Dowser is a research program toward security testing for binary software—without access to source code. It is supported by an NWO VICI grant.
Today, the effectiveness of security testing for binary software, or ‘fuzzing’, is very limited. The idea behind fuzzing is that testers feed a program invalid, unexpected, or random data—to see if it crashes or exhibits unexpected behavior. Without knowing how the binary works, fuzzing is like shooting in the dark—the chances of hitting an
interesting bug are small. Whatever vulnerabilities you find are typically just shallow bugs. Alternatively, one can simply try to cover all possible states of a program to be sure that all bugs are encountered eventually. Not only is this form of ‘white-box fuzzing’ extremely time consuming, covering all (or even most) states is often not possible for real software.
The key insight in Dowser is that we can improve security testing by using information extracted from the binary: data structures, algorithms, etc. Once we know what code, data structures, or execution points are potential security vulnerabilities, we guide our tests toward these points. Extracting such information by reverse engineering is the key