FUSS: Fuzzing on a Shoestring

Posted on:August 12, 2024 at 11:00 AM

TL;DR: Download the FUSS source code on GitHub.

As the concluding project of my PhD, I built FUSS, a system for efficient fuzz testing. It builds on a technique called “elastic instrumentation” that I had developed. The gist of the idea is this:

Fuzzers are tools that test software to find bugs. They add instrumentation (i.e, check that can detect bad behavior) to all potentially risky instructions in the program. Then they run the program thousands of times with randomly generated inputs, hoping to trigger these checks. During this process, the checks take considerable time to execute, slowing down the testing process by a factor of two or more (compared to testing an uninstrumented program). Some checks are particularly expensive, and need more processor time than others. Most checks never detect bugs; the ones that do tend to be the cheap ones in obscure, untested, rarely executed parts of a program. We can improve efficiency by removing very expensive checks, and keeping cheap ones. This gives us 80% of the bug detection capability for 20% of the effort, so to speak. In practice, it means fuzzers find bugs faster.

Publishing the FUSS source code

In my PhD thesis, I promised to publish the source code for FUSS:

Promise to publish the FUSS source code, from my PhD thesis

For many reasons, this never happened. After defending the thesis in 2017, I moved to Germany, got married, started working in the industry. Occasionally, someone referenced my PhD thesis, mostly referring to the cool “bug survival graphs” on page 100. Noone contacted me to ask about the source code…

… until this year, when Rahul George et al. published OptiSan at the Usenix Security Symposium 2024. The paper draws some inspiration from FUSS’ predecessor ASAP, and used its code. It is cool work! Reading the OptiSan paper brought back memories of my days as a researcher, the challenges we faced, the excitement of working at the cutting edge and getting something published. I had a good conversation with Rahul. He expressed interest in seeing the FUSS code with its variety of improvements over ASAP.

So here it is: https://github.com/Sjlver/fuss

Apologies for the delay!