Targeting Suspect Code with Static Analysis for Fuzzing




Fuzzing is an automated technique for discovering bugs and vulnerabilities in software. Coverage-guided greybox fuzzers use code coverage to drive themselves towards exploring new and interesting code within a program, with the ultimate goal of uncovering security-interesting bugs. However, not all code is considered equal when it comes to vulnerabilities!

In this project, the student will explore using static analyses (using the LLVM compiler framework) to score blocks of code depending on how likely they are to contain bugs. This will then prioritise code for the fuzzer to explore. For example, if a region of code calls functions that are prone to memory errors (e.g., strcpy, etc.), or performs complex pointer arithmetic, then there may be a higher probability of that code region containing a bug.

The student will learn about static analysis techniques (with a focus on security-related analyses), and work with the LLVM IR to implement these analyses.


The ideal student will have  a solid background in C++ programming and an interest in software security, static analysis, and compiler techniques.


Software security, fuzzing, static analysis.

Updated:  1 June 2019/Responsible Officer:  Dean, CECS/Page Contact:  CECS Marketing