LWN.net Logo

Not logged in

Log in now

Create an account

Subscribe to LWN

Recent Features

LWN.net Weekly Edition for May 16, 2013

A look at the PyPy 2.0 release

PostgreSQL 9.3 beta: Federated databases and more

LWN.net Weekly Edition for May 9, 2013

(Nearly) full tickless operation in 3.10

Printable page
Weekly edition Kernel Security Distributions Contact Us Search
Archives Calendar Subscribe Write for LWN LWN.net FAQ Sponsors

LCA: The Trinity fuzz tester

LCA: The Trinity fuzz tester

Posted Feb 24, 2013 20:43 UTC (Sun) by rwmj (subscriber, #5474)
Parent article: LCA: The Trinity fuzz tester

I had a better idea for improving fuzz-testing. You use a genetic algorithm to "evolve" the fuzzed parameters, with the cost function being how much kernel code is executed. Conveniently systemtap lets you precisely measure how much code has been executed within a system call by putting a systemtap tap on every line of code (usually limited to the specific kernel module under test).

More here:
http://rwmj.wordpress.com/2010/11/22/half-baked-ideas-fee...

I actually implemented a fair bit of this.

(Log in to post comments)

LCA: The Trinity fuzz tester

Posted Feb 25, 2013 12:53 UTC (Mon) by spender (subscriber, #23067) [Link]

Sounds exactly like security research published in 2006:

https://www.blackhat.com/presentations/bh-usa-06/BH-US-06...

-Brad

LCA: The Trinity fuzz tester

Posted Feb 25, 2013 14:35 UTC (Mon) by rwmj (subscriber, #5474) [Link]

Yup, it looks like I hit on the same idea that these researchers found in 2006. The fuzz tester that is the subject of this article could do a lot better.

Copyright © 2013, Eklektix, Inc.
Comments and public postings are copyrighted by their creators.
Linux is a registered trademark of Linus Torvalds