Department of Computer, Control and Management Engineering

Abstract: Ever-increasing attention has been given to dynamic software testing in the past decade. Fuzzing and Symbolic Execution, two major successful techniques, have emerged as standard methods from numerous academic papers. However, the community tends to develop tools that are often hard to use, inflexible, and very specialized. On the one hand, much effort is wasted in re-inventing the wheel in many academic tools. On the other hand, newly implemented techniques improving the state of the art are often hardly exploitable in practice because of their prototypal nature. To address these challenges, more generic frameworks like LibAFL have received a lot of attention and engineering efforts, allowing researchers to focus on developing new fuzzing techniques without re-implementing other components. Not only does this simplify future implementation efforts, but it also makes comparing techniques much easier. However, a significant issue remains: these tools primarily target userland applications, lacking a common ground for testing more esoteric targets like kernels, hypervisors, or firmware. In this talk, we will introduce modern software security techniques like fuzzing and symbolic execution, present problematics related to embedded targets, and explain how LibAFL QEMU, a cross-architecture and flexible tool unifying user process and system-wide fuzzing, serves as a potential first step towards solving these issues. More importantly, we will discuss the main challenges that lie ahead.

 

Speaker Bio: Romain Malmain is a PhD student at EURECOM under the supervision of Aurélien Francillon and Davide Balzarotti. His main areas of research are fuzzing and symbolic execution, with a focus on embedded systems.

 

The talk will also be streamed online at https://uniroma1.zoom.us/j/85700827574?pwd=4n9S6gluP3YaBejxZlbQrjVExoYw25.1