Indian Institute of Technology (IIT), Kharagpur
Year in School
REU Faculty Mentor
Research Area Interest
Programming Languages, Formal Methods, and Software Engineering
Greybox Fuzzing: As a tool to detect concurrency bugs in Android Applications
Biography & Research Abstract
Greybox fuzzing has emerged as a systematic methodology for exposing subtle hard-to-find bugs in many software platforms. In this project, we will explore the effectiveness of the greybox, feedback-driven fuzzing for concurrency testing Android applications. Bugs in android applications can be insidious, and be exposed only under specific inputs. The greater challenge though, which remains unsolved is to make current fuzzing techniques amenable to the event drive world, where, besides the exact input, the precise order in which the inputs are handled (also known as interleaving) also affects the outcome of the app. Exploring all possible interleavings for a given input can lead to very poor scalability, thereby defying the purpose of a technique like fuzzing, which typically wins because of the speed at which it can explore different program paths. The objective of this project is to develop techniques that can effectively navigate the interleaving space, while still preserving the effectiveness and performance of a feedback-driven fuzzing. The expected outcomes of this project are a proficient open-source tool that beats the current state-of-the-art Android testing techniques, can handle a large class of Android apps, and discover concurrency bugs (and possibly security vulnerabilities), which we can report back to the developer of these apps, together with correct patches.