Cybersecurity

Many of the core competence areas of the Department of Software Engineering involve various aspects of IT security. In particular, it is an important dimension of software quality, testing, cloud technologies, networking, and IoT devices, which are all critical from a cybersecurity point of view.

Fuzzing

Fuzzing (a.k.a fuzz or random testing), is a popular testing technique that generates totally random or partially randomized (‘fuzzed’) test inputs in a great volume, which are then given to a program for processing in the hope that some of them cause malfunction. The power of the approach lies in its ability to generate a large number of test cases without consuming expensive manpower. Furthermore, because of the randomness, it can often produce unusual test cases that would be beyond the awareness of a human tester. The popularity of fuzzing is not surprising, as the typical problems fuzzers can reveal are potentially high priority security critical program crashes, illegal memory accesses, or assertion failures, which may be exploited by a malicious attacker. This makes the scientific research of the topic very active and also attracts the attention of the industry, where it is often used in security testing processes.

The Department of Software engineering has years of experience in both the research and the application of all aspects of fuzzing. We have

  • applied fuzzing to various targets (e.g., to open source web engines and JavaScript platforms, but also to proprietary systems outside the web domain),
  • invented and implemented various test case generators (e.g., grammar or model-based generative fuzzers, corpus and mutation-based fuzzers, and hybrid approaches),
  • used classic black box and coverage feedback-guided grey box techniques,
  • researched related topics (e.g., how to uniquely identify detected faults or how to minimize the potentially large failure-inducing input), and
  • built a modular framework to efficiently glue together all components of fuzzing.

Additional Competence Areas

  • Vulnerability assessment of software (source code) and systems (networks)
  • Security testing of software systems
  • Network security design and assessment
  • Design of security architectures
  • Trainings related to IT security
    o IT security education courses at the Institute of Informatics of the University of Szeged
    o Professional trainings, including security testing (ISTQB AST)
  • Secure coding guidelines
  • Penetration testing, ethical hacking

Key Projects:

  • Secure IoT Software Platforms, Smart Systems Research Institute, Interdisciplinary Excellence Centre Read More
  • Software Quality and Security, Smart Systems Research Institute, Interdisciplinary Excellence Centre Read More
  • Internet of Living Things (IoLT) project, grant number GINOP-2.3.2-15-2016-00037 Read More
  • Security Enhancing Technologies for the IoT (SETIT) project, grant number 2018-1.2.1-NKP-2018-00004 Read More in Hungarian, Project Announcement in Hungarian (search for '2018-1.2.1-NKP-2018-00004')

Key Partners:

  • Budapest University of Technology and Economics
  • University of Debrecen

Selected Publications:

Ferenc, Rudolf, Péter Hegedűs, Péter Gyimesi, Gábor Antal, Dénes Bán, and Tibor Gyimothy. Challenging Machine Learning Algorithms in Predicting Vulnerable JavaScript Functions In 7th International Workshop on Realizing Artificial Intelligence Synergies in Software Engineering. IEEE Press, 2019.

Hodován, Renáta, Ákos Kiss, and Tibor Gyimóthy. "Grammarinator: A Grammar-based Open Source Fuzzer." In Proceedings of the 9th Workshop on Automating Test Case Design, Selection and Evaluation (A-TEST 2018). Lake Buena Vista, Florida, USA, 2018.

Hodován, Renáta, and Ákos Kiss. Fuzzinator: An Open-Source Modular Random Testing Framework In Proceedings of the 11th IEEE International Conference on Software Testing, Verification and Validation (ICST 2018). Västeras, Sweden: IEEE Computer Society, 2018.

Hodován, Renáta, and Ákos Kiss. "Fuzzing JavaScript Engine APIs." In Integrated Formal Methods – 12th International Conference, iFM 2016, 425-438. Vol. 9681. Lecture Notes in Computer Science (LNCS) 9681. Reykjavík, Iceland, June 1-5, 2016.

Related Publications:

Kiss, Ákos, Renáta Hodován, and Tibor Gyimóthy. HDDr: A Recursive Variant of the Hierarchical Delta Debugging Algorithm In Proceedings of the 9th Workshop on Automating Test Case Design, Selection and Evaluation (A-TEST 2018). Lake Buena Vista, Florida, USA: ACM, 2018.

Hodován, Renáta, Ákos Kiss, and Tibor Gyimóthy. "Tree Preprocessing and Test Outcome Caching for Efficient Hierarchical Delta Debugging." In Proceedings of the 12th IEEE/ACM International Workshop on Automation of Software Testing (AST 2017), 23-29. Buenos Aires, Argentina, 2017.

Hodován, Renáta, Ákos Kiss, and Tibor Gyimóthy. Coarse Hierarchical Delta Debugging In Proceedings of the 33rd IEEE International Conference on Software Maintenance and Evolution (ICSME 2017). Shanghai, China: IEEE Computer Society, 2017.

Hodován, Renáta, and Ákos Kiss. "Practical Improvements to the Minimizing Delta Debugging Algorithm." In Proceedings of the 11th International Joint Conference on Software Technologies (ICSOFT 2016) – Volume 1: ICSOFT-EA, 241-248. Lisbon, Portugal, 2016.

Hodován, Renáta, and Ákos Kiss. "Modernizing Hierarchical Delta Debugging." In Proceedings of the 7th International Workshop on Automating Test Case Design, Selection, and Evaluation (A-TEST 2016), 31-37. Seattle, Washington, USA, 2016.

Key People (in alphabetical order):

  • Árpád Beszédes, PhD
  • Rudolf Ferenc, PhD
  • Tamás Gergely, PhD
  • Renáta Hodován
  • Ákos Kiss, PhD
  • Béla Vancsics
Page last modified: October 4, 2019