eprintid: 10203994 rev_number: 11 eprint_status: archive userid: 699 dir: disk0/10/20/39/94 datestamp: 2025-02-27 10:27:29 lastmod: 2025-02-27 10:27:29 status_changed: 2025-02-27 10:27:29 type: thesis metadata_visibility: show sword_depositor: 699 creators_name: Blackwell, Daniel Jordan title: Fuzzing and information flow ispublished: unpub divisions: UCL divisions: B04 divisions: F48 note: Copyright © The Author 2025. Original content in this thesis is licensed under the terms of the Creative Commons Attribution-NonCommercial 4.0 International (CC BY-NC 4.0) Licence (https://creativecommons.org/licenses/by-nc/4.0/). Any third-party copyright material present remains the property of its respective owner(s) and is licensed under its existing terms. Access may initially be restricted at the author’s request. abstract: Maintaining the secrecy of confidential information in software systems is a common problem; from file ownership and read-write permissions in filesystems to user account specifics in web applications. The academic research area of information flow control has worked on solving the problem of validating that software satisfies security policies for decades. Much of this work has required either significant developer intervention, failed to scale to real-world software systems, or is not automatable. This thesis applies the automated testing technique fuzzing to the problem of information flow control; in particular looking for leaks of confidential information through program outputs, as opposed to through side-channels. As a system-level testing approach, the level of developer intervention is relatively low and scalability high. The contributions of the thesis are divided into three distinct chapters: Firstly, how a fuzzer can be used to detect instances of confidential information being leaked. The basis of this approach is hypertesting; in which finding two inputs that differ only in their secret parts, but result in differing program outputs indicates a leak. The produced tool, LeakFuzzer, is evaluated on a newly collected set of benchmarks including 9 real-world programs containing CVEs classified as information leaks. These are up to 905,000LoC in size, and thus test scalability. The next chapter extends this to include estimates of the quantity of information leaked through program outputs. Again the produced tool, NIFuzz, is evaluated on range of programs including CVEs. The final chapter looks at improving the efficiency of grey-box fuzzers. The developed approach makes use of knowledge of the target program's control flow graph in order to better decide how to divide up the mutation effort. The technique and its implementation, PrescientFuzz, are applicable not only to information flow control; and PrescientFuzz outperforms other fuzzers at achieving program coverage on the Fuzzbench benchmark suite. date: 2025-01-28 date_type: published oa_status: green full_text_type: other thesis_class: doctoral_open thesis_award: Ph.D language: eng primo: open primo_central: open_green verified: verified_manual elements_id: 2355862 lyricists_name: Blackwell, Daniel lyricists_id: DBLAC75 actors_name: Blackwell, Daniel actors_id: DBLAC75 actors_role: owner full_text_status: public pages: 229 institution: UCL (University College London) department: Computer Science thesis_type: Doctoral citation: Blackwell, Daniel Jordan; (2025) Fuzzing and information flow. Doctoral thesis (Ph.D), UCL (University College London). Green open access document_url: https://discovery.ucl.ac.uk/id/eprint/10203994/2/PhD_Thesis_Deposit.pdf