Dongdong She

Assistant professor at the Hong Kong University of Science and Technology, CSE department

Summary

Title

Unlock the Potential of General-purpose Fuzzing: An Optimization Approach

Abstract

Based on the application domains, fuzzing can be categorized into general-purpose fuzzing (i.e., testing all kinds of software) and domain-specific fuzzing (e.g., testing a specific type of software). AFL havoc mode/AFL++ is the most powerful general-purpose fuzzer, and it has been used in the Google OSS-Fuzz project to harvest tons of bugs. Despite the significant advancement of fuzzing research, general-purpose fuzzing still relies on random strategies and human-written heuristics. In this talk, we show that by formulating general-purpose fuzzing as an online stochastic control problem, a combination of lightweight optimization algorithms can significantly boost its performance. We present FOX, a novel general-purpose fuzzer that can beat the strongest mode of AFL++ (with CMPLOG and fuzzing dictionary) up to 26.45% on standalone programs and 6.59% on FuzzBench programs.

Speaker

Dongdong She is an assistant professor at the Hong Kong University of Science and Technology, CSE department. He obtained his PhD from the CS department at Columbia University. Before Columbia, He earned his M.S. from UC Riverside and B.S. from Huazhong University of Science and Technology. He is broadly interested in security and machine learning. He is particularly interested in applying data-driven approaches (e.g., LLM, optimization) to solve traditional security problems (e.g., vulnerability detection, software testing, program analysis). Multiple PhD positions are available, send him an email at [email protected] if you are interested. 

Schedule