View Proposal

---

Proposer

Adam Sampson

Title

Use fuzzing to identify faults in emulators

Goal

Use coverage-directed fuzzing to find ways in which emulators fail to correctly simulate the architecture they're emulating

Description

Coverage-directed fuzzing is a highly effective technique for testing software - it combines random input with feedback from software coverage measurement to generate input that explores all the possible paths of execution through a piece of software. An emulator such as qemu, simh or MAME executes software written for a different architecture by simulating the CPU and peripherals in software. Faults in emulation are common - either producing incorrect results, or worse, producing security holes. However, if you have two emulators for a given architecture - or an emulator and a real CPU - then you could detect faults by using fuzzing to generate code, running it on both, and comparing the results; if they don't match, or the emulator crashes, you've found a problem. I would suggest picking a simple, common architecture with lots of different emulators available (Z80, 6502...) to maximise the chance of finding an interesting problem. (A previous student had a good attempt at this with a custom emulator, so I'd like the focus to be on analysing faults in existing emulators.)

Resources

Background

Url

Difficulty Level

Moderate

Ethical Approval

Full

Number Of Students

1

Supervisor

Adam Sampson

Keywords

fuzzing, testing, emulation, cpu, security

Degrees

Bachelor of Science in Computer Science
Bachelor of Science in Computer Systems
Master of Engineering in Software Engineering
Master of Science in Computer Science for Cyber Security
Master of Science in Computing (2 Years)
Master of Science in Information Technology (Software Systems)
Master of Science in Network Security
Master of Science in Software Engineering
Bachelor of Science in Computing Science
Bachelor of Engineering in Robotics
Bachelor of Science in Computer Science (Cyber Security)