Announcing the NDSS 2022 Test of Time Award: Automated White-Box Fuzzing Thumbnail
‹ Back
Strengthening the Internet 27 April 2022

Announcing the NDSS 2022 Test of Time Award: Automated White-Box Fuzzing

Joseph Lorenzo Hall
By Joseph Lorenzo HallDistinguished Technologist, Strong Internet

The Network and Distributed System Security (NDSS) Symposium kicked off earlier this week. Attendees—virtual and remote—have enjoyed a simply amazing set of workshops, symposia, papers, and posters. Take a look at my preview blog post from last week: “A Golden Age of Systems Security Research: What’s Happening at the NDSS Symposium 2022”.

Standing the Test of Time

Every year, the NDSS Symposium awards the “Test of Time” (ToT) award to particularly impactful papers that were presented at past NDSS symposia. These papers have ‘stood the test of time’ and have continued to be influential over many years. The NDSS ToT award recognizes the most influential papers presented at past NDSS symposia with respect to research and/or industrial impact on computer and network security. Papers can be nominated throughout the year with winners awarded at an upcoming symposium after careful deliberation by the volunteer Test of Time Award Committee.

Remaining Influential

Past ToT awards have been awarded to research that has motivated whole new areas of computer science and computer security, including automated detection of bugs, designing new secure communications protocols (DTLS), and clever techniques including taint analysis—injecting little bits of code to see what malware might do with them—and client puzzles—where a client-like a mobile device is forced by a server to complete a small “puzzle”, providing a significant speed bump to malicious attacks that would otherwise flood the server.

2022 Winner

This year, the winner of the 2022 ToT Award goes to “Automated Whitebox Fuzz Testing” authored by Patrice Godefroid, Michael Y. Levin, and David Molnar, which was presented at the NDSS Symposium in 2008.

This paper has one of the top citation counts of all  papers presented at NDSS symposia, and it had the particular distinction of combining two important areas of computer security: fuzz testing—where random inputs are sent to a piece of hardware or software to see how it might fail given unpredictable inputs—and symbolic execution—where a computer program can be broken down symbolically into its various parts so that other programs can analyze and manipulate the program.

The Test of Time Award Committee described the worthiness of this piece of research:

Automated Whitebox Fuzz Testing (NDSS 2008) is one of the seminal papers on program testing. The paper was an early demonstration of how to make symbolic execution practical and useful at scale. Building on previous advances in dynamic symbolic execution and in fuzz testing, this paper contributed both deep conceptual and practical insights and showed how to effectively achieve high code coverage when fuzzing real software. These insights were leveraged to create a tool, SAGE (Scalable, Automated, Guided Execution), that was used to find many bugs in Microsoft applications that couldn’t be found by previous tools. The paper has been enormously influential both in the design of practical tools and in inspiring follow-up research, as evidenced by its more than 1500 citations.

We congratulate the authors for their impact and for winning the 2022 NDSS ToT Award. We hope they go on to produce even more influential results and inspire researchers around the world to break new ground in systems security research.


Image credit: Wes Hardaker

‹ Back

Disclaimer: Viewpoints expressed in this post are those of the author and may or may not reflect official Internet Society positions.

Related articles

Strengthening the Internet 8 August 2022

Exploring Digital Sovereignty

The Internet is a force. An intangible force of good, made from tangible parts and plays a bigger and...

Internet Way of Networking 26 May 2022

Old Rules in New Regulations – Why “Sender Pays” Is a Direct Threat to the Internet

If we stop treating the Internet as a technology-neutral, general purpose network, we'll lose it. 

Internet Way of Networking 18 May 2022

Protecting the Internet As We Know It – Three Things You Can Do Today To Stop the Splinternet

Learn how to protect what the Internet needs to exist and thrive—then do something today.

Join the conversation with Internet Society members around the world