Thời gian: 9.30 ngày 6/9/2017
Địa điểm: phòng 803, nhà B1, Đại học Bách khoa Hà Nội
Người trình bày: TS. Phạm Văn Thuận
Title: Enhancing Directed Search in Black-box, Grey-box and White-box Fuzz Testing
Abstract:
Fuzz testing (or fuzzing) techniques, which include (model-based) black-box, coverage-based grey-box and white-box approaches, have become prominent in software testing. However, given an inadequate test suite they are not skilled at directing the exploration to reach given target locations and expose bugs in large program binaries that take highly-structured inputs. We observe that these limitations can be circumvented by improving the directed-ness of these fuzzing approaches. This presentation will focus on a set of directed search algorithms for black-box, grey-box and white-box fuzz testing. The experimental evaluations on two applications of directed fuzzing — crash reproduction and patch testing — show that the techniques effectively guide the search and successfully reproduce 19 crashes and discover 14 zero-day vulnerabilities (5 CVEs assigned) in large real-world (binary) programs (e.g., Adobe Reader, Windows Media Player, Binutils) taking highly-structured file formats (e.g., PNG, WAV, PDF).
Bio:
Van-Thuan Pham got his PhD from NUS in 2017. He received his Master and Bachelor degrees from Hanoi University of Science and Technology in 2009 and 2007, respectively. He is passionate about doing R&D on automated testing to improve the reliability of software systems running on all types of computing devices such as embedded systems, mobile devices, personal computers and servers. Beside his academic research work, he also has experience in working and collaborating with industry in other projects in embedded systems, image processing, manufacturing management systems and simulations.
Trân trọng kính báo và kính mời quý vị quan tâm tham dự