Skip to main content

Jonathan Knudsen

Adjunct Associate Professor in the Engineering Graduate and Professional Programs
Engineering Graduate and Professional Programs

Selected Presentations & Appearances


Broken Brokers in Boxes: Fuzzing Breaks Everything, Even Erlang - SecTor 2021 · November 3, 2021 Lecture

Behind the scenes of a trio of recently disclosed vulnerabilities are two innovations. First, putting fuzzing targets in containers makes memory exhaustion much easier to observe. Second, widening our definition of failure makes it possible to locate vulnerabilities even in “safe” environments like Erlang. This presentation begins with a brief review of fuzzing, focusing on its domains and the quality of test cases. From there, we will examine the concept of failure and the many ways in which confidentiality, integrity, and availability can be compromised. Next, a brief overview of Erlang shows why virtual machine environments are considered safer than other languages and environments.

While pointing out advantages, this presentation will also illuminate that any type of software in any environment can be vulnerable. Putting target software inside a Docker container is useful for fuzz testing. This presentation shows how containers lend themselves well to repeatable, reliable testing, and how constraining memory helps bring resource problems to the surface. A simple framework for creating and using containers for fuzzing will be presented. A live demonstration will be included, in which we will run an Erlang-based message broker in a container, then knock it down with a fuzz test case.

Broken Brokers in Boxes: Fuzzing Breaks Everything, Even Erlang - Open Source Summit · September 29, 2021 Lecture

Behind the scenes of a trio of recently disclosed vulnerabilities are two innovations. First, putting fuzzing targets in containers makes memory exhaustion much easier to observe. Second, widening our definition of failure make it possible to locate vulnerabilities even in "safe" environments like Erlang. This presentation begins with a brief review of fuzzing, focusing on its domains and the quality of test cases. From there, we will examine the concept of failure and the many ways in which confidentiality, integrity, and availability can be compromised. Next, a brief overview of Erlang shows why virtual machine environments are considered safer than other languages and environments. While pointing out advantages, this presentation will also illuminate that any type of software in any environment can be vulnerable. Putting target software inside a Docker container is useful for fuzz testing. This presentation shows how containers lend themselves well to repeatable, reliable testing, and also how constraining memory helps bring resource problems to the surface. A simple framework for creating and using containers for fuzzing will be presented. A live demonstration will be included.