Computer Science Professor Suman Jana Wins NSF Career Award

His proposal aims to improve security, reliability and robustness of infrastructure software

Apr 24 2019 | By Joanne Hvala | Photo Credit: Timothy Lee Photographers

Suman Jana

The National Science Foundation (NSF) has awarded Suman Jana, assistant professor of computer science, the NSF CAREER Award, for his project, “Efficient Fuzzing with Neural Program Smoothing.” The five-year, $500,000 award is the most prestigious honor given to junior faculty who have the potential to lead research and education in their field. Jana’s proposal aims to have significant impact on improving the security, reliability, and robustness of critical infrastructure software.

His project, “Efficient Fuzzing with Neural Program Smoothing” will lay the technical foundation for a new generation of fuzzers that can leverage advanced continuous optimization techniques.

Fuzzing has become the de facto standard technique for finding software vulnerabilities.

The fuzzing process involves generating random test inputs and executing the target program with these inputs to trigger potential security vulnerabilities. Due to its simplicity and low performance overhead, fuzzing has been very successful at finding numerous security vulnerabilities in many real-world programs. Besides finding memory corruption bugs, fuzzers have also been successfully adapted to detect other types of security vulnerabilities. Yet despite their tremendous promise, popular fuzzers often tend to get stuck trying redundant test inputs and struggle to find security vulnerabilities hidden deep within the program logic.

“I observe that this limitation is a direct consequence of a key design choice that most popular fuzzers share—they all use evolutionary algorithms to find interesting test inputs,” said Jana, who joined the Columbia Engineering in January 2016 and is also a member of the Data Science Institute. “Evolutionary algorithms tend to be inefficient at solving high-dimensional structured problems in many diverse domains like aerodynamic optimization and machine learning.”

With the award, Jana plans to develop a set of novel techniques and tools that will enable fuzzers to exploit the power of continuous optimization techniques, like gradient descent, for efficient detection of security vulnerabilities.

Tagged in