-
Notifications
You must be signed in to change notification settings - Fork 3
Commit
This commit does not belong to any branch on this repository, and may belong to a fork outside of the repository.
- Loading branch information
Showing
1 changed file
with
0 additions
and
16 deletions.
There are no files selected for viewing
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| Original file line number | Diff line number | Diff line change |
|---|---|---|
|
|
@@ -228,22 +228,6 @@ <h5 id="evaluation-on-syscall-filtering-techniques">Evaluation on Syscall Filter | |
| <p>There are some existing techniques or features that can be used for this purpose, like Seccomp, Seccomp-cBPF, and Seccomp Notify provided by the Linux kernel, along with some methods from research papers. They offer various capabilities and trade-offs in filtering syscalls for certain vulnerabilities.</p> | ||
| <p>In this project, we will evaluate these syscall filtering techniques, by reproducing some known 0-day exploits, applying the syscall filtering techniques, and checking if the exploits can be successfully blocked.</p> | ||
| <p>A candidate should be proficient in C programming and have a good grasp of Linux internals.</p> | ||
| <h5 id="benchmarking-fuzzers-for-seed-selection-capability">Benchmarking Fuzzers For Seed Selection Capability</h5> | ||
| <ul> | ||
| <li>Point of contact: <a href="mailto:[email protected]">Han Zheng</a></li> | ||
| <li>Keywords: Benchmark, Fuzzing</li> | ||
| </ul> | ||
| <p>Fuzzing is an efficient software testing technique to reveal bugs. Therefore it has been widely investigated both in academia and industry. Despite the growth of the newly proposed fuzzing prototypes, evaluating the fuzzer’s coverage capability is still challenging.</p> | ||
| <p>Existing platforms like fuzzbench pick the well-constructed harness, which enable the fuzzers to iterate over each seed in the queue exhaustively.<br /> | ||
| Nevertheless, real-world scenarios might deviate from this ideal: seed explosion widely exists, fuzzer’s seed selection capability is critical and should not be deprioritize in the evaluation.</p> | ||
| <p>In this project, we will extend fuzzbench to more complex targets, which allows a more thorough assessment of fuzzer’s seed selection capability.</p> | ||
| <p>The goal of this project:</p> | ||
| <ul> | ||
| <li>design a metric to define and select the “complex” targets</li> | ||
| <li>integrate the target into the fuzzbench and evaluate existing fuzzers</li> | ||
| <li>propose some metrics other than coverage to assess the seed selection capability.</li> | ||
| </ul> | ||
| <p>A candidate should be interested in (ideally familiar with) the following: * Python * Basic knowledge of configure/cmake/make * Experience with Coverage Guided Greybox Fuzzer (e.g., AFL/AFL++)</p> | ||
| <h5 id="hyper-cube2-for-64-bit-hypervisors">Hyper-Cube2 for 64-bit Hypervisors</h5> | ||
| <ul> | ||
| <li>Point of contact: <a href="mailto:[email protected]">Qiang Liu</a></li> | ||
|
|
||