Tue 27 Oct 2020 21:45 - 22:00 at Infante - Testing tools Chair(s): René Just, Andy Zaidman
Testing-based methodologies like fuzzing are able to analyze complex software which is not amenable to traditional formal approaches like verification, model checking, and abstract interpretation. Despite enormous success a texposing countless security vulnerabilities in many popular software projects, applications of testing-based approaches mainly targeted checking traditional safety properties like memory safety. While unquestionably important, this class of properties does not precisely characterize other important security aspects such as information leakage, e.g., through side channels. In this work we extend testing-based software analysis methodologies to two-safety properties, which enables the precise discovery of information leaks in complex software. In particular, we present the ct-fuzz tool, which lends coverage-guided grey box fuzzers the ability to detect two safety property violations. Our approach is capable of exposing violations to any two-safety property expressed a sequality between two program traces. Empirically, we demonstrate that ct-fuzz swiftly reveals timing leaks in popular cryptographic implementations.
Tue 27 OctDisplayed time zone: Lisbon change
10:00 - 11:00 | Testing toolsTesting Tools Track at Infante +11h Chair(s): René Just University of Washington, USA, Andy Zaidman Delft University of Technology | ||
10:00 15mTalk | Callisto: Entropy-based Test Generation and Data Quality Assessment for Machine Learning Systems Testing Tools Track Sakshi Udeshi , Xingbin Jiang Singapore University of Technology and Design, Sudipta Chattopadhyay Singapore University of Technology and Design Link to publication DOI | ||
10:15 15mTalk | Run Java Applications and Test Them In-Vivo Meantime Testing Tools Track Antonia Bertolino CNR-ISTI, Guglielmo De Angelis CNR-IASI, CNR-ISTI, Breno Miranda Federal University of Pernambuco, Paolo Tonella Università della Svizzera Italiana (USI) Link to publication DOI | ||
10:30 15mTalk | AFLNet: A Greybox Fuzzer for Network Protocols Testing Tools Track Van-Thuan Pham Monash University, Marcel Böhme Monash University, Australia, Abhik Roychoudhury National University of Singapore, Singapore Link to publication DOI | ||
10:45 15mTalk | ct-fuzz: Fuzzing for Timing Leaks Testing Tools Track Shaobo He University of Utah, Michael Emmi Amazon Web Services, Gabriela Ciocarlie SRI International Link to publication DOI | ||
21:00 - 22:00 | Testing toolsTesting Tools Track at Infante Chair(s): René Just University of Washington, USA, Andy Zaidman Delft University of Technology | ||
21:00 15mTalk | Callisto: Entropy-based Test Generation and Data Quality Assessment for Machine Learning Systems Testing Tools Track Sakshi Udeshi , Xingbin Jiang Singapore University of Technology and Design, Sudipta Chattopadhyay Singapore University of Technology and Design Link to publication DOI | ||
21:15 15mTalk | Run Java Applications and Test Them In-Vivo Meantime Testing Tools Track Antonia Bertolino CNR-ISTI, Guglielmo De Angelis CNR-IASI, CNR-ISTI, Breno Miranda Federal University of Pernambuco, Paolo Tonella Università della Svizzera Italiana (USI) Link to publication DOI | ||
21:30 15mTalk | AFLNet: A Greybox Fuzzer for Network Protocols Testing Tools Track Van-Thuan Pham Monash University, Marcel Böhme Monash University, Australia, Abhik Roychoudhury National University of Singapore, Singapore Link to publication DOI | ||
21:45 15mTalk | ct-fuzz: Fuzzing for Timing Leaks Testing Tools Track Shaobo He University of Utah, Michael Emmi Amazon Web Services, Gabriela Ciocarlie SRI International Link to publication DOI | ||