Many of the core competence areas of the Department of Software Engineering involve various aspects of IT security. In particular, it is an important dimension of software quality, testing, cloud technologies, networking, and IoT devices, which are all critical from a cybersecurity point of view.
Fuzzing
Fuzzing (a.k.a fuzz or random testing), is a popular testing technique that generates totally random or partially randomized (‘fuzzed’) test inputs in a great volume, which are then given to a program for processing in the hope that some of them cause malfunction. The power of the approach lies in its ability to generate a large number of test cases without consuming expensive manpower. Furthermore, because of the randomness, it can often produce unusual test cases that would be beyond the awareness of a human tester. The popularity of fuzzing is not surprising, as the typical problems fuzzers can reveal are potentially high priority security critical program crashes, illegal memory accesses, or assertion failures, which may be exploited by a malicious attacker. This makes the scientific research of the topic very active and also attracts the attention of the industry, where it is often used in security testing processes.
The Department of Software engineering has years of experience in both the research and the application of all aspects of fuzzing. We have
- applied fuzzing to various targets (e.g., to open source web engines and JavaScript platforms, but also to proprietary systems outside the web domain),
- invented and implemented various test case generators (e.g., grammar or model-based generative fuzzers, corpus and mutation-based fuzzers, and hybrid approaches),
- used classic black box and coverage feedback-guided grey box techniques,
- researched related topics (e.g., how to uniquely identify detected faults or how to minimize the potentially large failure-inducing input), and
- built a modular framework to efficiently glue together all components of fuzzing.
Additional Competence Areas
- Vulnerability assessment of software (source code) and systems (networks)
- Security testing of software systems
- Network security design and assessment
- Design of security architectures
- Trainings related to IT security
o IT security education courses at the Institute of Informatics of the University of Szeged
o Professional trainings, including security testing (ISTQB AST) - Secure coding guidelines
- Penetration testing, ethical hacking
Key Projects:
- Secure IoT Software Platforms, Smart Systems Research Institute, Interdisciplinary Excellence Centre Read More
- Software Quality and Security, Smart Systems Research Institute, Interdisciplinary Excellence Centre Read More
- Internet of Living Things (IoLT) project, grant number GINOP-2.3.2-15-2016-00037 Read More
- Security Enhancing Technologies for the IoT (SETIT) project, grant number 2018-1.2.1-NKP-2018-00004 Read More in Hungarian, Project Announcement in Hungarian (search for '2018-1.2.1-NKP-2018-00004')
Key Partners:
- Budapest University of Technology and Economics
- University of Debrecen
Selected Publications:
"
"
Related Publications:
"
"
"
Key People (in alphabetical order):
- Árpád Beszédes, PhD
- Rudolf Ferenc, PhD
- Tamás Gergely, PhD
- Renáta Hodován
- Ákos Kiss, PhD
- Béla Vancsics