ACES freshman has paper accepted to conference

George Klees ‘22, a first year student, had his paper “Evaluating Fuzz Testing” accepted to the ACM Conference on Computer and Communications Security. The paper was done under the direction of Michael Hicks, professor in the Department of Computer Science, and was worked on with Shiyi Wei, Andrew Ruef, and Benji Cooper.

This paper is a look at the current state of research into software fuzz testing, also known as "fuzzing," which is an automated process for finding vulnerabilities in computer programs. Fuzzers having been very successful at uncovering security flaws in real-world programs. However, many research tests were limited and without multiple trials or testing for statistical significance. The research team performed experiments to illustrate how these poor research practices can lead to inaccurate conclusions about the effectiveness of fuzzers.

George’s primary role was “planning and running the experiments, analyzing the data, and finding important trends. Then we made recommendations about how to improve the state of fuzzing research in the future.”

The conference takes place this week in Toronto. Unfortunately, George is unable to go and present their research, but Dr. Hicks will be there to share their findings.

In high school, George attended the Science, Mathematics, and Computer Science Magnet Program, where he was required to do a research project. He reached out to faculty members in the Computer Science Department and he and Dr. Hicks connected. This project was particularly interesting for him.

He says, “The paper itself is exciting because it sets a new standard for the entire research community and will likely give us far more confidence that proposed improvements to fuzzers are actually helpful. There has been no systematic way to assess these results until now.”

To learn more about the conference, visit their website or follow along on Twitter @acm_ccs or using the hashtag #ccs18.

Published October 11, 2018