{"id":41396,"date":"2024-09-16T11:24:23","date_gmt":"2024-09-16T15:24:23","guid":{"rendered":"https:\/\/www.bu.edu\/cise\/?page_id=41396"},"modified":"2024-10-24T17:51:30","modified_gmt":"2024-10-24T21:51:30","slug":"cise-seminar-prashast-srivastava-columbia-university","status":"publish","type":"page","link":"https:\/\/www.bu.edu\/cise\/cise-seminar-prashast-srivastava-columbia-university\/","title":{"rendered":"CISE Seminar: Prashast Srivastava, Columbia University"},"content":{"rendered":"<p><span>Date: Friday, October 25, 2024<\/span><br \/>\n<span>Time: 3:00pm \u2013 4:00pm<\/span><br \/>\n<span>Location: 665 Commonwealth Ave.,\u00a0<\/span><span>CDS 1101<\/span><\/p>\n<p><img loading=\"lazy\" src=\"\/cise\/files\/2024\/09\/Prashast-Srivastava-002-1-424x636.jpg\" alt=\"\" width=\"205\" height=\"308\" class=\"wp-image-41435 alignleft\" srcset=\"https:\/\/www.bu.edu\/cise\/files\/2024\/09\/Prashast-Srivastava-002-1-424x636.jpg 424w, https:\/\/www.bu.edu\/cise\/files\/2024\/09\/Prashast-Srivastava-002-1-683x1024.jpg 683w, https:\/\/www.bu.edu\/cise\/files\/2024\/09\/Prashast-Srivastava-002-1-768x1152.jpg 768w, https:\/\/www.bu.edu\/cise\/files\/2024\/09\/Prashast-Srivastava-002-1-1024x1536.jpg 1024w, https:\/\/www.bu.edu\/cise\/files\/2024\/09\/Prashast-Srivastava-002-1-1365x2048.jpg 1365w\" sizes=\"(max-width: 205px) 100vw, 205px\" \/><\/p>\n<h4><span style=\"color: #003366;\">Prashast Srivastava<\/span><br \/>\n<strong><span style=\"color: #003366;\">Postdoctoral Research Scientist<\/span><\/strong><br \/>\n<span style=\"color: #003366;\"><strong><span>Columbia University<\/span><\/strong><\/span><\/h4>\n<p><span><strong>FOX: Coverage-guided Fuzzing as Online Stochastic Control<\/strong><\/span><br \/>\n<span>Fuzzing is an effective technique for discovering software vulnerabilities by generating random test inputs and executing them against the target program. However, fuzzing large and complex programs remains challenging due to the difficulty in uncovering deeply hidden vulnerabilities. The challenges stem from the design limitations of the scheduler and mutator components of existing coverage-guided fuzzers. Schedulers suffer from information sparsity and the inability to handle fine-grained feedback metrics. Mutators are agnostic of target program branches, leading to wasted computation and slower coverage exploration. In this talk, we\u2019ll present an end-to-end online stochastic control formulation for coverage-guided fuzzing. Our approach incorporates a customized scheduler and mutator that can adapt to branch logic, maximizing aggregate edge coverage achieved over multiple stages. We will showcase FOX, a proof-of-concept implementation of our control-theoretic approach, and show that it outperforms existing state-of-the-art coverage-guided fuzzers in both coverage and bug discovery.<\/span><\/p>\n<p><span><br \/>\n<strong>Prashast Srivastava<\/strong> is a postdoctoral research scientist at Columbia University, working with Prof. Suman Jana. His primary research area is software testing. His work has focused on proposing techniques to optimize fuzzing, a dynamic software testing methodology, by incorporating domain knowledge from the software under test into the input generation process. He received his PhD from Purdue University, where he was advised by Prof. Mathias Payer at EPFL and Prof. Antonio Bianchi at Purdue University.<\/span><\/p>\n<p><strong>Faculty Host:<\/strong> Manuel Egele<br \/>\n<strong>Student Host:<\/strong> Beste Oztop<\/p>\n","protected":false},"excerpt":{"rendered":"<p>Date: Friday, October 25, 2024 Time: 3:00pm \u2013 4:00pm Location: 665 Commonwealth Ave.,\u00a0CDS 1101 Prashast Srivastava Postdoctoral Research Scientist Columbia University FOX: Coverage-guided Fuzzing as Online Stochastic Control Fuzzing is an effective technique for discovering software vulnerabilities by generating random test inputs and executing them against the target program. However, fuzzing large and complex programs [&hellip;]<\/p>\n","protected":false},"author":18553,"featured_media":0,"parent":0,"menu_order":0,"comment_status":"closed","ping_status":"closed","template":"page-templates\/no-sidebars.php","meta":[],"_links":{"self":[{"href":"https:\/\/www.bu.edu\/cise\/wp-json\/wp\/v2\/pages\/41396"}],"collection":[{"href":"https:\/\/www.bu.edu\/cise\/wp-json\/wp\/v2\/pages"}],"about":[{"href":"https:\/\/www.bu.edu\/cise\/wp-json\/wp\/v2\/types\/page"}],"author":[{"embeddable":true,"href":"https:\/\/www.bu.edu\/cise\/wp-json\/wp\/v2\/users\/18553"}],"replies":[{"embeddable":true,"href":"https:\/\/www.bu.edu\/cise\/wp-json\/wp\/v2\/comments?post=41396"}],"version-history":[{"count":8,"href":"https:\/\/www.bu.edu\/cise\/wp-json\/wp\/v2\/pages\/41396\/revisions"}],"predecessor-version":[{"id":41601,"href":"https:\/\/www.bu.edu\/cise\/wp-json\/wp\/v2\/pages\/41396\/revisions\/41601"}],"wp:attachment":[{"href":"https:\/\/www.bu.edu\/cise\/wp-json\/wp\/v2\/media?parent=41396"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}