Research of Dynamic Fuzzing Methods to Identify Vulnerabilities in Program Code

Abstract

The presented article presents a study of dynamic fuzzing methods for detecting vulnerabilities in program code. At the beginning of the article the classification of program code from the point of view of fuzzing is considered, the principles by which the code can be attributed to one or another group are described, which contributes to more effective vulnerability detection. Then the article discusses the application of fuzzing. The object of fuzzing is the kernel of the Linux operating system. Syzkaller fuzzing software environment is used as the main tool. According to the results of kernel analysis the errors obtained are described and classified by criticality. Application of dynamic fuzzing methods helps to increase vulnerability resistance of both critical components and the whole system.