Title : Towards Resource-Aware Fuzzing

Speaker : Sang Kil Cha, Ph.D (Carnegie Mellon University)
Date : 2015.09.16(Wed) 17:00 ~ 18:00
Location : #202, Woojung CIC Building.

Abstract:
As software permeates every facet of life, it is imperative to assure the safety of software systems. Software vulnerabilities—exploitable software bugs—allow an attacker to destroy privacy, steal identities, and even extort money from victims. Therefore, software bugs must be discovered before an attacker can exploit them. In this talk, I will present our work on mutational fuzzing, a software testing technique for finding software bugs. Specifically, I argue that the efficiency of mutational fuzzing can drastically change depending on its parameters, and thus, automatic parameter optimization can help in improving the fuzzing efficiency. We validate this argument by designing, implementing, and evaluating several systems that employ novel techniques optimizing parameter selection for mutational fuzzing. Our specific contributions are that (1) we precisely define fuzzing and its parameter space; (2) we analytically study the effectiveness of mutational fuzzing in terms of bug finding probability; and (3) we then address three strategies in optimizing mutational fuzzing over the parameter space in terms of the number of bugs found.


Bio:
Sang Kil Cha completed his Ph.D in the Electrical & Computer Engineering department of Carnegie Mellon University. His current research interests revolve mainly around software security, software engineering, software systems, and program analysis. He received an ACM distinguished paper award in 2014. He is also one of the founders of Plaid Parliament of Pwning, the hacking team at CMU.