Franjo Ivancic
Franjo's research interests include software engineering, automated software testing, static and dynamic program analysis, software verification, model checking, as well as formal modeling and analysis of cyber-physical systems. Before joining Google, he was a Senior Researcher at NEC Laboratories America in Princeton, NJ from 2003-2013. He received his Ph.D. and MSE degrees in Computer and Information Science from the University of Pennsylvania in Philadelphia, PA. Earlier, he received his diploma (Dipl.-Inform.) degree from the Rheinische Friedrich-Wilhelms-University in Bonn, Germany, for his research performed at the Fraunhofer Institute in St. Augustin, Germany. He received the Morris and Dorothy Rubinoff dissertation award from the University of Pennsylvania. More information is available at www.franjo-ivancic.info.
Authored Publications
Sort By
Reducing Time-To-Fix For Fuzzer Bugs
Rui Abreu
Hadi Ravanbakhsh
Ramesh Viswanathan
36th IEEE/ACM International Conference on Automated Software Engineering (2021)
Preview abstract
At Google, fuzzing C/C++ libraries has discovered tens of thousands of security and robustness bugs. However, these bugs are often reported much after they were introduced. Developers are provided only with fault-inducing test inputs and replication instructions that highlight a crash, but additional debugging information may be needed to localize the cause of the bug. Hence, developers need to spend substantial time debugging the code and identifying commits that introduced the bug. In this paper, we discuss our experience with automating a fuzzing-enabled bisection that pinpoints the commit in which the crash first manifests itself. This ultimately reduces the time critical bugs stay open in our code base. We report on our experience over the past year, which shows that developers fix bugs on average 2.23 times faster when aided by this automated analysis.
View details
SunDew: Systematic Automated Security Testing
2020 IEEE 13th International Conference on Software Testing, Validation and Verification (ICST), IEEE, {3-3}
Preview abstract
At Google, tens of thousands of security and robustness bugs have been found by fuzzing C and C++ libraries. The various aspects of the SunDew project, one of the projects working on automated scalable techniques related to fuzzing at Google, are presented: how to fuzz, what to fuzz, and how to deal with discovered bugs. First, a distributed fuzzing infrastructure is presented. It allows to cooperatively utilize multiple test generation techniques. Then, a system for automated fuzz driver generation, named FUDGE, is described, which automatically generates fuzz driver candidates for libraries based on existing client code. Running large-scale fuzzing services also causes lots of bugs and vulnerabilities to be reported. Various techniques are presented to provide feedback to developers to reduce the time a known security bug remains open. Finally, challenges and opportunities to incorporate security testing into the general software development workflow are highlighted.
View details
FUDGE: Fuzz Driver Generation at Scale
Yaohui Chen
Markus Kusano
Caroline Lemieux
Wei Wang
Proceedings of the 2019 27th ACM Joint Meeting on European Software Engineering Conference and Symposium on the Foundations of Software Engineering, ACM
Preview abstract
At Google we have found tens of thousands of security and robustness bugs by fuzzing C and C++ libraries. To fuzz a library, a fuzzer requires a fuzz driver—which exercises some library code—to which it can pass inputs. Unfortunately, writing fuzz drivers remains a primarily manual exercise, a major hindrance to the widespread adoption of fuzzing. In this paper, we address this major hindrance by introducing the Fudge system for automated fuzz driver generation. Fudge automatically generates fuzz driver candidates for libraries based on existing client code. We have used Fudge to generate thousands of new drivers for a wide variety of libraries. Each generated driver includes a synthesized C/C++ program and a corresponding build script, and is automatically analyzed for quality. Developers have integrated over 200 of these generated drivers into continuous fuzzing services and have committed to address reported security bugs. Further, several of these fuzz drivers have been upstreamed to open source projects and integrated into the OSS-Fuzz fuzzing infrastructure. Running these fuzz drivers has resulted in over 150 bug fixes, including the elimination of numerous exploitable security vulnerabilities.
View details
Replay without Recording of Production Bugs for Service Oriented Architectures
Nipun Arora
Jonathan Bell
Gail Kaiser
Baishakhi Ray
Proceedings of the 33rd ACM/IEEE International Conference on Automated Software Engineering, ACM (2018), pp. 452-463
Preview abstract
Short time-to-localize and time-to-fix for production bugs is extremely important for any 24x7 service-oriented application (SOA). Debugging buggy behavior in deployed applications is hard, as it requires careful reproduction of a similar environment and workload. Prior approaches for automatically reproducing production failures do not scale to large SOA systems. Our key insight is that for many failures in SOA systems (e.g., many semantic and performance bugs), a failure can automatically be reproduced solely by relaying network packets to replicas of suspect services, an insight that we validated through a manual study of 16 real bugs across five different systems. This paper presents Parikshan, an application monitoring framework that leverages user-space virtualization and network proxy technologies to provide a sandbox “debug” environment. In this “debug” environment, developers are free to attach debuggers and analysis tools without impacting performance or correctness of the production environment. In comparison to existing monitoring solutions that can slow down production applications, Parikshan allows application monitoring at significantly lower overhead.
View details
ARC++: Effective Typestate and Lifetime Dependency Analysis
Preview
Xusheng Xiao
Naoto Maeda
Aarti Gupta
Deepak Chhetri
ISSTA, ACM (2014), pp. 116-126
