|
It is estimated that a security flaw occurs in in every 100 lines of code written, which makes it difficult to develop secure, and trustworthy software. Given the lack of a sufficient number of developers, the computing industry is turning to smart fuzzing and symbolic execution tools that automatically discover and patch vulnerabilities in computing systems. While these techniques are becoming widely used in industry, few academic programs include these concepts in their educational programs. The project will develop curricular materials that will teach students these emerging techniques that are revolutionizing how software is being tested and validated. This project will develop open-source curricula, and hands-on, "capture-the-flag" (CTF) exercises that will enable Computer Science programs across the country to teach these techniques to students.
In order to help develop abilities in fuzzing the project will develop a polymorphically generated web application that includes source code and several vulnerabilities. Students will use a fuzzer to identify, and fix the vulnerabilities. As a result students will develop the skills required to use fuzzers, and the ability to spot the errors and vulnerabilities in source-code that fuzzers reveal. By building and publishing these educational artifacts, this project will place these tools in the hands of as many students as possible so that industry can efficiently build and secure software. As a result, the next-generation of developers will understand the fundamental ideas behind automated vulnerability detection and correction, and develop the ability to leverage modern software testing tools.
|
SaTC: EDU: Curricula and CTF Exercises for Teaching Smart Fuzzing and Symbolic Execution