Title

Detect Program Property Violations Using Fuzzing

Yongheng Chen

Ph.D. Candidate in Computer Science

School of Cybersecurity and Privacy

Georgia Institute of Technology

Date/Time: Nov 20, 2023, 11:00 AM to 12:00 PM Eastern Time (US and Canada)

Location: Coda C1008 Bolton or join with zoom

Committee:

Dr. Wenke Lee (advisor), School of Cybersecurity and Privacy, Georgia Institute of Technology

Dr. Saman Zonouz,  School of Cybersecurity and Privacy, Georgia Institute of Technology

Dr. Brendan Saltaformaggio, School of Cybersecurity and Privacy, Georgia Institute of Technology

Dr. Daniel Genkin, School of Cybersecurity and Privacy, Georgia Institute of Technology

Dr. László Szekeres, Google

Abstract:

Fuzzing is a widely recognized technique in detecting program property violations such as crashing. However, its effectiveness is primarily limited by two factors: first, the challenge of achieving comprehensive code coverage due to modern software's complex input domains and stringent input requirements; and second, even with high coverage, current fuzzing methods struggle to identify non-crashing property violations.

This PhD proposal aims to systematically address these constraints. We first improve fuzzing effectiveness by developing enhanced methodologies for test case generation and redesigning parallel fuzzing’s architecture. Then we refine the detection capabilities of fuzzing, allowing it to capture a broader spectrum of property violations, particularly those that do not manifest through crashes. By integrating these enhancements, the proposed research aspires to better apply fuzzing to safeguard software systems against a wider array of vulnerabilities.