Abhishek Aarya (Google)

Fuzzing is a highly effective technique that finds security vulnerabilities, stability bugs and correctness issues in a fully automated way. Over the last decade, it has rapidly evolved from being an experimental tool used by security teams to becoming a critical component of the software development life cycle and part of NIST’s standards for software verification. This talk will give insights into this journey of fuzzing innovation, from a dumb, blackbox testing technique to a smart, generational whitebox one, augmented with effective memory instrumentation. It will also shed light on the recent efforts to standardize fuzzer benchmarking and scaling research efforts in the community.

Speaker's Biography

Abhishek Arya is a Principal Engineer and head of the Google Open Source Security Team. His team has been a key contributor to various security engineering efforts inside the Open Source Security Foundation (OpenSSF). This includes the Fuzzing Tools (Fuzz-Introspector), Supply Chain Security Framework (SLSA, Sigstore), Security Risk Measurement Platform (Scorecards, AllStar), Vulnerability Management Solution (OSV) and Package Analysis project. Prior to this, he was a founding member of the Google Chrome Security Team and built OSS-Fuzz, a highly scaled and automated fuzzing infrastructure that fuzzes all of Google and Open Source. His team also maintains FuzzBench, a free fuzzer benchmarking service that helps the community rigorously evaluate fuzzing research and make it easier to adopt.

View More Papers

PickMail: A Serious Game for Email Phishing Awareness Training

Gokul CJ (TCS Research, Tata Consultancy Services Ltd., Pune), Vijayanand Banahatti (TCS Research, Tata Consultancy Services Ltd., Pune), Sachin Lodha (TCS Research, Tata Consultancy Services Ltd., Pune)

Read More

Speeding Dumbo: Pushing Asynchronous BFT Closer to Practice

Bingyong Guo (Institute of Software, Chinese Academy of Sciences), Yuan Lu (Institute of Software Chinese Academy of Sciences), Zhenliang Lu (The University of Sydney), Qiang Tang (The University of Sydney), jing xu (Institute of Software, Chinese Academy of Sciences), Zhenfeng Zhang (Institute of Software, Chinese Academy of Sciences)

Read More

PHYjacking: Physical Input Hijacking for Zero-Permission Authorization Attacks on...

Xianbo Wang (The Chinese University of Hong Kong), Shangcheng Shi (The Chinese University of Hong Kong), Yikang Chen (The Chinese University of Hong Kong), Wing Cheong Lau (The Chinese University of Hong Kong)

Read More