Today's software is gigantic and convoluted, and such increase in complexitymade automated techniques to discovering security vulnerabilities essential toprotect computer systems. In response to such demands, random testing, as knownas fuzzing, has been flourishing due to its scalability. Fuzzing has beenmitigated possible threats by quickly identifying potential vulnerabilities,however, it is fundamentally limited to discovering a certain type securityvulnerabilities (e.g., memory corruption bugs) in shallow program logic.

In this talk, I will present my study on achieving advancement in automatic andscalable vulnerability discovery. First, I will introduce APISan, a tool thatfinds API misuse vulnerabilities by automatically learning its correct usagefrom source code. Next, I will present QSYM, a system for specialized symbolicexecution guiding fuzzing to deeply-hidden vulnerabilities. The impacts ofAPISan and QSYM have been acknowledged by being nominated as a finalist in CSAWBest Applied Best Paper Award 2016 and receiving the Distinguished Paper Awardin Usenix Security 2018, respectively.

Insu Yun is a Ph.D. student at Georgia Institute of Technology. He is interestedin system security in general, especially, binary analysis, automaticvulnerability detection, and applied cryptography.

In addition to research, he has been participating in several hackingcompetitions. In particular, he received the Black Badge from DEF CON as thewinner in 2015 (DEFKOR) and 2018 (DEFKOR00t).

Prior to joining Georgia Tech, he received his BS degree in Computer Sciencefrom KAIST in 2015.