COPLAS talk: Alexandre Bartel, CONFUZZION: Towards Efficient JVM Fuzzing

Join us online as Alexandre Bartel from DIKU will give a COPLAS talk on the open-source tool CONFUZZION

Abstract

Current fuzzers can test a Java program, and even test the Java Virtual Machine itself. However, they are mostly designed to uncover common bugs and implementation errors such as the infamous unhandled NullPointerException. Our approach allows finding object-oriented flaws like type confusions which are relevant from a security point of view. It relies on a black-box mutation-based smart fuzzing on the Java Virtual Machine (JVM) with crafted semantically valid programs as input.

We have implemented our approach in an open-source tool called CONFUZZION and are able to generate syntactically and semantically correct Java classes to find, for example, the type confusion vulnerability of CVE-2017-3272 within 4 hours on commodity hardware.

Bio

Alexandre Bartel is assistant professor at DIKU. 

Registration

All are welcome. No registration required.  The talk is held on Zoom. To join, please click here.

Host: Fritz Henglein (DIKU) 

You can find information on COPLAS and related talks here