848. Security Bug Finding through Fuzzing

■연사: 이병영 서울대학교 전기정보공학부 교수

■일시: 2018년 09월 13일(목), 17:00 ~ 18:00

■장소: 서울대학교 제1공학관(301동) 118호

Abstract:

Computer bugs are critically impacting security and reliability of systems. If it is successfully exploited, adversaries (so called hackers) can completely compromise or subvert the system.

In this talk, I will be introducing fuzzing, one of the most popular way to find security bugs. At a high level, fuzzing provides numerous random inputs to the system, hoping that the system may manifest some unexpected errors at runtime. This basic working mechanism of fuzzing in fact raises many interesting research questions: how to generate random inputs?; how to run the system?; or how to detect errors?

During this talk, I will be trying to answer each of these, which will give you an idea on how the state-of-the-art bug hunting is done today (and will be done in the future).

Biography:

●Education
Assistant Professor, Purdue University. 2016-2018
PhD in Computer Science, Georgia Tech. 2016
MS in Computer Science and Engineering, POSTECH. 2011
BS in Computer Science and Engineering, POSTECH. 2009

●Awards
Internet Defense Prize, Facebook and USENIX. 2015
Best Applied Research Paper Award, CSAW, 2015
Vulnerability Bounty Awards, Mozilla Firefox. 2014
Vulnerability Bounty Awards, Google. 2013
DEFCON CTF 3rd place, Team PLUS@POSTECH. 2009