Fuzz Testing in Stack-Based Buffer Overflow

Abstract

Due to rapid deployment of information technology, the threats on information assets are getting more serious. These threats are originated from software vulnerabilities. The vulnerabilities bring about attacks. If attacks are launched before the public exposure of the targeted vulnerability, they are called zero-day attacks. These attacks damage system and economy seriously. One such attack is buffer overflow attack which is a threat to the software system and application for decades. Since buffer overflow vulnerabilities are present in software, attackers can exploit thus obtains unauthorized access to system. As these unauthorized accesses are becoming more prevalent, there is need for software testing to avoid zero-day attacks. One such testing is fuzz testing, locates vulnerabilities in software and find deeper bugs. The Stack-based American Fuzzy Lop (SAFAL) model has been proposed. This model works for software to exploit vulnerabilities. The model begins the process of fuzzing by applying various modifications to the input file. The binaries are compiled using the AFL wrappers. Input test case file is provided to the model to execute the test cases. The target program resulted in various crashes and hangs that discovered stack buffer overflow vulnerabilities. A list of crashes, hangs, and queues is found in output directory. The model displays real-time statistics of the fuzzing process. The SAFAL model improves the quality of software as the hidden bugs are found. The effectiveness and efficiency of SAFAL model are hence established.