Academic Research

The secure operation of our software programs and apps is important for our everyday life. Fuzzing, in particular greybox fuzzing, is currently a state-of-the-art technique in security testing. By applying evolutionary algorithms and a lightweight instrumentation of the code, greybox fuzzing is able to generate inputs that trigger bugs and crashes in modern software systems. The instrumentation helps the fuzzer to select inputs for further mutations that exercise new program locations. The random mutation operators allow the fuzzer to generate uncommon and unexpected inputs that make the program crash. A common problem of fuzzing is the large number of generated inputs that represent invalid program inputs due to the random nature of the mutation process. Additionally, fuzzing lacks the ability to reach deeper in the program’s logic, since its limited information about the programs internal structure. This project shall build on existing fuzzing research, and design and implement new fuzzing strategies to handle the described issues. This includes new strategies inspired by grammar-based fuzzing and also hybrid fuzzing techniques that leverage static analysis to guide the fuzzing process.

Advanced undergraduate students (from third year) 
Master's students 
Ph.D. students