Maverick Woo
Carnegie Mellon University
Network
Latest external collaboration on country level. Dive into details by clicking on the dots.
Publication
Featured researches published by Maverick Woo.
Communications of The ACM | 2014
Thanassis Avgerinos; Sang Kil Cha; Alexandre Rebert; Edward J. Schwartz; Maverick Woo; David Brumley
The idea is to identify security-critical software bugs so they can be fixed first.
ieee symposium on security and privacy | 2015
Sang Kil Cha; Maverick Woo; David Brumley
We present the design of an algorithm to maximize the number of bugs found for black-box mutational fuzzing given a program and a seed input. The major intuition is to leverage white-box symbolic analysis on an execution trace for a given program-seed pair to detect dependencies among the bit positions of an input, and then use this dependency relation to compute a probabilistically optimal mutation ratio for this program-seed pair. Our result is promising: we found an average of 38.6% more bugs than three previous fuzzers over 8 applications using the same amount of fuzzing time.
computer and communications security | 2013
Maverick Woo; Sang Kil Cha; Samantha Gottlieb; David Brumley
Black-box mutational fuzzing is a simple yet effective technique to find bugs in software. Given a set of program-seed pairs, we ask how to schedule the fuzzings of these pairs in order to maximize the number of unique bugs found at any point in time. We develop an analytic framework using a mathematical model of black-box mutational fuzzing and use it to evaluate 26 existing and new randomized online scheduling algorithms. Our experiments show that one of our new scheduling algorithms outperforms the multi-armed bandit algorithm in the current version of the CERT Basic Fuzzing Framework (BFF) by finding 1.5x more unique bugs in the same amount of time.
computer aided verification | 2017
Andrew Reynolds; Maverick Woo; Clark Barrett; David Brumley; Tianyi Liang; Cesare Tinelli
Efficient reasoning about strings is essential to a growing number of security and verification applications. We describe satisfiability checking techniques in an extended theory of strings that includes operators commonly occurring in these applications, such as \(\mathsf {contains}, \mathsf {index\_of}\) and \(\mathsf {replace}\). We introduce a novel context-dependent simplification technique that improves the scalability of string solvers on challenging constraints coming from real-world problems. Our evaluation shows that an implementation of these techniques in the SMT solver cvc4 significantly outperforms state-of-the-art string solvers on benchmarks generated using PyEx, a symbolic execution engine for Python programs. Using a test suite sampled from four popular Python packages, we show that PyEx uses only \(41\% \) of the runtime when coupled with cvc4 than when coupled with cvc4’s closest competitor while achieving comparable program coverage.
usenix security symposium | 2014
Tiffany Bao; Johnathon Burket; Maverick Woo; Rafael Turner; David Brumley
usenix security symposium | 2014
Manuel Egele; Maverick Woo; Peter Chapman; David Brumley
usenix security symposium | 2013
Edward J. Schwartz; JongHyup Lee; Maverick Woo; David Brumley
network and distributed system security symposium | 2016
Daming D. Chen; Maverick Woo; David Brumley; Manuel Egele
usenix security symposium | 2013
Jiyong Jang; Maverick Woo; David Brumley
Archive | 2003
Bruce M. Maggs; Gary L. Miller; Ojas Parekh; R. Ravi; Shan Leung; Maverick Woo