Decentralized fuzzing based on untrustworthy nodes.
Presentation: Google Slides or PDF.
Fuzzing is a technique employed to identify vulnerabilities in a program by automatically generating and testing diverse inputs. Running a fuzzer locally on a single machine can be time-consuming, so it can be distributed across different machine cores.
Our project, DissFuzz, is the first work to support distributed and decentralised fuzzing based on untrusted nodes:
- The system incorporates different actors that use the blockchain for synchronisation, ensuring the security of our system.
- To encourage user participation in the system, we introduce a digital currency.
- To maintain the integrity and security of our system, we implement a Proof of Work (PoW) mechanism.
The objective of the project is to extend the distributed fuzzing further by eliminating the single point of trust. This is achieved through the implementation of permissionless consensus and zero-knowledge Proof-of-Fuzzing-Work implemented using Execution Hash of programs under fuzzing.
- Main project report
- Main project presentation
- Individual report
- Modified llvm-17 source tree for execution hash generation
- Probability analysis of the decentralized fuzzing coverage
- Core idea design
Since the project is based on the course's homework, the repository doesn't contain any code. Our work is an extension of the paper D. Jang, A. Askar, I. Yun, S. Tong, Y. Cai, and T. Kim, “Fuzzing@home: Distributed fuzzing on untrusted heterogeneous clients".
The majority of the codebase is written in Go. Some parts related to cryptography and LLVM generation are implemented in C++.