Fuzz Testing
Today, greybox fuzzing is the primary mechanism for finding vulnerabilities in software, and is used in corporations on a daily basis. These fuzz testing methods to find security vulnerabilities in software systems will be the main topic of this talk. At a technical level, fuzzing represents a biased random search with different machinery to control the bias. We discuss how the random search in fuzzing can be inspired by ideas from symbolic execution and model checking to go beyond conventional fuzzing methods, without sacrificing the efficiency of fuzzing. These observations have prompted our works in the area. By aligning thematically closer with symbolic execution, we can achieve directedness in the fuzzing search. By aligning closer with model checking, the technique can also find deeper bugs beyond simple crashes, such as violations of Linear-time Temporal Logic or LTL properties (covering the full LTL specification including liveness properties) which are out of the ability of conventional fuzzers. If time permits, we will conclude with our recent works on extending fuzzing to concurrent and distributed systems.
Abhik Roychoudhury (https://abhikrc.com) is Provost’s Chair Professor of Computer Science at the National University of Singapore (NUS), where he leads a research team on Trustworthy and Secure Software (TSS). His research group is known for contributions to automatic programming and automated program repair, as well as to fuzzing and symbolic execution. These have been honored with various awards including an Intl Conf on Software Engineering (ICSE) Most Influential Paper Award (Test-of-time award) for program repair. Doctoral students graduated fom his research team have taken up faculty positions in many academic institutions including Max Planck Institute, University College London, University of Melbourne, Concordia University and NUS. He has served the software engineering research community in various capacities including as chair of the major conferences of the field, ICSE and FSE. Abhik received his PhD in Computer Science from State University of New York at Stony Brook in 2000.