Kevin Borgolte

Full professor for Software Security in the Faculty of Computer Science at Ruhr University Bochum (RUB), Germany

Who the Fuzz Cares About Code Coverage?

Abstract: Fuzzing is a major, if not the primary, approach for automated vulnerability discovery in software today. However, despite its success, real-world, long-running fuzzing campaigns often plateau, that is, they reach a state where/when they do not find new issues yet significant code remains unexplored, that is, the fuzzers have not even been able to search these areas for issues in the first place! The reason is simple: State-of-the-art fuzzers continue to leverage code coverage to measure progress, but it is often inadequate to model or capture all program behaviors, boxing themselves in. By choice, we arbitrarily prevent our own fuzzers from finding new and interesting bugs. In this talk, we will explore ideas how we can take our fuzzers' blinders off, in particular to see how we can expand from traditional memory corruptions to better discover entire different classes of vulnerabilities.

Bio: Kevin Borgolte (Webpage) is a Full Professor for Software Security in the Faculty of Computer Science at Ruhr University Bochum (RUB) in Germany. His research focuses on improving the security, resilience, and privacy of software-based systems, with a particular interest in real-world networked and distributed environments. His work encompasses (automated) vulnerability discovery, program and protocol analysis, and large-scale measurements to understand deployment-based threats. As an advocate for open science, his group's research is available as open code and data. Prior to becoming faculty at RUB, he received his PhD from the University of California, Santa Barbara and was a postdoctoral researcher at Princeton University. He is also an inactive, long-time member of the Shellphish CTF team, with whom he placed third in the first autonomous DARPA Cyber Grand Challenge (CGC).