Design and implementation of a Distributed Feedback-Guided Fuzzer

Nowadays, the high number of mobile and IOT devices has led to an increased demand for security to safeguard the users from malicious actors. Fuzz testing, or fuzzing, is an automated software testing technique used to discover bugs and vulnerabilities in software and, consequently, to secure interconnected devices. Running a fuzzer on mobile and IOT devices requires dedicated tools, specifically designed for these devices, often less capable and performing than the fuzzers designed to run on PCs and workstations. Moreover, the different architecture can be an obstacle when developing new technologies to fuzz these devices. This thesis aims to solve these problems presenting a distributed architecture designed to distribute the different components of a fuzzer across a workstation and multiple mobile devices. Splitting the fuzzer in two parts, one that runs on a more powerful workstation and the other that can run on multiple mobile devices, allows to have more processing power for the operations that aren't required to run on the device and allows designing and reusing components developed to fuzz workstations and PCs for mobile devices. This increases the scalability and opens the fuzzer to new possibilities, like new techniques to fuzz the mobile devices that weren't possible due to the limited resources or the different architecture. Moreover, effectively parallelizing the operations on the workstation with those on the mobile devices can lead to a performance increase with respect to the traditional way to fuzz the mobile devices. The distributed architecture has been developed and tested on real devices, confirming the expected results and reproducing some crashes of known vulnerabilities.