Bart Miller, Trusted CI co-PI, and his two student co-authors were honored with the 2022 Jean-Claude Laprie Award in Dependable Computing on June 28 in Baltimore, Md. Miller, along with L. Fredriksen, and B. So, were presented the award during the opening session of the Annual IEEE/IFIP International Conference on Dependable Systems and Networks.
The groundbreaking paper, “An Empirical Study of the Reliability of UNIX Utilities," published in 1990, launched the field of fuzz random testing, or fuzzing as it is commonly called. The paper created a new technique for easy-to-use software testing and then used that technique to evaluate UNIX utilities crashes. As part of this research, the authors also studied the root causes of the failures. They also released its code and data openly (a novelty at that time). The paper has been cited more than 1,300 times and was responsible for creating an entire new branch of testing and security research. Hundreds of papers and tens of PhD dissertations are produced each year in this area.
Today, fuzzing is taught in introductory software testing and security courses, is a prominent area of focus at numerous conferences, and is recognized by major companies. For example, Microsoft recently published a paper on how they integrate fuzzing in the life cycle of almost all their products. Similarly, Google recently reported that 80 percent of the bugs they find in production in the Chrome web browser are due to fuzzing.
Fuzzing is heavily used in security research and is often the tool of choice for penetration testers. Thus, this paper has important implications for reliability and security research.
About Bart Miller
Bart Miller with his Cessna TR182 that he bought in 1980. He's had his commercial pilots license since 1979.
Barton Miller is the Vilas Distinguished Achievement Professor at the University of Wisconsin-Madison. Co-PI on Trusted CI, where he leads the software assurance effort. Research interests include software security, in-depth vulnerability assessment, and binary code analysis. In 1988, Miller founded the field of fuzz random software testing, a foundation of many security and software engineering disciplines. In 1992, Miller and his then-student Jeffrey Hollingsworth founded the field of dynamic binary code instrumentation and coined the term “dynamic instrumentation.” Miller is a Fellow of the ACM.
The award was created in 2011, in honor of Jean-Claude Laprie (1944-2010), whose pioneering contributions to the concepts and methodologies of dependability were influential in defining and unifying the field of dependable and secure computing. The award recognizes outstanding papers that have significantly influenced the theory and/or practice of dependable computing.
IFIP Working Group 10.4 was established in 1980 with the aim of identifying and integrating approaches, methods, and techniques for specifying, designing, building, assessing, validating, operating, and maintaining dependable computer systems (those that are reliable, available, safe, and secure). Its 75 members from around the world meet twice a year to conduct in-depth discussions of important technical topics to further the understanding of the fundamental concepts of dependable computing.
IFIP is a non-governmental, non-profit umbrella organization for national societies working in the field of information processing. It was established in 1960 under the auspices of UNESCO as a result of the first World Computer Congress held in Paris in 1959. It is the leading multinational, apolitical organization in Information and Communications Technologies and Sciences.
