Meng Xu, School of Computer Science
Georgia Institute of Technology
The scale and pervasiveness of modern software pose challenges for security researchers: a bug is more devastating than ever, and the growing software complexity keeps exacerbating the situation with more bug species — expanding the arms race between security practitioners and attackers beyond memory errors. As a consequence, we need a new generation of bug hunting tools that not only scale well with increasingly larger codebases but also catch up with the growing variety of bugs.
In this talk, I will present two complementary bug hunting frameworks that meet the scalability and agility requirements: focused symbolic checking and multi-dimensional fuzz testing, and showcase their effectiveness in a challenging arena: OS kernels. While symbolic execution can never scale up to the whole kernel, complete checking may nevertheless be possible in carefully constructed program slices. I will demonstrate how symbolic bug models can help build such slices and enable a jumpstart of symbolic execution from the middle of a program. On the other hand, fuzz testing turns bug finding into a probabilistic search, but current practices restrict themselves to one dimension only (sequential executions). I will illustrate how to explore the concurrency dimension and extend the bug scope beyond memory errors to a broad spectrum of semantic bugs. Finally, I will give a sense of the extensibility of both frameworks with planned bug checker integrations, as well as a vision to have them incorporated into the software development cycle right from day 1.
Bio: Meng Xu is a Ph.D. candidate in the school of computer science at Georgia Tech, advised by Taesoo Kim. His research interests are broadly in the areas of system and software security, with a thesis research on finding semantic bugs via symbolic execution and fuzz testing, and rich experience in achieving security with software diversity and N-version programming. His work has uncovered over 100 bugs in foundational software like OS kernels and browsers, appears in top-tier security and system venues, and receives a distinguished paper award at USENIX Security 2018. He also served on the Program Committee of CCS 2018 as well as the Student PC of Oakland 2018 and EuroSys 2018.
200 University Avenue West
Waterloo, ON N2L 3G1