Εύρεση Ευπαθειών Λογισμικού: Κατανεμημένο Fuzzing (Bachelor thesis)
Τσαούσογλου, Βασίλειος
The discovery of exploitable software vulnerabilities is a time consuming and
demanding task.
Fuzz testing (or fuzzing) is a collection of technologies and techniques that provide
random (and carefully constructed random) data to applications as inputs with the
goal of triggering not intended behavior and ultimately to the discovery of bugs.
The objective of this thesis is the design and implementation of an infrastructure
that aids in the deployment of distributed fuzzing campaigns and the centralized
storage of results and statistics. By automating phases of the fuzzing process we
aim to reduce the administrative overhead. Moreover, our modular architecture
allows for the continuous improvement and targeted customization of the fuzzing
phases for each particular application under investigation. The thesis is structured as follows.
Chapter 1 introduces the concepts of software vulnerabilities and how can their
exploitation lead to the violation of trust boundaries. Existing vulnerability
discovery methods are also presented therein.
Fuzzing, a method of vulnerability discovery, is thoroughly examined, in Chapter 2.
The concepts presented in this chapter are further assisted by showcasing stateof-
the art tools.
Chapter 3 presents the distributed fuzzing infrastructure that we have designed,
implemented and deployed. A hands-on example on the use of our system is given
at Chapter 4.
The process of setting up a distributed fuzzing campaign is practically presented,
in relation to the theoretical concepts presented at Chapter 2.
We conclude with the strengths and shortcomings of our developed distributed
fuzzing infrastructure and the future plans regarding its improvements.
Institution and School/Department of submitter: | Σχολή Τεχνολογικών Εφαρμογών - Τμήμα Πληροφορικής |
Subject classification: | Ασφάλεια υπολογιστή Προστασία δεδομένων Computer security Data protection |
Keywords: | ευπάθειες υπολογιστικών συστημάτων;ευπάθειες λογισμικού;fuzzing;System Vulnerabilities;Software Vulnerabilities |
Description: | Πτυχιακή εργασία - Σχολή Τεχνολογικών Εφαρμογών - Τμήμα Μηχανικών Πληροφορικής, 2016 (α/α8101) |
URI: | http://195.251.240.227/jspui/handle/123456789/12598 |
Appears in Collections: | Πτυχιακές Εργασίες |
Files in This Item:
File | Description | Size | Format | |
---|---|---|---|---|
Tsaousoglou.pdf | 1.54 MB | Adobe PDF | View/Open |
Please use this identifier to cite or link to this item:
This item is a favorite for 0 people.
http://195.251.240.227/jspui/handle/123456789/12598
Items in DSpace are protected by copyright, with all rights reserved, unless otherwise indicated.