10月22日,UC Davis教授、字节跳动AI实验室安全科学家陈浩与您相约清华!

时间:10月22日(周二)13:40-15:00

地点:清华大学FIT3-225

演讲人:Prof. Hao Chen, UC Davis 

演讲题目:Principled fuzzing driven by mathematics

内容摘要

Fuzzing is a popular technique for finding software bugs. However, fuzzers based on random mutation have difficulty producing quality inputs. We propose a principled fuzzing framework driven by mathematics. Our goal is to increase branch coverage by solving path constraints without symbolic execution. To solve path constraints efficiently, we introduce several key techniques: scalable byte-level taint tracking, context-sensitive branch count, search based on gradient descent, and input length exploration. To overcome the challenges of solving path constraints involving deeply nested conditional statements, first we identify all the control flow-dependent conditional statements. Next, we select the taint flow-dependent conditional statements. Finally, we use three strategies to find an input that satisfies all conditional statements simultaneously. We compared our fuzzer with other state-of-the-art fuzzers on 13 open source programs, and our fuzzer achieved significantly higher cumulative line and branch coverage. We manually classified the crashes found by our fuzzer into 41 unique new bugs and obtained 12 CVEs.

演讲人简介

陈浩 UC Davis教授、字节跳动AI实验室安全科学家

Hao Chen is a Professor in the Department of Computer Science at the University of California, Davis. Currently he is on academic leave and is leading the security research group at ByteDance AI lab. His research focuses on a broad range of security problems, including machine learning security, software security, and mobile and wireless security. His work on fuzzing includes Angora (S&P ’18) and Matryoshka (CCS ’19). He received his PhD at the Computer Science Division at the University of California, Berkeley in 2004 advised by Professor David Wagner.

联系人:张超  chaoz@tsinghua.edu.cn  

              清华大学网络科学与网络空间研究院

Bookmark the permalink.

Comments are closed.