BSDCan2016 - v1.1.24a

BSDCan 2016
The Technical BSD Conference

Kirk Russell
Day Talks #2 - 11 June - 2016-06-11
Room DMS 1110
Start time 10:00
Duration 01:00
ID 655
Event type Lecture
Track Hacking
Language used for presentation English

Using competitive analysis to increase the effectiveness of operating system fuzz testing

How to reproduce a kernel crash in 10 seconds or less

Fuzz testing has been used to evaluate the robustness of operating system distributions for over twenty years. Eventually, a fuzz test suite will suffer from reduced effectiveness.

The first obstacle is the pesticide paradox: as you fix the easy defects, it gets difficult to find the remaining obscure defects. Also, the test execution time and the debug/fix cycle tends to be manual work that can take hours or even days of effort. During the presentation, a structured framework for creating new fuzz tests will be introduced, along with a competitive analysis approach used to minimize defect reproduction complexity.