An Investigation on Improving Distributed Fuzzing

As software becomes more extensive and complex, identifying and remitting potential vulnerabilities is increasingly challenging. Fuzzing is an automated technique to discover bugs by repeatedly supplying the program-under-test (PUT) with generated inputs intended to trigger unknown bugs in the PUT. In 2016, B¨ohme et al. introduced the concept of power schedules and an improved search strategy to the then state-of-the-art fuzzer AFL. Using their implementation, which they dubbed AFLFast, they found that these changes resulted in significantly faster discovery of more crashes than AFL. In independent work, researchers at Siemens have been investigating how to take advantage of data center scale infrastructure best when fuzzing. To encourage adoption and facilitate academic research, they have opensourced their own distributed fuzzing system, FLUFFI, in September 2019. 

This thesis investigates the application of the power schedule and search strategy in AFLFast to FLUFFI. Specifically, we have implemented AFLFast’s power schedule and search strategy as well as a round-robin search strategy on top of the upstream version of FLUFFI. To evaluate the effectiveness of these changes, we have chosen 10 binaries with known bugs from Google’s FuzzBench and measured the differences in code and bug coverage between different combinations of power schedules and search strategies. Our findings include: (i) the ideas of B¨ohme et al. can be applied to FLUFFI to improve the fuzzing outcomes in a manner similar to how AFLFast improved upon AFL; and (ii) despite its simplicity, round-robin can be a desirable search strategy earlier in a fuzzing campaign.