Common fuzzing techniques work by systematically mutating a set of given inputs, slowly covering more and more of the program code. But if your program has a complex input format, most of these mutations will be invalid, resulting in very few inputs reaching code beyond input processing. In this tutorial, we will explore techniques to generate input languages using grammars, generators, and constraint solvers and leverage these language specifications to create powerful test generators for complex input formats. On top, we can even use these language specifications to check outputs, addressing the oracle problem. Includes interactive coding!
Recommended reads. fuzzingbook.org, notably the chapters “Fuzzing with Grammars”, “Fuzzing with Generators”, and “Fuzzing with Constraints”
Andreas Zeller is faculty at the CISPA Helmholtz Center for Information Security, and professor for Software Engineering at Saarland University. His research on automated debugging, mining software archives, specification mining, and security testing has been highly influential. Andreas is one of the few researchers to have received two ERC Advanced Grants, most recently for his S3 project. He is an ACM Fellow and holds an ACM SIGSOFT Outstanding Research Award.
You can find Andreas on Mastodon as @AndreasZeller@mastodon.social and on Twitter as @AndreasZeller.
Tutorials
Mon 11 Sep 2023 13:30 - 15:00 at Room DE* - DynaPytPython is a popular language with applications covering a variety of domains, such as web applications, automation scripts, and especially machine learning and data analysis. Program analysis techniques provide the means to validate correctness, analyze performance, and check security properties. With Python being a dynamic language, performing program analysis at runtime is an obvious choice, as it allows for precisely observing the actual runtime behavior. However, implementing dynamic analyses with traditional approaches requires significant engineering effort. DynaPyt allows for implementing analyses with minimal effort, and provides the ability to not only observe but to also modify executions. For example, DynaPyt can be used to implement a dynamic taint analysis, for runtime verification of API protocols, to build a dynamic call graph, or to detect possibly incorrect program behavior. This tutorial will provide a hands-on introduction into dynamically analyzing Python programs with DynaPyt. We will guide participants through setting up the tool and implementing several program analyses. After the tutorial, participants will be able to build on DynaPyt for their own future research and tool development.