Implementation and testing of a blackbox and a whitebox fuzzer for file compression routines

Author

Toby Tobkin, University of Central Florida

Abstract

Fuzz testing is a software testing technique that has risen to prominence over the past two decades. The unifying feature of all fuzz testers (fuzzers) is their ability to somehow automatically produce random test cases for software. Fuzzers can generally be placed in one of two classes: black-box or white-box. Blackbox fuzzers do not derive information from a program's source or binary in order to restrict the domain of their generated input while white-box fuzzers do. A tradeoff involved in the choice between blackbox and whitebox fuzzing is the rate at which inputs can be produced; since blackbox fuzzers need not do any "thinking" about the software under test to generate inputs, blackbox fuzzers can generate more inputs per unit time if all other factors are equal. The question of how blackbox and whitebox fuzzing should be used together for ideal economy of software testing has been posed and even speculated about, however, to my knowledge, no publically available study with the intent of characterizing an answer exists. The purpose of this thesis is to provide an initial exploration of the bug-finding characteristics of blackbox and whitebox fuzzers. A blackbox fuzzer is implemented and extended with a concolic execution program to make it whitebox. Both versions of the fuzzer are then used to run tests on some small programs and some parts of a file compression library.

Notes

If this is your Honors thesis, and want to learn how to access it or for more information about readership statistics, contact us at STARS@ucf.edu

Thesis Completion

2013

Semester

Spring

Advisor

Guha, Ratan

Degree

Bachelor of Science (B.S.)

College

College of Engineering and Computer Science

Degree Program

Electrical Engineering and Computer Science

Subjects

Dissertations, Academic -- Engineering and Computer Science;Engineering and Computer Science -- Dissertations, Academic

Format

PDF

Identifier

CFH0004463

Language

English

Access Status

Open Access

Length of Campus-only Access

None

Document Type

Honors in the Major Thesis

Recommended Citation

Tobkin, Toby, "Implementation and testing of a blackbox and a whitebox fuzzer for file compression routines" (2013). HIM 1990-2015. 1475.
https://stars.library.ucf.edu/honorstheses1990-2015/1475