Bachelor- and Master Seminar

Dear All,

I had accidentally deleted the seminar announcement :) Here it is back up. Please check the post about changes!

Session A
Joshua Renckes - Paul Kalbitzer - Paul Szymanski

https://cispa-de.zoom.us/j/96786205841?pwd=M3FOQ3dSczRabDNLb3F1czVXVUpvdz09

Meeting-ID: 967 8620 5841
Kenncode: BT!u5=

Session A:

14:00-14:30

Speaker: Joshua Renckens

Type of talk: Bachelor Intro

Advisor: Prof. Andreas Zeller

Title: 0KFuzzer: Applying Systematic Exploration to Binary Templates

Abstract:
Fuzzing is a technique used to test the robustness of programs by automatically generating inputs and feeding them into programs under test. However, using only randomly generated inputs is not a good way to achieve great code coverage. Most will immediately fail at the beginning of the program execution due to not matching the structure that is expected of the input.

Ways to mitigate this are grammar-based fuzzers. They take grammars that specify languages first and then base the input generation on the specified language. This makes sure that a certain input structure is maintained, reaching parts of the test programs random fuzzing wouldn't be able to reach. The k-path algorithm improves on these grammar-based fuzzers by making sure that all of the grammar is systematically covered.

The FormatFuzzer has an idea similar to grammar-based fuzzers but it takes binary templates that specify file formats as inputs instead of grammars. It compiles them into C++ code that then acts as a generator of inputs according to the format specification described in said templates. This thesis aims to improve on the FormatFuzzer by combining it with the k-path algorithm, taking the systematic coverage of grammars and using it on format specifications. This combination of the FormatFuzzer and the k-path algorithm will then be evaluated against the default FormatFuzzer to compare language coverage and program coverage.

 

14:30-15:00

 

Speaker: Paul Kalbitzer

Type of talk: Bachelor Intro
Supervisor: Prof. Dr. Andreas Zeller
Advisor: Dr. Rafael Dutra

Title: Statistics-based testing with the Format Fuzzer

Abstract: Fuzzing is an automated testing method that uses an immense number of
automatically generated inputs to examine the behaviour of the program under
test. These inputs are usually randomly generated to detect crashes or other
errors. When testing programs that receive files as input, the problem arises
that formats are very complex and that input that does not meet the structural
requirements is rejected by the program in an early parsing phase. This in turn
results in a low code coverage, which is tantamount to a fuzzing result without
meaningfulness.

The FormatFuzzer, a structure-aware approach, counters this problem by
using binary templates. In this way, it ensures that structural requirements for
inputs are met in order to be able to test programs with complex input requirements.
However, the FormatFuzzer does not yet allow to declare probabilities
in general, as well as for individual variables. This makes it impossible for example,
to focus on uncommon aspects of a format.

The goal of my thesis is to present a version of FormatFuzzer that supports
the use of statistics and probabilities, but does not depend on their existence.
The focus is on offering the possibility to generate files based on probability
distributions, to be able to direct test generation towards a specic direction.

15:00-15:30

Speaker: Paul Szymanski
Type of talk: Bachelor Intro
Advisor: Cristian-Alexandru Staicu
Title: A Study of State-of-the-Art Call Graph Creation Approaches for JavaScript

Call graph creation is an important stepping stone for building sophisticated static analyses, e.g., taint analysis. However, many state-of-the art tools perform poorly when faced with real-world code. That is, many of the available call graph creation tools for JavaScript are extremely fragile and thus, fail to produce a call graph when certain language constructs are present in the analysed code. For example, many such tools only support ECMAScript 5 features, while practitioners rely on more modern syntax. Some call graph creation tools solve this problem by performing a transpilation step, e.g., using Babel, on the code before processing it further. Although these transformations are assumed to be preserving the functionality of the code, the transformations might result in different call graphs. This might be the case for other kinds of transformations, like obfuscation and minification, as well.
The goal of this bachelor thesis is to study existing call graph creation algorithms and identify their limitations, i.e. which language constructs are the most difficult to analyse. Additionally, we are interested in identifying code transformation techniques with the highest impact on the performance of static call graph algorithms, both beneficial and detrimental.