Homepage
About SEG
SEG News
SEG Seminar
Research
Tools
Internal Site
People
Publication
Curriculum
Album
Hot Link
Contact SEG
Academic lecture from Dr. Yu Jiang

报告标题: Empirical Evaluation of Fuzzing Techniques and Some Potential Enhancements

报告人姜宇

报告时间: 20201014(周三) 15 : 00

报告地点线上报告,腾讯会议ID: 618 678 191

 

报告摘要

Fuzzing is a promising method for discovering vulnerabilities. Recently, various techniques are developed to improve the efficiency of fuzzing, and impressive gains are observed in evaluation results. However, evaluation is complex, as many factors affect the results, for example, benchmark, baseline and metrics. In order to restore the comparability and authenticity of existing fuzzing works, in this talk, we present an empirical evaluation of fuzzing techniques. First, we systematically evaluate typical fuzzers on a unified test suite with carefully selected metrics. By analyzing the results, we summarize common pitfalls optimizing a fuzzer. Furthermore, to understand the root causes behind the pitfalls, we conduct experiments and propose directions to overcome the problems, and demonstrate how to customize it to different domains such as deep learning, block-chain and industry control. 

 

报告人简介:

姜宇,清华大学软件学院副教授。重点关注人工智能、工控等领域的软件安全,利用深度学习与模糊测试等技术,进行软件缺陷的自动挖掘与理解。相关工具在广泛使用的系统软件中累积发现500余个缺陷,其中125个漏洞(例如操作系统Linux-kernel 漏洞 CVE-2019-7707 和工控协议Lib-iec61850 漏洞 CVE-2018-19121)被收录入美国国家信息安全漏洞库。相关成果以第一作者或通讯作者在SecurityEMSOFTASETSE等知名会议和期刊上发表论文50余篇,并获ACM EMSOFT ICSE-SEIP等会议的最佳论文或提名奖5次。曾获2015年中国计算机学会优秀博士论文奖、2018年中国科协青年托举人才计划、2020年阿里巴巴达摩院青橙奖。主持华为、阿里、三菱重工等企业创新研究基金10余项及国家自然科学基金优秀青年基金项目1项。