In software, a vulnerability is a flaw in the code that can be exploited by a malicious actor to perform unauthorized activities or change the behavior of the software. Although a topic heavily studied by security researchers, finding software vulnerabilities is becoming increasingly challenging because the software widely used in day-to-day life is growing larger and more complicated. This project addresses this challenge by rethinking a classic technique called fuzzing for finding vulnerabilities from large software. The high-level idea of fuzzing is to create a large number of random inputs to run software and in turn trigger vulnerabilities. The novelties of this project are the new approaches, techniques, and tools that revolutionize fuzzing and make the nearly random testing process more intelligent and targeted. This way, this project will enhance security of various types of widely used software, ranging from web browsers to server-side programs.
To that end, this project is investigating vulnerability-coverage-driven fuzzing. Existing fuzzing techniques primarily followed an approach called code-coverage-driven fuzzing, motivated by the belief that code coverage and vulnerability finding are strongly correlated. Challenging this widely held belief, this project shows that code coverage has weaker-than-expected ties with vulnerabilities and code-coverage-driven fuzzing is not well suited for vulnerability finding. Pioneering vulnerability-coverage-driven fuzzing, this project invents a series of novel techniques to (1) obtain feedback on vulnerability coverage (2) prioritize test inputs that can reach more vulnerabilities and (3) maximize the chance to trigger vulnerabilities reached by the test inputs. This project also produces new metrics, new benchmarks, and new frameworks for comprehensively evaluating the use of fuzzing for vulnerability finding. With the investigators' experience in research of software security and system security, this project provides a group of education, training, and research opportunities for both undergraduate and graduate students. Through industry outreach, the investigators pursue technology transfers and raise the awareness of software security.
This award reflects NSF's statutory mission and has been deemed worthy of support through evaluation using the Foundation's intellectual merit and broader impacts review criteria.