Talk by Rohan Padhye Thursday 10:30 "Bending Fuzzers to One's Own Will"
as promised, here is the second of two talks highly recommended for fuzzing enthusiasts. (You will understand that in the light of these excellent speakers, we did not want to add our own lecture to the set.)
This Thursday 10:30-12:00, Rohan Padhye (U Berkeley) will give a talk on "Bending Fuzzers to One's Own Will" (CISPA lecture hall). Rohan works on highly relevant fuzzing techniques that not only are extremely innovative, but also in daily use in companies like Netflix and Samsung. Very much recommended!
Looking forward to see you,
- - cut here - -
You are cordially invited to a talk by Rohan Padhye.
10.30 – 12.00
CISPA building, E9 1, lecture hall
Bending Fuzzers to One's Own Will
Software bugs affect the security, reliability, and performance of critical software systems that much of our society depends on. The predominant form of ensuring software quality in practice is via testing. Although software developers have considerable domain expertise, handcrafted test cases often fail to catch corner-case bugs. Automated testing techniques such as random fuzzing have become popular for discovering unexpected inputs which crash programs that parse binary data. However, their effectiveness as push-button tools is limited when the test program, the input format, or the testing objective becomes complex.
Can we make automated testing tools smarter by leveraging the domain knowledge of software developers? In this talk, I will describe novel program analysis and fuzzing techniques that draw upon external artifacts ranging from existing functional tests to explicitly provided specifications. The corresponding research tools such as JQF, Zest, PerfFuzz, and FuzzFactory have uncovered new classes of software bugs that are beyond the reach of prior work, have helped identify security vulnerabilities in real-world software that runs on billions of devices, have been adopted by firms such as Netflix and Samsung, and have been commercialized as services by startups. The talk will also outline my vision for data-driven automated testing in the future.
Rohan Padhye is a PhD candidate at the University of California, Berkeley. Rohan’s research focuses on dynamic program analysis and automated test-input generation. He is the recipient of an ACM SIGSOFT Distinguished Paper Award, a Distinguished Artifact Award, a Tool Demonstration Award, as well as an SOSP Best Paper Award. Rohan is also the lead designer of the ChocoPy programming language, which underpins the standard compilers course at Berkeley. He previously worked full time at IBM Research and holds a master’s degree from IIT Bombay.