PhD Project #1
PhD Project #2
The PhD student will work on the development of highly efficient techniques for automated vulnerability detection in large software projects. The PhD student will investigate scalable fuzzing techniques, publish in premier venues for software engineering and cyber security, and develop practical test generation tools that can detect real-world vulnerabilities in existing widely-used, security-critical C libraries. We will explore deep integrations of heavy-weight, systematic, whitebox fuzzing techniques and light-weight, random, greybox fuzzing techniques. We will also study the efficient fuzzing of stateful, protocol-based applications as well as gui-based (Android) apps.The applicant should have
The PhD student is fully funded by an ARC grant (DECRA) throughout her or his candidature. For international students, Faculty will also cover the tuition fees and a Overseas Student Health Cover (OSHC). The Faculty of IT will support attendance at conferences.
It is well-known that testing can only show the presence of bugs but not their absence. Unlike verification, testing does not provide any formal guarantees about the correctness of a program, or the absence of vulnerabilities. This leaves practitioners and security researchers to make unfounded judgement calls: When is it safe to stop the fuzzer with a reasonable residual risk? Which assurances does a fuzzing campaign provide that exposes no bugs? How much longer should the fuzzer be run to achieve an acceptable residual risk?
The objective of this ARC-funded PhD position is to build the first scientific framework to provide such answers with quantifiable accuracy. The candidate will explore and extend various probabilistic and statistical frameworks. Practitioners should be able to leverage a rich statistical toolset to assess residual risk, to obtain statistical guarantees, and to analyze the cost-benefit trade-off for ongoing fuzzing campaigns. As a first starting point, the perspective of software testing as species discovery (STADS) provides access to a substantial biostatistical framework in ecology to tackle this fundamental challenge. A recent vision statement provides a large number of concrete opportunities for future research.The applicant should have
The PhD student is fully funded by an ARC grant (DECRA) throughout her or his candidature. For international students, Faculty will also cover the tuition fees and a Overseas Student Health Cover (OSHC). The Faculty of IT will support attendance at conferences.Marcel Böhme < · https://www.comp.nus.edu.sg/~mboehme · Updated: 2018-07-06 14:05