Dor Levy

Intel (Israel)

Fuzzing 101

One of the basic mitigations to security attacks on software is proper input validation. When input is provided via a communication protocol or via a file holding complex data structure, it is infeasible, from time and resources aspects, to deterministically create all the corner cases that should be tested. This limitation means that we may release software with exploitable weaknesses in the code.

Fuzzing is a test technique that can reduce this risk.

In fuzzing, we automatically generate a very large amount of test cases and apply them to the system under test. Since test generation and results monitoring are all automated, a huge number of tests can be executed while investing a relatively low effort.

Dor Levy is a Security Researcher at Intel. In the past 10 years Dor worked on HW & SW designs on various Intel products from processors to SW security applications. In his current role Dor is preforming security evaluation for latest security FW products and defines FW & SW security guards and mitigations. The work is accomplished by using state of the art public and proprietary tools, code reviews and penetration testing. Dor is the Intel Jerusalem innovation community lead and an active Maker.