LAVA: Large Scale Automated Vulnerability Addition
LAVA is designed to plant security bugs in C, such as memory errors. The objective is that planting security bugs would help both evaluate fuzzers and also provide more training data as real vulnerability datasets are scarce.
Technical Debt Fixed:
- Replace all Python2 with Python3
- Upgrade LAVA to support the latest PANDA Hypercalls
- Update documentation and linting for the codebase
- Switch for LAVA to leverage PyPanda
Research Focus:
Expected August 2025: Upgrade LAVA to create new inputs so that LAVA can plant bugs outside of the ‘main path’ of code executed by the original input. Emhpasis will be on picking new files that will use branches that fuzzers would struggle with such as complicated evaluations or checking for MAGIC values.
Expected August 2026: Upgrade LAVA to work with automated exploits. Since LAVA already is aware of the addresses and triggers, utilize Angr to also provide the exploit.