Abnormal input is generated by AFL using deterministic mutation and random mutation. AFL already supports single mode and parallel mode. In parallel mode, there is a difference between the master node and the slave node in generating abnormal input. Master node uses deterministic mutation and random mutation but slave node only uses random mutation. Performing deterministic mutation in all nodes causes duplicate abnormal input. Hence, computing resource is utilized inefficient. In this research, we propose a design system for parallel fuzzing. Virtualization technology is utilized to perform parallel fuzzing. There is a master node and one or more containers as slave node. Master node consists of python-based applications, database and AFL. AFL on master node is used to select initial seed for others. Multiple AFL instances on container are utilized to run fuzzing process. Those are controlled by master node. An agent is used to manage information synchronization between different AFL instances. Our proposed design implement both mutation techniques in every node. Besides that, information synchronization such as seed and path coverage is required to prevent task duplication. Therefore, fuzzing process is more efficient and running faster to find security flaws in the tested program. text |
| institution |
Institut Teknologi Bandung |
| building |
Institut Teknologi Bandung Library |
| continent |
Asia |
| country |
Indonesia Indonesia |
| content_provider |
Institut Teknologi Bandung |
| collection |
Digital ITB |
| language |
Indonesia |
| description |
Software security is an important aspect in determining software quality. It must be
considered in the software development process. Testing software manually is a
time-consuming task. Sometimes the software testing process takes longer than the
software development process. Therefore, to speed up the time testing needs to be
done automatically.
Fuzz testing (fuzzing) is an automated software testing technique by sending
abnormal data to the tested program. American Fuzzy Lop (AFL) is one of the most
popular fuzzer. AFL is a grey-box fuzzer with mutation technique to generate
abnormal input for feeding the tested program. Abnormal input is generated by
AFL using deterministic mutation and random mutation. AFL already supports
single mode and parallel mode. In parallel mode, there is a difference between the
master node and the slave node in generating abnormal input. Master node uses
deterministic mutation and random mutation but slave node only uses random
mutation. Performing deterministic mutation in all nodes causes duplicate
abnormal input. Hence, computing resource is utilized inefficient.
In this research, we propose a design system for parallel fuzzing. Virtualization
technology is utilized to perform parallel fuzzing. There is a master node and one
or more containers as slave node. Master node consists of python-based
applications, database and AFL. AFL on master node is used to select initial seed
for others. Multiple AFL instances on container are utilized to run fuzzing process.
Those are controlled by master node. An agent is used to manage information
synchronization between different AFL instances. Our proposed design implement
both mutation techniques in every node. Besides that, information synchronization
such as seed and path coverage is required to prevent task duplication. Therefore,
fuzzing process is more efficient and running faster to find security flaws in the
tested program. |
| format |
Theses |
| author |
Mahendra, Bayu |
| spellingShingle |
Mahendra, Bayu DESIGN AND IMPLEMENTATION OF PARALLEL FUZZ TESTING |
| author_facet |
Mahendra, Bayu |
| author_sort |
Mahendra, Bayu |
| title |
DESIGN AND IMPLEMENTATION OF PARALLEL FUZZ TESTING |
| title_short |
DESIGN AND IMPLEMENTATION OF PARALLEL FUZZ TESTING |
| title_full |
DESIGN AND IMPLEMENTATION OF PARALLEL FUZZ TESTING |
| title_fullStr |
DESIGN AND IMPLEMENTATION OF PARALLEL FUZZ TESTING |
| title_full_unstemmed |
DESIGN AND IMPLEMENTATION OF PARALLEL FUZZ TESTING |
| title_sort |
design and implementation of parallel fuzz testing |
| url |
https://digilib.itb.ac.id/gdl/view/70654 |
| _version_ |
1822278826079551488 |