Dr. Stefan Nagy, Assistant Professor, Kahlert School of Computing, University of Utah
Advancing the Fuzzing Frontier: Extending Effective Software Testing to Today’s Complex and Opaque Codebases
City Center Plaza 259
Society’s ubiquitous devices, platforms, and applications (e.g., iPhone, Windows, and Skype) are increasingly complex and opaque. Exploits targeting vulnerabilities in commodity code routinely sell for millions of dollars, making the black-market exploit trade far more lucrative than responsible disclosure bug bounties. Reversing course from the next decade’s worst cyberattack demands that science introduce effective security vetting for all software and system domains. In this talk, I will discuss my vision of tackling the asymmetries impeding security auditing of today’s complex and opaque codebases. I will cover three arcs of my work on improving the performance and effectiveness of automated fuzz-testing (fuzzing) of closed-source software, critical program analysis tools, and highly-configurable software product lines. Beyond expediting discovery of security vulnerabilities in today’s mainstream codebases, these innovations provide a basis for future advances in high-performance testing on the world’s most popular and security-critical software and systems.
Stefan Nagy is an Assistant Professor in the Kahlert School of Computing at the University of Utah. He earned his Ph.D. in Computer Science from Virginia Tech in 2022 and his Bachelor’s from The University of Illinois in 2016. His work aims to make automated software and system security vetting more accessible, transparent, and efficient irrespective of kernel, architecture, and source code. His research has been published in top-tier academic venues (e.g., IEEE S&P, USENIX Security, ACM CCS, and ICSE), and has garnered adoption by industry leaders like the AFL++ Project, Google Project Zero, and Red Hat.