세미나

[세미나] Fuzzing@Home: Distributed Fuzzing on Untrusted Heterogeneous Clients - 장대희 교수 (성신여대)
작성일2021-11-04

다음주, 저희 정보보호대학원에서는 성신여대, 장대희 교수님을 모시고 "Fuzzing@Home: Distributed Fuzzing on Untrusted Heterogeneous Clients" 주제로 아래와 같이 세미나를 개최하고자 합니다.


※ 코로나19 확산방지를 위하여 원격수업으로(ZOOM) 진행할 예정입니다.
참여를 원하시는 분들은 아래의 zoom의 참가기능을 이용하시면 됩니다.


= 아 래 =

 


o 일시
- 21.11.9(화) 16:00∼

 

※ 시작시간 5분전에 준비하여 주세요.


URL: https://zoom.us/j/2902905410
접속 비밀번호: 이메일 별도 공지

 

==================================

 


Title: Fuzzing@Home: Distributed Fuzzing on Untrusted Heterogeneous Clients


Abstract
Fuzzing is a practical technique to automatically find vulnerabilities in software. It is a proper application to scale on distributed computing platforms thanks to its parallelizability. Therefore, individual researchers and companies typically setup fuzzing platforms on multiple servers and run fuzzers in parallel. However, as such resources are private, they suffer from financial/physical limits. In this paper, we propose Fuzzing@Home; the first public collaborative fuzzing network, based on heterogeneous machines owned by potentially untrusted users. Using our system, multiple organizations (or individuals) can easily collaborate to fuzz a software of common interest in an efficient way. For the general public, one can participate and earn economic benefits if the fuzzing network is tied to a bug-bounty program, or simply donate spare computing power as a volunteer. If the network compensates collaborators, system fairness becomes an issue. In this light, we tailor fuzzers to make the computation result verifiable and devise cheat detection techniques to ensure integrity and fairness in collaboration. In terms of performance, we devise a technique to effectively sync the global coverage state hence minimizing the overhead for verifying computation results. Finally, to maximize accessibility, Fuzzing@Home uses WebAssembly to run fuzzers inside the web browser engine, allowing anyone to instantly join a fuzzing network with a single click on their mobile phone, tablet, or any modern computing device. To evaluate our system, we bootstrapped Fuzzing@Home with 72 open source projects and ran experimental fuzzing networks for 330 days with 826 collaborators as beta testers.


Bio
Daehee Jang is an assistant professor at Sungshin W. University, Security Engineering Department.
He received Ph.D. of Information Security at KAIST in 2019; and he worked as postdoctoral researcher at Georgia Tech until 2020.
He participated in various global hacking competitions (such as DEFCON CTF) and won several awards.
He received a special prize from 2016 KISA annual event for finding 0-day security vulnerabilities in many software products.
Also, he is the founder of pwnable.kr wargame - an education platform for training hacking skills.


※ 카이스트 정보보호대학원 세미나는 카이스트 학생/교수, 그리고 Security@KAIST 컨소시움 Silver 등급 이상의 회원사에 무료로 제공됩니다.


감사합니다.