CAREER: Fuzzing Large Software: Principles, Methods, and Tools
职业:模糊大型软件:原理、方法和工具
基本信息
- 批准号:2340198
- 负责人:
- 金额:$ 55.55万
- 依托单位:
- 依托单位国家:美国
- 项目类别:Continuing Grant
- 财政年份:2024
- 资助国家:美国
- 起止时间:2024-03-01 至 2029-02-28
- 项目状态:未结题
- 来源:
- 关键词:
项目摘要
Today's software is reaching unprecedented sizes, resulting in a variety of large software systems, such as web browsers, email clients, and database systems, occupying a central role in society. However, this surge in size brings forth a myriad of vulnerabilities that threaten everyone's digital security. Statistics reveal that software exceeding one million lines of code harbors an average of 0.66 defects per 1,000 lines, with 36% classified as vulnerabilities. This project addresses this critical issue by exploring security testing tailored explicitly for discovering vulnerabilities in large software. It focuses on scaling fuzzing---a predominant testing strategy embraced by software vendors and open-source communities---to maintain high effectiveness and efficiency for large software. The research outcomes advance the scientific study of security testing under new challenges posed by large software's unique properties. The anticipated results also improve the security of various types of large software that play a crucial role in daily lives, such as Chromium, Firefox, Thunderbird, MySQL, LibreOffice, PDFium, TensorFlow, and OpenCV. The outcomes of the research will lead to technology transfer to industry. The research will be integrated into education and training through new curriculum and outreach to Utah's Youth Education program as well as capture the flag (CTF) competitions.Technically, this project introduces three key innovations to enable scalable fuzzing for large software. First, it employs object-oriented decomposition to address the extreme complexity of large software, breaking it down into self-contained code units based on the data objects it manipulates. This approach allows for testing individual code units, overcoming the challenges associated with fuzzing entire software systems and enabling deeper code coverage. Second, the project integrates fuzzing-centric optimizations into compilers and operating systems to enhance testing speed. These optimizations minimize fuzzing-irrelevant operations and dynamically adapt to the progress of fuzzing, unlocking hidden speed potential. Third, the project develops history-informed crash analysis to expedite the fuzzing-to-patching cycle by filtering and triaging crashes encountered during testing. Leveraging historical data produced by fuzzing, this analysis comprehensively understands and processes crashes, offering the fidelity and efficiency necessary for addressing large software systems.This award reflects NSF's statutory mission and has been deemed worthy of support through evaluation using the Foundation's intellectual merit and broader impacts review criteria.
今天的软件正达到前所未有的规模,导致各种大型软件系统,如Web浏览器、电子邮件客户端和数据库系统,在社会中占据核心地位。然而,这种规模的激增带来了无数威胁每个人数字安全的漏洞。统计数据显示,超过100万行代码的软件平均每1000行包含0.66个缺陷,其中36%被归类为漏洞。该项目通过探索专门为发现大型软件中的漏洞而定制的安全测试来解决这一关键问题。它专注于扩展模糊-软件供应商和开放源码社区接受的一种主要测试策略-以保持大型软件的高有效性和高效率。这些研究成果促进了大型软件独特特性带来的新挑战下的安全测试的科学研究。预期的结果还提高了在日常生活中发挥关键作用的各种大型软件的安全性,如Chromium、Firefox、雷鸟、MySQL、LibreOffice、PDFium、TensorFlow和OpenCV。这项研究的结果将导致技术转移到行业。这项研究将通过新课程和犹他州青年教育计划的推广以及捕获旗帜(CTF)竞赛整合到教育和培训中。在技术上,该项目引入了三项关键创新,以实现大型软件的可扩展模糊。首先,它使用面向对象的分解来解决大型软件的极端复杂性,根据它操作的数据对象将其分解为独立的代码单元。这种方法允许测试单独的代码单元,克服了与模糊整个软件系统相关的挑战,并实现了更深层次的代码覆盖。其次,该项目将以模糊为中心的优化集成到编译器和操作系统中,以提高测试速度。这些优化最大限度地减少了与模糊无关的操作,并动态适应模糊的进度,解锁隐藏的速度潜力。第三,该项目开发历史信息崩溃分析,通过对测试过程中遇到的崩溃进行过滤和分类,加快从模糊到修补的周期。利用Fuzze产生的历史数据,此分析全面了解和处理崩溃,提供解决大型软件系统所需的保真度和效率。该奖项反映了NSF的法定使命,并通过使用基金会的智力优势和更广泛的影响审查标准进行评估,被认为值得支持。
项目成果
期刊论文数量(0)
专著数量(0)
科研奖励数量(0)
会议论文数量(0)
专利数量(0)
数据更新时间:{{ journalArticles.updateTime }}
{{
item.title }}
{{ item.translation_title }}
- DOI:
{{ item.doi }} - 发表时间:
{{ item.publish_year }} - 期刊:
- 影响因子:{{ item.factor }}
- 作者:
{{ item.authors }} - 通讯作者:
{{ item.author }}
数据更新时间:{{ journalArticles.updateTime }}
{{ item.title }}
- 作者:
{{ item.author }}
数据更新时间:{{ monograph.updateTime }}
{{ item.title }}
- 作者:
{{ item.author }}
数据更新时间:{{ sciAawards.updateTime }}
{{ item.title }}
- 作者:
{{ item.author }}
数据更新时间:{{ conferencePapers.updateTime }}
{{ item.title }}
- 作者:
{{ item.author }}
数据更新时间:{{ patent.updateTime }}
Jun Xu其他文献
Randomized Algorithms for Dynamic Storage Load-Balancing
动态存储负载平衡的随机算法
- DOI:
10.1145/2987550.2987572 - 发表时间:
2016 - 期刊:
- 影响因子:0
- 作者:
Liang Liu;L. Fortnow;Jin Li;Yating Wang;Jun Xu - 通讯作者:
Jun Xu
Metal Active Sites and Their Catalytic Functions in Zeolites: Insights from Solid-State NMR Spectroscopy
沸石中的金属活性位点及其催化功能:来自固态核磁共振波谱的见解
- DOI:
10.1021/acs.accounts.9b00125 - 发表时间:
2019 - 期刊:
- 影响因子:18.3
- 作者:
Jun Xu;Qiang Wang;Feng Deng - 通讯作者:
Feng Deng
Fe and N Co-doped Carbons Derived from an Ionic Liquid as Active Bifunctional Oxygen Catalysts
作为活性双功能氧催化剂的离子液体衍生的 Fe 和 N 共掺杂碳
- DOI:
10.1002/celc.201700049 - 发表时间:
2017 - 期刊:
- 影响因子:4
- 作者:
Jun Xu;Liang Shi;Junsheng Li;Cong Liang;Hui Wu;Jiaheng Lei;Dan Liu;Deyu Qu;Zhizhong Xie;Haolin Tang - 通讯作者:
Haolin Tang
Stress-induced precocious aging in PD-patientiPSC-derivedNSCsmayunderlie the pathophysiology of Parkinson’s disease
压力诱导的帕金森病患者 iPSC 衍生的 NSC 早衰可能是帕金森病病理生理学的基础
- DOI:
10.1038/s41419-019-1313-y - 发表时间:
2019 - 期刊:
- 影响因子:9
- 作者:
Liang Zhu;Chenxi Sun;Jie Ren;Guangming Wang;Rongjie Ma;Lixin Sun;Danjing Yang;Shane Gao;Ke Ning;Zhigang Wang;Xu Chen;Shengdi Chen;Hongwen Zhu;Zhengliang Gao;Jun Xu - 通讯作者:
Jun Xu
Recent Advances in the Catalytic Synthesis of 4-Quinolones
4-喹诺酮类化合物催化合成研究新进展
- DOI:
10.1016/j.chempr.2019.01.006 - 发表时间:
2019 - 期刊:
- 影响因子:23.5
- 作者:
Chao Shen;Wang Anming;Jun Xu;Zhongfu An;Kang Yong Loh;Pengfei Zhang;Xiaogang Liu - 通讯作者:
Xiaogang Liu
Jun Xu的其他文献
{{
item.title }}
{{ item.translation_title }}
- DOI:
{{ item.doi }} - 发表时间:
{{ item.publish_year }} - 期刊:
- 影响因子:{{ item.factor }}
- 作者:
{{ item.authors }} - 通讯作者:
{{ item.author }}
{{ truncateString('Jun Xu', 18)}}的其他基金
Travel: NSF Student Travel Grant for 2023 ACM Conference on Computer and Communications Security (CCS)
旅行:2023 年 ACM 计算机和通信安全 (CCS) 会议 NSF 学生旅行补助金
- 批准号:
2341773 - 财政年份:2023
- 资助金额:
$ 55.55万 - 项目类别:
Standard Grant
CICI: TCR: Prompt, Reliable, and Safe Security Update for Cyberinfrastructure
CICI:TCR:网络基础设施的及时、可靠和安全的安全更新
- 批准号:
2319880 - 财政年份:2023
- 资助金额:
$ 55.55万 - 项目类别:
Standard Grant
Collaborative Research: SaTC: CORE: Medium: Rethinking Fuzzing for Security
协作研究:SaTC:核心:中:重新思考安全性模糊测试
- 批准号:
2213727 - 财政年份:2022
- 资助金额:
$ 55.55万 - 项目类别:
Standard Grant
Collaborative Research: SaTC: CORE: Medium: Rethinking Fuzzing for Security
协作研究:SaTC:核心:中:重新思考安全性模糊测试
- 批准号:
2031377 - 财政年份:2020
- 资助金额:
$ 55.55万 - 项目类别:
Standard Grant
CNS Core: Small: Towards Hybrid Data Center Switching Using Partially Reconfigurable Circuit Switch
CNS 核心:小型:使用部分可重构电路交换机实现混合数据中心交换
- 批准号:
2007006 - 财政年份:2020
- 资助金额:
$ 55.55万 - 项目类别:
Standard Grant
CNS Core: Small: Ultra-Low-Complexity Switching Algorithms for Scalable High Network Performance
CNS 核心:小型:超低复杂度交换算法,实现可扩展的高网络性能
- 批准号:
1909048 - 财政年份:2019
- 资助金额:
$ 55.55万 - 项目类别:
Standard Grant
NeTS: Small: Collaborative Research: Research into Worst-Case Large Deviation Theory for Network Algorithmics
NeTS:小型:协作研究:网络算法最坏情况大偏差理论的研究
- 批准号:
1423182 - 财政年份:2014
- 资助金额:
$ 55.55万 - 项目类别:
Standard Grant
NeTS: Medium: Collaborative Research: Towards Building Time Capsule for Online Social Activities
NeTS:媒介:协作研究:为在线社交活动构建时间胶囊
- 批准号:
1302197 - 财政年份:2013
- 资助金额:
$ 55.55万 - 项目类别:
Standard Grant
NeTS: Small: Collaborative Research: Towards Principled Network Troubleshooting via Efficient Packet Stream Processing
NetS:小型:协作研究:通过高效的数据包流处理实现有原则的网络故障排除
- 批准号:
1218092 - 财政年份:2012
- 资助金额:
$ 55.55万 - 项目类别:
Standard Grant
SBIR Phase I: Nanocomposites for Electronic Packaging
SBIR 第一阶段:用于电子封装的纳米复合材料
- 批准号:
0912544 - 财政年份:2009
- 资助金额:
$ 55.55万 - 项目类别:
Standard Grant
相似国自然基金
面向软件漏洞挖掘的智能化Fuzzing测试方法研究
- 批准号:
- 批准年份:2021
- 资助金额:59 万元
- 项目类别:面上项目
相似海外基金
CAREER: Context-Sensitive Fuzzing for Networked Systems
职业:网络系统的上下文敏感模糊测试
- 批准号:
2339350 - 财政年份:2024
- 资助金额:
$ 55.55万 - 项目类别:
Continuing Grant
Collaborative Research: SaTC: CORE: Small: Self-Driving Continuous Fuzzing
协作研究:SaTC:核心:小型:自驱动连续模糊测试
- 批准号:
2247880 - 财政年份:2023
- 资助金额:
$ 55.55万 - 项目类别:
Continuing Grant
Collaborative Research: SaTC: CORE: Small: Self-Driving Continuous Fuzzing
协作研究:SaTC:核心:小型:自驱动连续模糊测试
- 批准号:
2247881 - 财政年份:2023
- 资助金额:
$ 55.55万 - 项目类别:
Continuing Grant
CNS Core: Small: Automated testing for data- and compute-intensive distributed systems through feedback-based fuzzing
CNS 核心:小型:通过基于反馈的模糊测试对数据和计算密集型分布式系统进行自动测试
- 批准号:
2140305 - 财政年份:2022
- 资助金额:
$ 55.55万 - 项目类别:
Standard Grant
SaTC: CORE: Small: Concolic-Execution-Centric Fuzzing
SaTC:核心:小型:以 Concolic 执行为中心的模糊测试
- 批准号:
2133487 - 财政年份:2022
- 资助金额:
$ 55.55万 - 项目类别:
Standard Grant
Collaborative Research: SaTC: CORE: Medium: Rethinking Fuzzing for Security
协作研究:SaTC:核心:中:重新思考安全性模糊测试
- 批准号:
2213727 - 财政年份:2022
- 资助金额:
$ 55.55万 - 项目类别:
Standard Grant
CAREER: Fuzzing Formal Specifications
职业:模糊正式规范
- 批准号:
2145649 - 财政年份:2022
- 资助金额:
$ 55.55万 - 项目类别:
Continuing Grant
Collaborative Research: SaTC: CORE: Medium: Rethinking Fuzzing for Security
协作研究:SaTC:核心:中:重新思考安全性模糊测试
- 批准号:
2031377 - 财政年份:2020
- 资助金额:
$ 55.55万 - 项目类别:
Standard Grant
Collaborative Research: SaTC: CORE: Medium: Rethinking Fuzzing for Security
协作研究:SaTC:核心:中:重新思考安全性模糊测试
- 批准号:
2031390 - 财政年份:2020
- 资助金额:
$ 55.55万 - 项目类别:
Standard Grant