Fuzzing in various forms have in recent years become increasingly powerful and useful for detecting bugs and vulnerabilities in software. The course will cover various fuzzing and testing techniques, both basics and recent developments. Covering of material will be done by course participants.
Organization:
Below is a list of topics, with suggested material to cover that topic. These topics can be adapted, and it is also perfectly OK so suggest other
complementary material. Each topic is discussed at a meeting. In advance to taht meeting, all participants have read the paper (not just skimmed), and are prepared
to discuss questions that are provided some days in advance. One participant is responsible, which means he/she will
Credits:
A tentative allocation of credits is to give 5 points for participation, including one presentation. For two presentations, we offer 7 credits.
Passive participation can earn 2 credits.
Preparation for First lecture:
Watch the Coursera Intro-video
Objectives
Each participant signs up for at least one topic.
Contents
Topics foreseen to be covered include
Additional topics that can also be covered.
Intro-video
Paper: Fuzzing: Art, Science, and Engineering
Paper: Coverage-based Greybox Fuzzing as Markov Chain. IEEE TSE 2017.
Video of talk at CCS 2016
Questions to seed the discuttions
Paper:
KLEE-paper
Other interesting Paper:
On the techniques we create, the tools we build, and their misalignments: a study of KLEE
Paper:
DART: Directed Automated Random Testing. PLDI 2005.
Other Papers:
Godefroid/Levin/molnar Automated FUzz Testing
Paper:
Towards Optimal Concolic Testing. ICSE 2018.
Paper:
DeepXplore: Automated Whitebox Testing of Deep Learning Systems
Paper:
Holler et al: Fuzzing with Code Fragments:
Paper: Junjie Wang, Bihuan Chen, Lei Wei, Yang Liu, Superion: Grammar-Aware Greybox Fuzzing
Paper:
Protocol State Fuzzing of TLS Implementations
Paper:
Introduction to Active Automata Learning from a Practical Perspective
Paper:
Evaluating Fuzz Testing (Klees etal)
Paper:
Avgerinos et al: Automatic Exploit Generation.
Paper: Avgerinos et al: Automatic Exploit Generation, CACM.
Paper:
Mining Input Grammars from Dynamic Taints
Schedule
| W | Date | Time | Place | What | |
|---|---|---|---|---|---|
| 9 | Thu | 28/2 | 10-12 | 1245 | Start, Fuzzing, intro and overview. |
| 10 | Thu | 7/3 | 13-15 | 1406 | TBD |
| 11 | Thu | 14/3 | 13-15 | 1406 | TBD |
| 12 | Thu | 22/3 | 13-15 | 1406 | TBD |
| 13 | Thu | 28/3 | 13-15 | 1345 | TBD |
| 17 | Thu | 25/4 | 10-12 | 1406 | TBD |
| 18 | Thu | 2/5 | 10-12 | 4306 | TBD |
| 19 | Thu | 9/5 | 13-15 | 1345 | TBD |
| 20 | Thu | 16/5 | 13-15 | 1345 | TBD |