• Asger Geel Weirsøe
  • Lars Bo Park Frydenskov
4. term, Computer Science, Master (Master Programme)
The modern world is increasingly reliant on software for not only everyday use cases but also critical systems such as healthcare and banking, and for these systems is it extremely important there are not any bugs or unexpected behaviours present. A method to avoid this is testing, up until now testing has mostly been unittesting, QA-testing and slow release strategies, but recently an alternative method for testing has gained more popularity, fuzzing. Fuzzing is different from traditional testing methods in regards to the mindset, instead of testing for correct behaviour and functionality, the focus is on trying to find bugs and unexpected behaviour. In the right cases can fuzzing be extremely effective Google has, as an example, uncovered more than 25,000 defects in their products and more than 22,000 problems in open-source projects and B. Miller utilised fuzzing against command line tools in popular distributions in 2020 where failure rates of 12% on Linux, 16% on MacOS and 19% on FreeBSD was found. In this report we present a mutation-based blackbox fuzzer for the networking protocol Thread, Thread-Fuzz . Thread-Fuzz is the proof of concept of a new generation of fuzzers that search for unexpected behaviours other than just crashes and memory corruption, behavioural fuzzers. Thread-Fuzz introduce the idea by implementing a state machine, which checks if the server state of a target satisfy the specification. ThreadFuzz is tested against OpenThread, the open source implementation of Thread. During our testing a buffer overflow is found which potentially can lead to unauthenticated remote code execution. Thread-Fuzz is also tested against ten introduced bugs in OpenThread where it found six of them. We conclude that Thread-Fuzz is unpolished but functional.
Publication date2022
Number of pages55
ID: 473190419