Fuzz Testing
Principal Investigators
Collaborators
Staff and Students
Abhik Roychoudhury is a Provost's Chair Professor of Computer Science at the National University of Singapore, where he has been since 2001 after receiving his Ph.D. in Computer Science from the State University of New York at Stony Brook in 2000. He is the Director of the National Satellite of Excellence in Trustworthy Software Systems at Singapore (2019-23). He has previously led the TSUNAMi research center (2015-20), a large five-year long targeted research effort funded by National Research Foundation in the domain of trust-worthy software. He has also helped set up the Singapore Cyber-security Consortium (2016-22), which is a consortium of 25 companies in the cyber-security space engaging with academia for research and collaboration. Abhik's research focuses on software testing and analysis, software security and trust-worthy software construction. His research on automatically repairing programs at a large scale contributes to the vision of self-healing software. His research team is known for contributions to program repair, and fuzz testing.
Dr. LIANG Zhenkai is an Associate Professor in the Department of Computer Science at National University of Singapore. He received his Ph.D. degree in Computer Science from Stony Brook University in 2006, and B.S. degrees in Computer Science and Economics from Peking University in 1999. His research area is in system and software security, and security in emerging platforms, such as Web, mobile, and Internet-of-things (IoT). He has been publishing high-impact papers in top security and software engineering conferences, and has won several best paper awards, namely, the Outstanding Paper Award at the Annual Computer Security Applications Conference (ACSAC) in 2003, the Best Paper Award at the USENIX Security Symposium in 2007, the ACM SIGSOFT Distinguished Paper at the ESEC and ACM SIGSOFT Symposium on the Foundations of Software Engineering (ESEC-FSE) in 2009, and the Best Paper Award at the Web 2.0 Security & Privacy (W2SP) Workshop in 2014. He has been actively served as technical committee members and editorial board members of top security conferences and journals, including ACM Conference on Computer and Communications Security (CCS), USENIX Security Symposium, Network and Distributed System Security Symposium (NDSS), and IEEE Transactions on Dependable and Secure Computing (TSDC).
Dr. Umang Mathur is a Presidential Young Professor in the School of Computing at the National University of Singapore, where he is a part of PLSE@NUS, and is a Visiting Assistant Professor at IIT Bombay. He obtained his PhD from the University of Illinois at Urbana-Champaign. Prior to joining NUS, Umang was a Research Scientist at Facebook Inc. and an NTT Research Fellow at the Simons Institute for the Theory of Computing. His work has been recognized by a Google PhD Fellowship, a Google Research grant and Distinguished and Best paper awards at ESEC/FSE 2018, ASPLOS 2022 and POPL 2023.
Manuel Rigger is an Assistant Professor leading the TEST Lab, which is part of the PL/SE group at the School of Computing, National University of Singapore. He is working on software reliability, data-centric systems, and programming language implementation. In his recent work, he has been focusing on automatically testing Database Management Systems, part of which he found over 450 bugs in widely-used systems such as SQLite, MySQL, PostgreSQL, MariaDB, and CockroachDB. Prior to joining NUS, Manuel was a postdoc at the Advanced Software Technologies Lab at ETH Zurich, mentored by Zhendong Su. He completed his PhD at Johannes Kepler University Linz, mentored by Hanspeter Mössenböck, where he worked on the safe and efficient execution of unsafe languages (project Sulong). Part of his work was integrated into Oracle’s GraalVM to support the execution of LLVM IR on this platform.
Marcel Böhme leads the Software Security research group at the Max Planck Institute for Security and Privacy (MPI-SP) in Germany. Previously, he was a Senior Lecturer at Monash University in Australia and a PostDoc at the TSUNAMi Security Research Centre in Singapore and the CISPA-Helmholtz Zentrum in Germany. Marcel received his PhD from the National University of Singapore. His current research interest is the automatic discovery of security flaws at the very large scale. One part of his group develops the probabilistic foundations of automatic software testing (i.e., finding bugs by generating executions) to elucidate fundamental limitations of existing techniques and to explore the assurances that software testing provides when no bugs are found. The other part of his group develops practical vulnerability discovery tools that are widely used in software security practice. For instance, Entropic is the default power schedule in LibFuzzer which powers the largest fuzzing platforms at Google and Microsoft, fuzzing hundreds of security-critical projects on 100k machines 24/7. His tools have discovered 100+ bugs in widely-used software systems, more than 70 of which are security-critical vulnerabilities registered as CVEs at the US National Vulnerability Database.
Dirk Beyer is Professor of Computer Science and has a Research Chair for Software Systems at LMU Munich, Germany. He was Full Professor at University of Passau (2009-2016), Assistant and Associate Professor at Simon Fraser University, B.C., Canada, and Postdoctoral Researcher at EPFL in Lausanne, Switzerland (2004-2006) and at the University of California, Berkeley, USA (2003-2004) in the group of Tom Henzinger. Dirk Beyer holds a Dipl.-Inf. degree (1998) and a Dr. rer. nat. degree (2002) in Computer Science from the Brandenburg University of Technology in Cottbus, Germany. In 1998 he was Software Engineer with Siemens AG, SBS Dept. Major Projects in Dresden, Germany. His research focuses on models, algorithms, and tools for the construction and analysis of reliable software systems. He is the architect, designer, and implementor of several successful tools. For example, CrocoPat is the first efficient interpreter for relational programming, CCVisu is a successful tool for visual clustering, and CPAchecker and BLAST are two well-known and successful software model checkers.
Mathias Payer is a security researcher and associate professor at the EPFL school of computer and communication sciences (IC), leading the HexHive group. His research focuses on protecting applications in the presence of vulnerabilities, with a focus on memory corruption and type violations. He is interested in software security, system security, binary exploitation, effective mitigations, fault isolation/privilege separation, strong sanitization, and software testing (fuzzing) using a combination of binary analysis and compiler-based techniques. All prototype implementations are open-source. Mathias joined EPFL in 2018 and received tenure in 2021. Before EPFL, he spent 4 years as assistant professor at Purdue University and 2 years as PostDoc in Dawn Song's BitBlaze group at UC Berkeley. He graduated from ETH Zurich with a Dr. sc. ETH in 2012. In 2018, he co-founded the EPFL polygl0ts CTF team and in 2014, he founded the Purdue b01lers CTF team.
Dr. Jonathan Pan leads the Disruptive Technologies Office of the Home Team Science and Technology Agency (HTX), Singapore. This office explores the frontiers of Science and Technologies, like Artificial Intelligence and Quantum, for homeland security application through their applied Research and Development endeavours. Jonathan also conducts his own research in computational forensics. He is also an Adjunct Associate Professor with Nanyang Technological University Singapore where he teaches Cyber Security and Artificial Intelligence courses.
Gregory is a Research Assistant Professor at the National University of Singapore and currently serves as the Assistant Director of the National Satellite of Excellence in Trustworthy Software Systems (Singapore).
Previously, Gregory received his BSc (Mathematics), BEng (Software) and Phd (Computer Science) from the University of Melbourne. From 2011 Gregory works at the National University of Singapore.
Gregory's research interests include: systems, security, binary rewriting, programming languages, constraint programming, functional programming and rewrite systems.
Ruijie Meng is a PhD Student in the Department of Computer Science at the School of Computing, National University of Singapore, advised by Prof. Abhik Roychoudhury. Her research interests fall in program analysis and testing. The current research focuses on reactive system fuzzing.
Dylan is pursuing his PhD at the National University of Singapore, advised by Abhik Roychoudhury. He is interested in leveraging static and dynamic program analysis (as well as verification) techniques to find and prevent bugs in software. Prior to returning to academia, he worked at Mathworks on a variety of projects, mostly involving testing and deployment infrastructure for web applications.
Zhao Huan is a first-year PhD Student and Research Assistant in the Department of Computer Science at the School of Computing, National University of Singapore, advised by Prof. Abhik Roychoudhury.
Shi Zheng is a first-year PhD Student in the Department of Computer Science at the School of Computing, National University of Singapore, advised by Prof. Umang Mathur. He is working on concurrency and dynamic analysis with a general research interest in program analysis and data race detection.
Ivan is a second-year Master’s Student in the Department of Computer Science at the School of Computing, National University of Singapore, advised by Prof. Wei-Ngan Chin and Prof. Manuel Rigger. His research interests are in compilers and software reliability.