September 27-30, 2021
Seattle, Washington, USA + Virtual
View More Details & Registration

The Sched app allows you to build your schedule but is not a substitute for your event registration. You must be registered for Open Source Summit + Embedded Linux Conference + OSPOCon 2021 to participate in the sessions. If you have not registered but would like to join us, please go to the event registration page to purchase a registration.

This schedule is automatically displayed in Pacific Daylight Time (UTC -7). To see the schedule in your preferred timezone, please select from the drop-down menu to the right, above "Filter by Date." The schedule is subject to change.

IMPORTANT NOTE: Timing of sessions and room locations are subject to change.

Back To Schedule
Wednesday, September 29 • 10:30am - 11:20am
(VIRTUAL) Broken Brokers in Boxes: Fuzzing Breaks Everything, Even Erlang - Jonathan Knudsen, Synopsys, Inc.

Sign up or log in to save this to your schedule, view media, leave feedback and see who's attending!

Feedback form is now closed.
Behind the scenes of a trio of recently disclosed vulnerabilities are two innovations. First, putting fuzzing targets in containers makes memory exhaustion much easier to observe. Second, widening our definition of failure make it possible to locate vulnerabilities even in "safe" environments like Erlang. This presentation begins with a brief review of fuzzing, focusing on its domains and the quality of test cases. From there, we will examine the concept of failure and the many ways in which confidentiality, integrity, and availability can be compromised. Next, a brief overview of Erlang shows why virtual machine environments are considered safer than other languages and environments. While pointing out advantages, this presentation will also illuminate that any type of software in any environment can be vulnerable. Putting target software inside a Docker container is useful for fuzz testing. This presentation shows how containers lend themselves well to repeatable, reliable testing, and also how constraining memory helps bring resource problems to the surface. A simple framework for creating and using containers for fuzzing will be presented. A live demonstration will be included.

avatar for Jonathan Knudsen

Jonathan Knudsen

Security Researcher, Synopsys, Inc.
Jonathan Knudsen is a technical security evangelist in the Synopsys Software Integrity Group, where he enjoys breaking software and teaching others how to make software better. Jonathan is the author of books about 2D graphics, cryptography, mobile application development, Lego robots... Read More →

Wednesday September 29, 2021 10:30am - 11:20am PDT
MeetingPlay Platform + Virtual Learning Lab
  OS Dependability, Best Practices for Vulnerability Detection & Reporting