UROP Openings

Have a UROP opening you would like to submit?

Please fill out the form.

Submit your UROP opening

MIPS Vulnerability Injection


Term:

Summer

Department:

6: Electrical Engineering and Computer Science

Faculty Supervisor:

Martin Rinard

Faculty email:

rinard@csail.mit.edu

Apply by:

June 2020

Contact:

rinard@csail.mit.edu

Project Description

We need to integrate our vulnerability injection system with OSS-Fuzz infrastructure (https://github.com/google/oss-fuzz/). OSS-Fuzz uses docker containers which have their own version of LLVM installed to compile the applications and run libfuzzer. We would want to change these docker containers to use our own version of LLVM (which is already published in a docker container) and compile target applications with our version of DataFlow Sanitizer. Since libfuzzer provides its own `main` function that will drive the application-provided entry point (http://llvm.org/docs/LibFuzzer.html#fuzz-target), we will have to write our own equivalent `main` function. Once this infrastructure has been set up, we will want to set up an automated (and ideally distributed) way to run aikido on all applications supported by OSS-Fuzz, collect results and find places where our system fails to inject vulnerabilities.

Pre-requisites

Interest in low-level computer security, the ability to understand the project description, and interest in the project.