Research Overview
In my research I mainly focus on improving modern fuzzing techniques with the goal of overcoming limitations and unlocking new types of applications such that they can be tested by automated security analysis tools.
Nils Bars
Master's Thesis: Uncovering Fuzzing Roadblocks in Widely Used Software
Requirements
- Preferably Python or Rust
- Development of high performance multithreaded code for data processing
- Previous experience or interest in using tools for tracing binaries during execution
Master's Thesis: Auto Harnessing of Functions
Fuzzing has emerged as a powerful technique for identifying software vulnerabilities by generating diverse inputs to test target applications thoroughly. This master’s thesis is to implement an auto-harnessing approach that identifies unconstrained input bytes passed to specific functions within the target application. This information allows us to fuzz small parts of the target codebase by creating a harness around these functions. A crucial challenge is ensuring that the approach can generate reproducing inputs for the target application (not only the function) upon finding bugs in these functions.
Summary
- Developing a technique to determine which bytes are consumed by a function.
- Implement an approach to detect which bytes processed by a function are unconstrained regarding the target’s input.
- Implementing a prototype of this approach based on some fuzzer, such as libAFL or AFL++.
Requirements
- Knowledge of low-level concepts and C
- Preferably basic knowledge of Fuzzing
Master's Thesis: Using Dynamic Likely Invariants to Improve Input Diversity and Coverage during Fuzzing
Summary
- Use daikon to extract likely invariants of functions in the target.
- Implement some technique to instrument the target such that invariant violation can be detected. This may happen via recompilation or JITing, e.g., using LLVM patch points.
- Extend libAFL (or another fuzzer) to implement the idea so invariants are periodically determined, and the target is instrumented accordingly during fuzzing.
Requirements
- Low-level concepts, C and x86-64 Assembly
- Preferably experience in Rust or interest in learning it
- Previous experience or interest in using daikon
- Preferably basic knowledge of Fuzzing
Master's Thesis: Improving Binary Fuzzing through Trace Re-Translation
Requirements
- Low level concepts, JIT, C and x86-64 Assembly
- Preferably Python or Rust
- Development of high performance code
- Previous experience or interest in using tools for tracing binaries during execution.
Master's Thesis: Hypervisor-based Cheats
- Do modern games employ any kind of countermeasures to avoid the execution inside a VM?
- Can such a cheat be implemented for a modern multiplayer game?
- What methods can detect such cheats or the presence of a VMM?
- In what ways can a VMM-based cheat be used to gain an advantage?
Requirements
- Low level concepts, Paging, C and x86-64 Assembly
- Preferably Python or Rust
- Working IOMMU setup with GPU pass through and some games to test it
- Preferably experience with QEMU system emulation