Using Fuzz Testing to Detect Software Tampering

Project Summary

It is essential to have the ability to verify that software operating on arms control monitoring equipment is within agreed parameters and has not undergone modification. Existing approaches to ensuring the absence of tampering are outdated and are easily defeated by a motivated adversary. Specifically, we use a coverage-guided, gray-box fuzzing approach to test the response of binaries to a wide range of inputs to increase confidence that the binary is behaving as expected. Our approach brings modern software analysis tools to bear to address today’s challenges. Success in our project would enable identification of a critical mass of alterations of a software’s logic that have the potential to affect the output of the nuclear monitoring software, and provide a different result to inspectors.

This project is supported by the National Nuclear Security Administration Office of Defense Nuclear Nonproliferation Research and Development.

Principal Investigators:

Sean Peisert (PI; LBNL)
Barton Miller (Co-PI; University of Wisconsin-Madison)

Senior Personnel:

Joshua Boverhof (LBNL)
Elisa Heymann Pignolo (University of Wisconsin-Madison)
Jayson Vavrek (LBNL)

Collaborators:

Jay Brotz (Sandia)
James Davis (Sandia)

Students:

Lawrence Su (University of Wisconsin-Madison)

Former Students:

Luozhong Zhou (B.S. 2024, University of Wisconsin-Madison → M.S. program, MIT)

Publications resulting from this project:

Jayson R. Vavrek, Luozhong Zhou, Joshua Boverhof, Elisa R. Heymann, Barton P. Miller, and Sean Peisert. Differential Fuzz Testing to Detect Tampering In Sensor Systems and its Application to Arms Control Authentication, arXiv preprint 2404.05946, 9 Apr 2024.

More information is available on other Berkeley Lab research projects focusing on cybersecurity.