Virtual Event: Advancing the Fuzzing Frontier: Extending Performant Security Testing to the Closed-source Software Ecosystem
Advancing the Fuzzing Frontier: Extending Performant Security Testing to the Closed-source Software Ecosystem
Dr. Stefan Nagy in the Kahlert School of Computing at the University of Utah will discuss the advancement of fuzzing in an ever-changing cybersecurity world.
REGISTER HERE TO BE SENT A ZOOM LINK
Abstract: Today’s computing world is at a crossroads: the security community has long been the heart of responsible disclosure efforts to secure open-source software and systems (e.g., OSSFuzz, BugZilla), yet society’s ubiquitous devices, platforms, and applications (e.g., iPhone, Windows, and Skype) are increasingly closed-source. Currently, exploits targeting closed-source IP (e.g., iOS) routinely sell for millions of dollars, making the black-market exploit trade far more lucrative than responsible disclosure bug bounties. Reversing course from the next decade’s worst cyberattack demands that science introduce effective security vetting outside of transparent, open-source contexts. In this talk, I will discuss my vision of tackling the asymmetries impeding security auditing of today's complex and opaque codebases. I will cover three arcs of my work on improving performance of closed-source software fuzz-testing (fuzzing). Beyond expediting discovery of security vulnerabilities in closed-source codebases, these innovations provide a basis for future advances in high-performance testing on the world's most popular and security-critical software and systems.
Bio: Stefan Nagy is an Assistant Professor in the Kahlert School of Computing at the University of Utah. He earned his Ph.D. in Computer Science from Virginia Tech in 2022 and his Bachelor's from The University of Illinois in 2016. His work aims to make automated software and system security vetting more accessible, transparent, and efficient irrespective of kernel, architecture, and source code. His research has been published in top-tier academic venues (e.g., IEEE S&P, USENIX Security, ACM CCS, and ICSE), and has garnered adoption by industry leaders like the AFL++ Project, Google Project Zero, and Red Hat.
This event is part of the Spring 2023 Guest Speakers Series.