Publications

Significant effort is placed on tuning the internal parameters of fuzzers to explore the state space, measured as coverage, of binaries. In this work, we investigate the effects of the external environment on the resulting coverage after fuzzing two binaries with AFL for 24 hours. Parameters such as scaling to multiple nodes, node saturation, and parallel file system type on HPC resources are controlled in order to maximize coverage. It will be shown that employing a parallel file system such as IBM's General Parallel File System offers an advantage for fuzzing operations, since it contains enhancements for performance optimization. When combined with scaling to two and four nodes, while simultaneously restricting the number of coordinated AFL tasks per node on the low end (10-50% of available physical cores), coverage may be enhanced within a shorter period of time. Thus, controlling the external environment is a useful effort.

American Fuzzy Lop (AFL) is an evolutionary fuzzer that is strategically implemented as a tool for discovering bugs in software during vulnerability research. This work seeks to understand how to best implement AFL on the High-Performance Computing resources available on the unclassified network at Sandia National Laboratories. We investigate various methods of executing AFL, requesting varying numbers of tasks on single compute nodes with 36 physical cores and 72 total threads. A Python script called Blue Claw is presented as an automated testbed generator tool to assist in the tedious process of creating and executing experiments of any scale and duration.