Education Class 7

Title: Fuzzing and automated repair of security vulnerabilities in embedded software
Instructor: Abhik Roychoudhury, National University of Singapore

Abstract: Fuzz testing is a popular technique for detecting security vulnerabilities in software systems. It proceeds by compile time instrumentation, along with a run-time biased random search to find crashing inputs. The biased random search may be guided by an objective function or by logical constraints leading to different testing setups. In this paper, we will share various mechanisms and viewpoints in adapting or adopting greybox fuzzing for embedded software. This is of increased importance due to increased movement of the attack surface towards the edge. Moreover, as the security vulnerabilities are found and published, the software systems suffer from increased exposure, which can be alleviated by automated program repair technologies. In a synergistic setting, the searches over program edits in program repair, and the search over program inputs can strengthen each other. The tutorial give the audience wide exposure on greybox fuzzing and whitebox fuzzing (also known as symbolic execution) technologies, as well as forward looking techniques for automated program repair, which are seeing increased adoption.

Bio: Abhik Roychoudhury is a Provost’s Chair Professor of Computer Science at the National University of Singapore, where he has been since 2001 after receiving his Ph.D. in Computer Science from the State University of New York at Stony Brook in 2000. He is the Director of the National Satellite of Excellence in Trustworthy Software Systems at Singapore (2019-23). He has also helped set up the Singapore Cyber-security Consortium, which is a consortium of 25 companies in the cyber-security space engaging with academia for research and collaboration. Abhik’s research focuses on software testing and analysis, software security and trust-worthy software construction. His research team is known for contributions to automated program repair, and fuzz testing. Abhik is a member of the Steering committee of the flagship conferences in Software Engineering, International Conference on Software Engineering (ICSE) and Symposium on Foundations of Software Engineering (FSE). He has served as an Associate Editor of IEEE Transactions on Software Engineering (TSE), IEEE Transactions on Dependable and Secure Computing (TDSC) and ACM Transactions on Software Engineering and Methodology (TOSEM). His former doctoral students have been placed all over the world as academics (Peking University, University College London, Max-Planck Institute, University of Melbourne, Beihang University, SUSTech, SUTD).