Published Research

Sienna Locomotive

Fuzzing is one of the most effective and low-cost techniques for finding bugs and building resilient software. However, many developers don’t incorporate it into their development workflow. There are several possible reasons for this. One is that fuzzers can be difficult to set up, or that developers may not be able to structure their software in a way that’s amenable to fuzzing. Another still is that fuzzing tends to produce hundreds or thousands of crashes, leaving users to triage them manually with heuristics.

We believe that fuzzing should be more accessible for non-security users and should include a post-processing component that automatically groups crashes with similar fundamental causes and categorizes their severity.

That’s why we engineered Sienna Locomotive. It brings fuzzing and crash triage to developers in an immediately deployable system capable of operating in-house and offline on Windows software. It reduces the time, resources and expertise required to take advantage of fuzzing, and delivers intelligent insight from the fuzzers’ results.

We continue to pursue advanced research in taint analysis, symbolic execution, constraint solving, concolic execution, and crash analysis to improve the functionality of both Sienna Locomotive and the underlying dynamic binary instrumentation framework it relies on: DynamoRIO.

If you need a usable, self-triaging fuzzer engineered with the latest best practices to run on-site for your organization, consider using Sienna Locomotive. The source code is now available on Github.