This seminar is about discovering the wide range of fuzz testing approaches and taking a deep dive into a specific subtopic. Please subscribe to this mailing list to receive relevant updates.
The seminar is organized like a real academic conference. You need to prepare a written paper (German or English) about the selected topic with 8-10 pages in ACM double-column style.
After submitting your paper at our conference system, you will write two short reviews about two of the papers submitted by your fellow students. In this way, you can give them feedback about how to improve their paper. Then, you will have time to improve your own final paper with reviews from the others.
Last but not least, you will give a 15 minutes talk about your paper and we will provide cookies to enjoy the talks at our small conference.
News and important information will be distributed via a mailing list. All participants should subscribe here to receive relevant updates.
Often the same functionality is implemented in competing implementations (e.g. gcc vs clang). Although these are implemented differently, they are required to behave identically on the same input. Differential testing is a method which finds discrepancies in programs.
Machine Learning can be used to aid fuzzing approaches in different steps of the fuzzing pipeline.
Fuzzers often face the unexpected problem of finding too many crashes. These are often similar or low-quality and do not constitute an interesting result. Thus, it is necessary to reduce, deduplicate or rank the fuzzing output.
A lot of application have strong requirements for the structure of their input and discard any malformed string. Fuzzers that generated unstructured input are not able to reach deeper functionality of these programs. Grammar-aware fuzzers on the other hand produce structurally sound inputs and can test deeper layers of the programs.
When taking a look at where to find flaws such as bugs or even security vulnerabilities in software, it becomes apparent, that not every piece of code is equally likely to contain such a flaw. Hence, approaches were being developed to guide the fuzzing process towards certain code segments.
Setting up a fuzzing process for Linux command line programs is rather straight forward while the opposite holds true for Windows GUI applications. Fuzzing GUI applications, especially Windows-GUI applications, comes with a set of unique challenges which are to be solved in order perform profitable fuzzing processes. What are these challenges and what approaches have so far been used to cope with them?
Fuzzing software applications is an active area of research with many researchers exploring various ways to improve certain aspects of the fuzzing process. When reading through these many approaches one might easily get lost in the details and lose track of the big picture. But what does this big picture look like anyway?
Unfortunately in many cases, setting up a profitable fuzzing process requires patching the target software, because it may expect certain checksums or magic values to be present in its input. These kind of input constraints constitute roadblocks for the fuzzing process, since it is highly unlikely for the fuzzer to get them right by chance. How can one cope with such hurdles without having to manually patch a target?