This program is tentative and subject to change.

Thu 18 Jul 2024 17:12 - 17:21 at Baobá 8 - Fuzzing

We present VinJ, an efficient automated tool for large-scale diverse vulnerability data generation. VinJ automatically generates vulnerability data by injecting vulnerabilities into given programs, based on knowledge learned from the existing vulnerability data. VinJ is built on the collaboration of pattern-based and deep learning (DL)-based approaches. More importantly, VinJ is efficient and scalable with the parallel clustering and the pre-ranked vulnerability-injection patterns, which supports large-scale vulnerability data generation. VinJ is able to generate diverse vulnerability data covering 18 CWEs with 69% success rate and generate 686k vulnerability samples in 74 hours (i.e., 0.4 seconds per sample), indicating it is efficient. The gen- erated data is able to improve existing DL-based vulnerability detection, localization, and repair models significantly. The demo video of VinJ can be found at https://youtu.be/-oKoUqBbxD4. The tool website can be found at https://github.com/NewGillig/VInj. We also release the generated large-scale vulnerability dataset, which can be found at https://zenodo.org/records/10574446.

This program is tentative and subject to change.

Thu 18 Jul

Displayed time zone: Brasilia, Distrito Federal, Brazil change

16:00 - 18:00
16:00
18m
Talk
Evaluating Directed Fuzzers: Are We Heading in the Right Direction?
Research Papers
Tae Eun Kim KAIST, Jaeseung Choi Sogang University, Seongjae Im KAIST, Kihong Heo KAIST, Sang Kil Cha KAIST
16:18
18m
Talk
Evolutionary Generative Fuzzing for Differential Testing of the Kotlin Compiler
Industry Papers
Călin Georgescu Delft University of Technology, Mitchell Olsthoorn Delft University of Technology, Pouria Derakhshanfar JetBrains Research, Marat Akhin JetBrains Research; St. Petersburg Polytechnic University, Annibale Panichella Delft University of Technology
16:36
18m
Talk
Dodrio: Parallelizing Taint Analysis Based Fuzzing via Redundancy-Free Scheduling
Industry Papers
Jie Liang , Mingzhe Wang Tsinghua University, Chijin Zhou Tsinghua University, Zhiyong Wu Tsinghua University, China, Jianzhong Liu ShanghaiTech University, Yu Jiang Tsinghua University
16:54
9m
Talk
When Fuzzing Meets LLMs: Challenges and Opportunities
Ideas, Visions and Reflections
Yu Jiang Tsinghua University, Jie Liang , Fuchen Ma Tsinghua University, Yuanliang Chen Tsinghua University, Chijin Zhou Tsinghua University, Yuheng Shen Tsinghua University, Zhiyong Wu Tsinghua University, China, Jingzhou Fu Tsinghua University, Mingzhe Wang Tsinghua University, Shanshan Li National University of Defense Technology, Quan Zhang Tsinghua University
Pre-print
17:03
9m
Talk
Look Ma, No Input Samples! Mining Input Grammars from Code with Symbolic Parsing
Ideas, Visions and Reflections
Leon Bettscheider CISPA Helmholtz Center for Information Security, Andreas Zeller CISPA Helmholtz Center for Information Security
17:12
9m
Talk
VinJ: An Automated Tool for Large-Scale Software Vulnerability Data Generation
Demonstrations
Yu Nong Washington State University, Haoran Yang Washington State University, Feng Chen University of Texas at Dallas, Haipeng Cai Washington State University
DOI Pre-print Media Attached
17:21
9m
Talk
ASAC: A Benchmark for Algorithm Synthesis
Demonstrations
Zhao Zhang Peking University, Yican Sun Peking University, Ruyi Ji Peking University, Siyuan Li Peking University, Xuanyu Peng Peking University, Zhechong Huang Peking University, Sizhe Li Peking University, Tianran Zhu Peking University, Yingfei Xiong Peking University
17:30
18m
Talk
The Human Side of Fuzzing: Challenges Faced by Developers During Fuzzing Activities
Journal First
Olivier Nourry Kyushu University, Yutaro Kashiwa Nara Institute of Science and Technology, Bin Lin Radboud University, Gabriele Bavota Software Institute @ Università della Svizzera Italiana, Michele Lanza Software Institute - USI, Lugano, Yasutaka Kamei Kyushu University

Information for Participants
Thu 18 Jul 2024 16:00 - 18:00 at Baobá 8 - Fuzzing
Info for room Baobá 8:

This is always used as a room for the OC+SV+Media Desk