In a course on writing secure software here at University we looked into the practice of fuzz testing. That is, generating arbitrary information to be used as inputs for software. Apparently this is a very high cost:benifit practice in secure software development and testing.
Around 1990 the National Science Foundation provided grants for research regarding operating systems reliability testing, one culmination of efforts was presented in a paper written by Barton P. Miller, Lars Fredriksen and Brian So; (Paper). In this work the claim was made that many of the assumed reliable operating system utilities could be broken using the basic technique of fuzzing:
Operating system facilities, such as the kernel and utility programs, are typically assumed to be reliable. In our recent experiments, we have been able to crash 25-33% of the utility programs on any version of UNIX that was tested. This report describes these tests and an analysis of the program bugs that caused the crashes.
For our purposes we created a quick program in C, and used a simple bash scripting test bench to perform many iterations of each test:
fuzz — Source for the fuzzer, used by the following script. Very limited functionality, by no means is this a product for use in any setting other than academic investigation.
Bash script for automated testing:
#!/bin/bash
PROGRAM=<program_name>
ARGS=”-n 1000 -p”
CHARNAME=test-string
OUTNAME=result
SLEEPTIME=1test=1
while [ 1 = 1 ]
do
./fuzz $ARGS | tee $CHARNAME$test | $PROGRAM > $OUTNAME$test
test=$((test+1))
sleep $SLEEPTIME
done
This is a pretty common and interesting technique to try and find software vulnerabilities. It’s quite interesting how an artifact that comes from bygone telecommunications infrastructure can be used to test right up to the common day.