Andreas Zeller (CISPA Helmholtz Center for Information Security)

Do you fuzz your own program, or do you fuzz someone else's program? The answer to this question has vast consequences on your view on fuzzing. Fuzzing someone else's program is the typical adverse "security tester" perspective, where you want your fuzzer to be as automatic and versatile as possible. Fuzzing your own code, however, is more like a traditional tester perspective, where you may assume some knowledge about the program and its context, but may also want to _exploit_ this knowledge - say, to direct the fuzzer to critical locations.

In this talk, I detail these differences in perspectives and assumptions, and highlight their consequences for fuzzer design and research. I also highlight cultural differences in the research communities, and what happens if you submit a paper to the wrong community. I close with an outlook into our newest frameworks, set to reconcile these perspectives by giving users unprecedented control over fuzzing, yet staying fully automatic if need be.

Speaker's biography

Andreas Zeller is faculty at the CISPA Helmholtz Center for Information Security and professor for Software Engineering at Saarland University, both in Saarbrücken, Germany. His research on automated debugging, mining software archives, specification mining, and security testing has won several awards for its impact in academia and industry. Zeller is an ACM Fellow, an IFIP Fellow, an ERC Advanced Grant Awardee, and holds an ACM SIGSOFT Outstanding Research Award.

View More Papers

Analyzing and Creating Malicious URLs: A Comparative Study on...

Vincent Drury (IT-Security Research Group, RWTH Aachen University), Rene Roepke (Learning Technologies Research Group, RWTH Aachen University), Ulrik Schroeder (Learning Technologies Research Group, RWTH Aachen University), Ulrike Meyer (IT-Security Research Group, RWTH Aachen University)

Read More

Titanium: A Metadata-Hiding File-Sharing System with Malicious Security

Weikeng Chen (DZK/UC Berkeley), Thang Hoang (Virginia Tech), Jorge Guajardo (Robert Bosch Research and Technology Center), Attila A. Yavuz (University of South Florida)

Read More

datAFLow: Towards a Data-Flow-Guided Fuzzer

Adrian Herrera (Australian National University), Mathias Payer (EPFL), Antony Hosking (Australian National University)

Read More