11월 27일(화)에 세미나가 12월 4일(수)로 일정이 변경되어 알려드립니다.
12월 4일에 오시는 분은 Tsinghua University의 교수 및 칭화대 해킹팀 Blue-Lotus CTF team 코치로서 활동하는
Chao Zhang교수님을 모시고 "Discover Vulnerabilities with Flow-Sensitive Fuzzing" 주제로
아래와 같이 세미나를 개최하고자 합니다.
많은 참석 부탁드립니다.
= 아 래 =
o 일정 및 장소
- 일시: 2019.12.4(수)16:00~
- 장소: N1건물 110호
Title: Discover Vulnerabilities with Flow-Sensitive Fuzzing
Coverage-guided fuzzing is a widely used and effective solution to find software vulnerabilities. Tracking code coverage and utilizing it to guide fuzzing are crucial to coverage- guided fuzzers. However, tracking full and accurate path coverage is infeasible in practice due to the high instrumentation overhead. Moreover, there are many data constraints in programs, blocking fuzzing from reaching high code coverage. We therefore proposed two solutions to further improve the efficiency of fuzzing, including a control-flow sensitive fuzzing solution CollAFL (published in IEEE S&P 2018) and a data-flow sensitive fuzzing solution GreyOne (accepted by USENIX Security 2020). In this talk, I will present the design and evaluation results of these two solutions.
Dr. Chao Zhang is an Associate Professor at Tsinghua University. He was a member of the CTF team Blue-Lotus and now the coach. His research interest lies in system and software security, especially in vulnerability analysis. He has proposed several automated vulnerability detection solutions and found over 200 CVE vulnerabilities. He co-led a team CodeJitsu from UC Berkeley and built an automated system Glactica which did excellently in the Cyber Grand Challenge launched by DARPA.