BEGIN:VCALENDAR VERSION:2.0 PRODID:-//Memento EPFL// BEGIN:VEVENT SUMMARY:IC Colloquium: Evaluating Fuzz Testing (An Adventure in the Scient ific Method) DTSTART:20181022T161500 DTEND:20181022T173000 DTSTAMP:20260408T063551Z UID:93b468d88ce43bc58e96e1713243fe0a6126f1dce84491fb05d1908b CATEGORIES:Conferences - Seminars DESCRIPTION:By: Michael Hicks - University of Maryland\nVideo of his talk\ n\nAbstract:\nIFuzz testing has enjoyed great success at discovering secur ity critical bugs in real software. Recently\, researchers have devoted si gnificant effort to devising new fuzzing techniques\, strategies\, and alg orithms. Such new ideas are primarily evaluated experimentally so an impor tant question is: What experimental setup is needed to produce trustworthy results? We surveyed the recent research literature and assessed the expe rimental evaluations carried out by 32 fuzzing papers. We found problems i n every evaluation we considered. We then performed our own extensive expe rimental evaluation using an existing fuzzer. Our results showed that the general problems we found in existing experimental evaluations can indeed translate to actual wrong or misleading assessments. We conclude with some guidelines that we hope will help improve experimental evaluations of fuz z testing algorithms\, making reported results more robust.\n \nThis is j oint work with George Klees\, Andrew Ruef\, and Benji Cooper (all at UMD) and Shiyi Wei (UT Dallas)\n\nBio:\nMichael W. Hicks is a Professor in the Computer Science department and recently completed a three-year term as Ch air of ACM SIGPLAN\, the Special Interest Group in Programming Languages. His research focuses on using programming languages and analyses to improv e the security\, reliability\, and availability of software.\nHe has explo red the design of new programming languages and analysis tools for helping programmers find bugs and software vulnerabilities\, and explored technol ogies to shorten patch application times by allowing software upgrades wit hout downtime. Recently he has been looking at synergies between cryptogra phy and programming languages\, as well techniques involving random testin g and probabilistic reasoning. He also led the development of a new securi ty-oriented programming contest\, "build-it\, break-it\, fix-it\," which h as been offered to the public and to students of his Coursera class on Sof tware Security. He blogs at http://www.pl-enthusiast.net/.\n\nMore informa tion LOCATION:BC 420 https://plan.epfl.ch/?room==BC%20420 STATUS:CONFIRMED END:VEVENT END:VCALENDAR