||2019 年 7 月 3 日 10:00 -11:30
||复旦大学张江校区，软件楼 102 第二会议室
Hybrid testing leverages fuzz testing to test easy-to-reach code regions and uses concolic execution to explore code blocks guarded by complex branch conditions. As a result, hybrid testing is able to reach deeper into program state space than fuzz testing or concolic execution alone. However, the design of hybrid testing has been coverage-centric, leading to inefficiency in bug coverage and deficient in bug triggering. In this talk, I will present SAVIOR, a new hybrid testing framework pioneering a bug-driven principle. Unlike the existing hybrid testing tools, SAVIOR prioritizes the concolic execution of the seeds that are likely to uncover more vulnerabilities. Moreover, SAVIOR verifies all vulnerable program locations along the executing program path. By modeling faulty situations using SMT constraints, SAVIOR reasons the feasibility of vulnerabilities and generates concrete test cases as proofs. Our evaluation shows that the bug-driven approach outperforms mainstream automated testing techniques, including state-of-the-art hybrid testing systems driven by code coverage. According to the evaluation on 11 well fuzzed benchmark programs, within the first 24 hours, SAVIOR triggers 481 UBSAN violations, among which 243 are real bugs.
Jun Xu is an Assistant Professor in the Computer Science Department at Stevens Institute of Technology. He received his PhD degree from Pennsylvania State University and his bachelor degree from USTC. His research mainly lies in the areas of software security and system security. He has published many papers at top-tier cyber security conferences, including IEEE S&P, ACM CCS and USENIX Security. His recent research focuses are automated software testing and binary code analysis. He is a recipient of ACM CCS Outstanding Paper Award, Penn State Alumni Dissertation Award, RSA Security Scholar Award and USTC Guo-moruo Scholarship.