[PhD course] Advanced techniques for finding bugs in real-world software
Instructor
Course description
The course will cover two advanced software testing techniques, fuzzing and symbolic execution, that can be used to automatically find bugs in real-world applications. Google, Microsoft, and several other major software companies are nowadays using these two approaches 24/7 to test their software stack, identifying thousands of critical vulnerabilities. The course will introduce the main ideas behind these techniques and ask students to play with state-of-the-art analysis frameworks.
The hands-on part of the course will cover these frameworks:
The hands-on part of the course will cover these frameworks:
Schedule
We are at the third edition (2022/2023). The course is part of the educational program of the PhD program in Engineering in Computer Science and Cybersecurity from Sapienza University of Rome.
Lectures are scheduled from April 26 to May 27 (see Piazza for the exact dates):
Lectures are scheduled from April 26 to May 27 (see Piazza for the exact dates):
- Day 1: Introduction to state-of-the-art software testing techniques
- Day 2: Coverage-Guided Fuzzing: theory and practice
- Day 3: Symbolic Execution: theory and practice
- Day 4: Hybrid Fuzzing: theory and practice
- Day 5: Student presentations and project assignments
- Day 6: Student presentations and project assignments
Material
The material (slides, code, papers) of the course can be found on Piazza.
References
- C. Cadar, D. Dunbar, and D. Engler. KLEE: Unassisted and Automatic Generation of High-coverage Tests for Complex Systems Programs. Proceedings of the 8th USENIX Conference on Operating Systems Design and Implementation (OSDI 2008).
- R. Baldoni, E. Coppa, D.C. D'Elia, C. Demetrescu, and I. Finocchi. A Survey of Symbolic Execution Techniques. ACM Computer Surveys, 2018.
- I. Yun, S. Lee, M. Xu, Y. Jang, and T. Kim. QSYM: A practical concolic execution engine tailored for hybrid fuzzing. Proceedings of the 27th USENIX Conference on Security Symposium (USENIX Security 2018).
- A. Zeller, R. Gopinath, M. Böhme, G. Fraser, and C. Holler. The Fuzzing Book. https://www.fuzzingbook.org/, 2019.
- C. Aschermann, S. Schumilo, T. Blazytko, R. Gawlik, and T. Holz. REDQUEEN: fuzzing with input-to-state correspondence. Proceedings of the 26th Annual Network and Distributed System Security Symposium (NDSS 2019).
- V. Pham, M. Boehme, A. E. Santosa, A. R. Caciulescu, and A. Roychoudhury. Smart greybox fuzzing. IEEE Transactions on Software Engineering, 2019.
- S. Poeplau and A. Francillon. Symbolic execution with SymCC: Don’t interpret, compile!. Proceedings of the 29th USENIX Security Symposium (USENIX Security 2020).