Hybrid Fuzzing Concurrent Software using Model Checking and Machine Learning
Primary supervisor
Additional supervisors
- Pavlos Petoumenos
Contact admissions office
Other projects with the same supervisor
- Application Level Verification of Solidity Smart Contracts
- Finding Vulnerabilities in IoT Software using Fuzzing, Symbolic Execution and Abstract Interpretation
- Designing Safe & Explainable Neural Models in NLP
- Exploiting Software Vulnerabilities at Large Scale
- Verification Based Model Extraction Attack and Defence for Deep Neural Networks
- Using Program Synthesis for Program Repair in IoT Security
- Automated Repair of Deep Neural Networks
- Automatic Detection and Repair of Software Vulnerabilities in Unmanned Aerial Vehicles
- Combining Concolic Testing with Machine Learning to Find Software Vulnerabilities in the Internet of Things
- Verifying Cyber-attacks in CUDA Deep Neural Networks for Self-Driving Cars
Funding
- Directly Funded Project (Students Worldwide)
This research project has funding attached. Applications for this project are welcome from suitably qualified candidates worldwide. Funding may only be available to a limited set of nationalities and you should read the full department and project details for further information.
Project description
Application deadline: 24th December 2021.
Developing software that is safe and secure is an extraordinarily challenging task. Due to the effects that security vulnerabilities may have in software systems, financially or on an individual's well-being, the discipline of software testing and verification is a necessity. For example, the top ten vulnerabilities in CWE include four types of memory errors (e.g., out of bounds and use after free). Additionally, Microsoft reports that around 70% of all security updates in their products address memory issues. Lastly, Google says a similar number regarding bugs in the Chrome Browser. On the one hand, software model checking techniques have proven to be one of the most successful techniques based on their use in research and industry, but they suffer from the state-space explosion problem. On the other hand, fuzzing is one of the essential techniques for discovering security bugs, but it suffers from a code coverage problem.
This Ph.D. project aims to develop and evaluate a novel software verification platform based on Fuzzing, Model Checking, and Machine Learning (ML) techniques. In particular, this project will assess the state of uncompiled source code and produce an informative report that grades the code in terms of security flaws and how well it is written concerning the traditional SEI CERT coding standard rules. The core of this software verification platform will exploit black- and grey-box fuzzing and software model checking based on Satisfiability Modulo Theories to automatically detect security vulnerabilities in concurrent C programs and provide consistent reports about the code security. We will also exploit ML techniques that can automatically match the optimal parameters of our software verification platform for a comprehensive class of programs to find more security vulnerabilities and speed up the verification process. Finally, this Ph.D. project will evaluate this platform over open-source software projects to allow developers to review reports, help reduce development time and improve the security posture of open-source applications.
For informal enquiries, email: lucas.cordeiro@manchester.ac.uk.
Person specification
For information
- Candidates must hold a minimum of an upper Second Class UK Honours degree or international equivalent in a relevant science or engineering discipline.
- Candidates must meet the School's minimum English Language requirement.
- Candidates will be expected to comply with the University's policies and practices of equality, diversity and inclusion.
Essential
Applicants will be required to evidence the following skills and qualifications.
- You must be capable of performing at a very high level.
- You must have a self-driven interest in uncovering and solving unknown problems and be able to work hard and creatively without constant supervision.
Desirable
Applicants will be required to evidence the following skills and qualifications.
- You will have good time management.
- You will possess determination (which is often more important than qualifications) although you'll need a good amount of both.
General
Applicants will be required to address the following.
- Comment on your transcript/predicted degree marks, outlining both strong and weak points.
- Discuss your final year Undergraduate project work - and if appropriate your MSc project work.
- How well does your previous study prepare you for undertaking Postgraduate Research?
- Why do you believe you are suitable for doing Postgraduate Research?