This assignment deals with the topic of software quality practices for security.

• Security: A Fundamental Quality Characteristic

Fuzz Testing Plus Sanitizers

In this assignment, you will seek to identify flaws in software that could potentially be exploited to compromise the security of systems depending on the software.

This assignment will involve two phases.

1. Generating "erroneous input" test cases that expose potential security issues through fuzz testing.
2. Using sanitizers to detect specific types of faults in software systems that may cause failures in response to erroneous input.

It is recommended that you work with an open-source C or C++ project which can be compiled with Clang. This will allow you to use the various sanitizers that are available with Clang.

Requirements

1. Use a fuzzing tool such as zzuf, AFL or libFuzzer to perform fuzz testing of your chosen open-source project, seeking to find input cases that cause program crashes.
2. Use sanitizers or other dynamic or static analysis tools to identify the specific program error that caused the crash, that is both the type of the error and the source code lines responsible.
3. Find and document at least N distinct errors in your chosen software, where N is your group size. Fixing the bugs is not a requirement, but clearly documenting the cause of the failure is required.

Assignment 3 is due Tuesday November 15 2016, 13:00