Development of fuzzing methodologies for testing the resilience of the SATA protocol

Communication between computing systems and storage device units, generally called Hard Drives, is one of the most important interfaces for in the IT world, and guaranteeing it's security has high priority. The main protocol in use today is known as the "ATA standard" and the focus of our work during this intership is to test its resilience through Fuzzing, an automated software testing technique that consists in providing unexpected, invalid, random data as input to the target system, and monitor its behaviour in search for anomalies such as bugs, crashes or potential security flaws. In our work we propose different types of Fuzzing schemes, mainly based on a client-server architecture using the Fuzzing framwork "Boofuzz" together with software developed by us. The systems we aim to target are not only phyisical hard disks but also virtual hard drives, tested under different virtualization softwares such as QEMU, VirtualBox and VMWare. This work is the continuation of what has been started during a previous semester project, developed by the students Mirabella Angelo and Sanislav Sebastian (author of this work) and supervised by Balzarotti Davide (also supervisor for this internship). Even though during the semester project some results were achieved, their understanding was not clear. In this internship we try to explore more these outcomes and to continue developing the designed methodologies.