polito.it
Politecnico di Torino (logo)

Enabling vulnerability discovery automation by integrating fuzzers and debuggers

Raffaele Stelluti

Enabling vulnerability discovery automation by integrating fuzzers and debuggers.

Rel. Cataldo Basile. Politecnico di Torino, Corso di laurea magistrale in Ingegneria Informatica (Computer Engineering), 2021

Abstract:

During the last years, 0-days vulnerabilities have represented a real threat for companies, governments, and individuals. The software industry is investing many efforts to detect these vulnerabilities in the early stages of the software development life cycle (SDLC) by introducing Dev-Sec-Ops methodologies. However, these are often expensive in terms of time and resources that the companies should invest. This Master Thesis aims to reduce these costs by improving fuzzing, an indispensable technique for 0-day vulnerability discovery. As a possible solution, we explore the idea of integrating fuzzing tools with debuggers and automate two steps of the fuzzing process: the crash triaging and the oracle's development. As a result, the triaging time decreases and the quality of vulnerabilities found improves. Our efforts are limited to Black Box fuzzing lead with Defensics, a commercial fuzzing tool developed by Synopsys Inc.

Relatori: Cataldo Basile
Anno accademico: 2020/21
Tipo di pubblicazione: Elettronica
Numero di pagine: 57
Informazioni aggiuntive: Tesi secretata. Fulltext non presente
Soggetti:
Corso di laurea: Corso di laurea magistrale in Ingegneria Informatica (Computer Engineering)
Classe di laurea: Nuovo ordinamento > Laurea magistrale > LM-32 - INGEGNERIA INFORMATICA
Ente in cotutela: TELECOM ParisTech - EURECOM (FRANCIA)
Aziende collaboratrici: Synopsys (Northern Europe Ltd.)
URI: http://webthesis.biblio.polito.it/id/eprint/18188
Modifica (riservato agli operatori) Modifica (riservato agli operatori)