Announcing the NDSS 2022 Test of Time Award: Automated White-Box Fuzzing Thumbnail
Strengthening the Internet 27 April 2022

Announcing the NDSS 2022 Test of Time Award: Automated White-Box Fuzzing

By Joseph Lorenzo HallDistinguished Technologist, Strong Internet

The Network and Distributed System Security (NDSS) Symposium kicked off earlier this week. Attendees—virtual and remote—have enjoyed a simply amazing set of workshops, symposia, papers, and posters. Take a look at my preview blog post from last week: “A Golden Age of Systems Security Research: What’s Happening at the NDSS Symposium 2022”.

Standing the Test of Time

Every year, the NDSS Symposium awards the “Test of Time” (ToT) award to particularly impactful papers that were presented at past NDSS symposia. These papers have ‘stood the test of time’ and have continued to be influential over many years. The NDSS ToT award recognizes the most influential papers presented at past NDSS symposia with respect to research and/or industrial impact on computer and network security. Papers can be nominated throughout the year with winners awarded at an upcoming symposium after careful deliberation by the volunteer Test of Time Award Committee.

Remaining Influential

Past ToT awards have been awarded to research that has motivated whole new areas of computer science and computer security, including automated detection of bugs, designing new secure communications protocols (DTLS), and clever techniques including taint analysis—injecting little bits of code to see what malware might do with them—and client puzzles—where a client-like a mobile device is forced by a server to complete a small “puzzle”, providing a significant speed bump to malicious attacks that would otherwise flood the server.

2022 Winner

This year, the winner of the 2022 ToT Award goes to “Automated Whitebox Fuzz Testing” authored by Patrice Godefroid, Michael Y. Levin, and David Molnar, which was presented at the NDSS Symposium in 2008.

This paper has one of the top citation counts of all  papers presented at NDSS symposia, and it had the particular distinction of combining two important areas of computer security: fuzz testing—where random inputs are sent to a piece of hardware or software to see how it might fail given unpredictable inputs—and symbolic execution—where a computer program can be broken down symbolically into its various parts so that other programs can analyze and manipulate the program.

The Test of Time Award Committee described the worthiness of this piece of research:

Automated Whitebox Fuzz Testing (NDSS 2008) is one of the seminal papers on program testing. The paper was an early demonstration of how to make symbolic execution practical and useful at scale. Building on previous advances in dynamic symbolic execution and in fuzz testing, this paper contributed both deep conceptual and practical insights and showed how to effectively achieve high code coverage when fuzzing real software. These insights were leveraged to create a tool, SAGE (Scalable, Automated, Guided Execution), that was used to find many bugs in Microsoft applications that couldn’t be found by previous tools. The paper has been enormously influential both in the design of practical tools and in inspiring follow-up research, as evidenced by its more than 1500 citations.

We congratulate the authors for their impact and for winning the 2022 NDSS ToT Award. We hope they go on to produce even more influential results and inspire researchers around the world to break new ground in systems security research.


Image credit: Wes Hardaker

Disclaimer: Viewpoints expressed in this post are those of the author and may or may not reflect official Internet Society positions.

Related articles

Strengthening the Internet 19 December 2023

Do We All Experience the Same Internet?

If any two people across the world from each other access the Internet at the same time, will they...

Strengthening the Internet 7 December 2023

Can You Kick the Trolls Out Of Your Online Forum? U.S. Supreme Court to Decide

Should the governments of Texas and Florida decide whether and how online discussion sites can moderate their posts? Let’s...

Mutually Agreed Norms for Routing Security (MANRS) 2 November 2023

Achieving Greater Heights for MANRS

Partnering with the Global Cyber Alliance (GCA), we believe that MANRS will continue to be further established as the...