In-Memory Fuzzing on embedded Systems

Fuzz testing or Fuzzing is a method to test software for bugs and vulnerabilities. It
is an important link in the chain of software-testing and enables automated software
tests from an applications view, and not like other testing methods from a source
code view.
Fuzzing can be used for different kinds of testing, e.g. for black-box testing where
no internals are known, as well as for gray-box testing where some system internals
are known which might affect or help to optimize the fuzzing process. Basically,
fuzzing puts a high load of malformed input data on the device or software under
test, examines the responses and looks for unexpected behaviour or even software
crashes. There are many types of fuzzers, with different interfaces, ranging from
generic software fuzzers to specific protocol fuzzers.
In this thesis, I analyse the existing fuzzing technologies, specific fuzzer imple-
mentations and define the requirements for in-memory fuzzers, especially on embed-
ded devices. In-memory fuzzing is a technology where the fuzzer analyses the target
program’s memory and tries to isolate regions of interest. These isolated regions can
then be tested separately without running through the whole program. For exam-
ple, the fuzzer could isolate the input parsing parts of a program, and exhaustively
test it with thousands of malformed inputs, with only a single application launch.
For this purpose it injects some code into the target, which generates test loops
and provides callbacks for the fuzzer. Further this thesis introduces an in-memory
fuzzing framework which was developed during the research for this thesis.

Read the complete thesis below and check out the source at

In-Memory Fuzzing on Embedded Systems