Problem Statement ID :- 1746
Problem Statement Title :-- Improving open source software security using Fuzzing
Background: Fuzzing is an automated process of identifying software vulnerabilities by supplying unexpected and faulty inputs to the software. The main aim of fuzzing is to identify the crucial edge cases where a software might fail. Therefore, fuzzing provides a crucial insight into the stability and security of the software. The process of fuzzing can be divided into following broad steps – 1. Identification of Target Function(s) – Target function(s) are typically those functions that act as entry points for processing input data. They use various APIs to perform operation on the input data. 2. Developing harness – Harnesses are small code stubs whose sole purpose is to invoke the target function by using mutated data inputs. A harness bridges the gap between how the fuzzer generates input and how the target application receives and processes the input. 3. Fuzzing - In this step, a fuzzer is used to generate numerous data inputs which are then passed to the target function using the harness. The fuzzer checks whether the application crashes by processing a certain input. If a crash occurs, then it saves the input and the memory state of the crash to file for later analysis. Description: Fuzzing has proven its effectiveness in discovering thousands of vulnerabilities in file-processing and stateless applications. In fuzzing, and automated testing in general, designing test oracles is crucial. In this challenge the team is supposed to fuzz an open source software namely the Windows variant of Sumatra PDF Reader software (version 3.5.2 or later). Sumatra PDF Reader is a very popular open source and widely used PDF viewing software. In this challenge, teams are required to develop a working harness for fuzzing of the latest version (version 3.5.2 or later) of Windows Sumatra PDF Reader software solution, fuzzed on any fuzzer of their choice. The submission will be evaluated on the following criteria – 1. Target functions identified 2. Live demonstration of fuzzing harness developed 3. Code Coverage achieved 4. Technical report submitted by the team. Expected Solution: Each team must provide a fuzzing harness that is capable of fuzzing the windows software solution of the Sumatra PDF Reader (version 3.5.2 or later). This fuzzing harness must identify target functions and supply appropriate arguments for the invocation of such functions. The fuzzing harness will be run using a fuzzer (preferably WinAFL). Each team must submit a working harness along with a technical report stating – 1. Reversing steps undertaken 2. Target functions identified 3. Dependencies identified
#smartindiahackathon #sih2024 #sih #smartindiahackathon2024 #thoughtsrevoked
