School of Computer Science Assistant Professor Taesoo Kim received the National Science Foundation CAREER Award in March. The grant offers $500,000 over the next five years for chosen research.
Kim’s project, CAREER: System Techniques to Improve Fuzzing Performance, will focus on how to improve fuzzing efficiency. Fuzzing is an automatic software-testing technique that injects a mutated input into a program randomly. This process is effective in finding bugs in complex programs.
Fuzzing is so helpful for catching security risks that even industry has already adopted it. In fact, Google recently implemented a distributed, large-scale fuzzing infrastructure, ClusterFuzz, where hundreds of machines process more than 50 million test cases daily.
High performance is key to finding more bugs, so the future of fuzzing is to create faster, smarter fuzzers. Most research focuses on creating an input that is likely to trigger a vulnerability to catch a bug.
However, Kim’s project is moving in a different direction. He is looking to improve performance by shortening the execution time of each fuzzing instance, for example improving the scope of how much the fuzzing case targets. Kim’s project also hopes to address scaling and performance problems in system software layers.
“This work highlights the importance of enhancing performance of bug finding techniques from the perspectives of underlying systems,” Kim said. “With the funding, we will develop techniques that can drastically shorten the time to discover bugs through fuzzing.”
This research could save companies operational costs for their fuzzers. It will also help developers find more security bugs in open-source and commercial software. Overall, Kim’s work could lead to less glitchy, safer software for users.
The industry-focused research is a signature of Kim, who has been pursuing cutting-edge cybersecurity and systems research since he joined Georgia Tech in 2014.
"The NSF CAREER award recognizes the best young researchers,” Chair Lance Fortnow said. “It’s just one more indication of Taesoo Kim's expanding leadership in cybersecurity and computer systems."