Marcel Böhme

@mboehme_

Fuzzing Enthusiast, ARC DECRA Fellow, Asst/Prof.

Melbourne, Australia
Vrijeme pridruživanja: veljača 2019.

Tweetovi

Blokirali ste korisnika/cu @mboehme_

Jeste li sigurni da želite vidjeti te tweetove? Time nećete deblokirati korisnika/cu @mboehme_

  1. Prikvačeni tweet
    25. sij

    Some empirical support for the conjecture: An exponential increase in cores gives a linear increase in *percentage coverage improvement*. LibFuzzer on FTS, 14 runs x 11 subjects x 6h. 1 core =45min, 8 cores=360min campaign. 100% improvement = 2x more features.

    Poništi
  2. proslijedio/la je Tweet
    30. sij

    HWASAN (think of it as ASAN v2) has become available to developers on Android outside of Google. If you use C or C++ on Android, please give it a try. HWASAN is also available on Aarch64 Linux with a recent kernel.

    Poništi
  3. proslijedio/la je Tweet
    30. sij

    Paper Review for CacheOut is now up on YouTube! It's 2 parts totaling 11 hours, have fun!

    Poništi
  4. proslijedio/la je Tweet
    29. sij

    Ich habe 2 offene Stellen für Wissenschaftliche Mitarbeiter*innen am zu besetzen. Vollzeit, langer Vertrag, viel Zeit für eigene Forschung, in einem wunderbaren internationalen Team. Freue mich über jeden RT und noch mehr über Bewerbungen!

    Poništi
  5. proslijedio/la je Tweet
    29. sij

    Paper Review S01E02 - CacheOut! EU friendly steam, starting in 15 min!

    Poništi
  6. proslijedio/la je Tweet
    28. sij

    Check out ' tips on Fuzzing, to overcome known challenges and maximize results:

    Poništi
  7. proslijedio/la je Tweet
    28. sij

    ✔ ToB + GitHub webinar, iVerify update, “Whose Curve is it Anyway?” ✔ -

    Poništi
  8. proslijedio/la je Tweet
    26. sij

    Android testing tools such as Monkey are very fast, and human testers are smart, memorizing what has been tested and keeping finding interesting screens to test. What if these tools have such human intelligence? You will find it in our ICSE'20 work:

    Poništi
  9. proslijedio/la je Tweet
    27. sij

    Thrilled to see that our fuzzing efforts are now also described at .

    Poništi
  10. 25. sij

    For LibFuzzer on FTS, an 𝗲𝘅𝗽𝗼𝗻𝗲𝗻𝘁𝗶𝗮𝗹 increase in # cores gives a 𝗹𝗶𝗻𝗲𝗮𝗿 increase in # features covered that are not covered by a same-length single-core campaign. Expecting the same for # bugs. Thoughts? Linking here for completeness.

    Prikaži ovu nit
    Poništi
  11. proslijedio/la je Tweet
    25. sij

    Check out the RLCheck preprint! Cool idea to try and use reinforcement learning to tune generators to generate more valid (assumption-satisfying) inputs. With

    Prikaži ovu nit
    Poništi
  12. 24. sij

    So, we definitely need some experiments to look at the empirical distribution of bugs / coverage units to test the conjecture.

    Prikaži ovu nit
    Poništi
  13. 24. sij

    Now let's suppose we want to cover basic blocks (BBs). For the most "difficult" BB (lowest θ_i), the same reasoning applies. However, most BBs (that the fuzzer *can* cover) seem "easy" to cover (high θ_i relative to time budget). For those, adding 10x cores doesn't do much.

    Prikaži ovu nit
    Poništi
  14. 24. sij

    So, for a *single bug*, if the prob. θ that a random input finds it is really low compared to the available time budget, adding an order of magnitude more cores should also improve the chances of finding it by about an order of magnitude. What about coverage (or multiple bugs)?

    Prikaži ovu nit
    Poništi
  15. 24. sij

    If you do find this interesting, I have open PhD positions:

    Prikaži ovu nit
    Poništi
  16. 24. sij

    Follow the thread for some maths, but the lesson is that blackbox fuzzers *scale* extremely well for all practical purposes, at least in terms of finding difficult-to-find bugs! Hope this raises some interest for the theory of fuzzing efficiency :)

    Prikaži ovu nit
    Poništi
  17. 24. sij

    For θ=10^-8, let's give one fuzzer 10x cores and vary the time budget n instead. The prob. to discover the bug is 10x higher for n<10^5 when it starts dropping to 1x at about 10^8. Now, this should be no surprise anymore :)

    Prikaži ovu nit
    Poništi
  18. 24. sij

    Now it gets REALLY interesting. If the probability θ is *really* low relative to the available time budget (i.e., the practical case), putting in 10x more resources makes perfect sense --- but only up until a certain point when factor improvement plateaus. For θ=10^-8 and n=10^3,

    Prikaži ovu nit
    Poništi
  19. 24. sij

    Alright. Let the prob. that a random input exposes a bug be θ, then the exp. prob. that the bug is revealed after n inputs is 1-(1-θ)^n and 1-(1-θ)^(nx), resp. for a fuzzer with with x more cores. The factor improvement is ((1-θ)^n)-(1-θ)^(nx))/(1-θ)^n). For θ=10^-4 and n=10^3,

    Prikaži ovu nit
    Poništi
  20. 24. sij

    Corollary: An exponential increase in the time budget available to your favourite fuzzer yields a linear increase in coverage achieved (or # bugs found) given a fixed # cores. Maybe less. Not entirely unrelated:

    Prikaži ovu nit
    Poništi

Čini se da učitavanje traje već neko vrijeme.

Twitter je možda preopterećen ili ima kratkotrajnih poteškoća u radu. Pokušajte ponovno ili potražite dodatne informacije u odjeljku Status Twittera.

    Možda bi vam se svidjelo i ovo:

    ·