Model-based fuzzing using symbolic transition systems work in progress

As software is getting more complex, the need for thorough testing increases at the same rate. Model-Based Testing (MBT) is a technique for thorough functional testing. However, MBT cannot perform non-functional security testing. Fuzzing is a technique for automatically detecting vulnerabilities in software. Many different fuzzing approaches have been developed in the last years, ranging from random black-box to grammar-based white-box with structured input. In this research, we conduct a systematic review of state-of-the-art fuzzers and perform experiments where we combine multiple fuzzing approaches with MBT. Ultimately, we will choose the fuzzer that performs best, and integrate it into an MBT toolset. We reviewed state-of-the-art fuzzing techniques and implementations and composed a list of candidate fuzzers that can be used in combination with MBT. We developed a generic wrapper that enables a model-based System Under Test (SUT) to be fuzzed with American Fuzzy Lop (AFL), a popular general-purpose fuzzer. Additionally, we developed a dictionary generator, that extracts basic model information and supplies it to AFL.