IMDEA Software

IMDEA initiative

Home > Events > Software Seminar Series > 2019 > Fuzzing objects: Motivation and preliminary results

Daniel Domínguez Álvarez

Tuesday, April 16, 2019

10:45am Lecture hall 1, level B

Daniel Domínguez Álvarez, PhD Student, IMDEA Software Institute

Fuzzing objects: Motivation and preliminary results

Abstract:

Fuzzing has become a very interesting technique for finding bugs in computer programs. Since a few years back there is always at least one fuzzing paper in each big conference in systems security. In the industry is also a significant component of the software development cycle. In big companies like Google or Facebook fuzzing is used extensively across their products, like Chrome or Hack.

In this talk I present the problem of fuzzing targets with complex inputs like compilers and interpreters. I also present the work in progress of an approach for fuzzing interpreters of object oriented scripting languages like JavaScript. In this approach a fuzzer leverages on what is called Object Oriented Genetic Programming for targeting a specific part of the interpreter; the standard library. This libraries are usually implemented in native code for performance and, because of that, are interesting targets for fuzzing.

Along with the architecture of the fuzzer I also present the preliminary results of comparing my fuzzer with other fuzzers in the state of the art and the roadmap of the next steps.