Red Hat Research Quarterly

Working fuzzier, not harder

Red Hat Research Quarterly

Working fuzzier, not harder

about the author

Hugh Brock

Hugh Brock is the Research Director for Red Hat, coordinating Red Hat research and collaboration with universities, governments, and industry worldwide. A Red Hatter since 2002, Hugh brings intimate knowledge of the complex relationship between upstream projects and shippable products to the task of finding research to bring into the open source world.

Article featured in

I first met Boston University PhD student Alex Bulekov at Red Hat’s Boston office in the fall of 2018. At the time, I had very little idea of what a “fuzzer” was, let alone why building a better one would be a useful and noteworthy thing. (In case you, too, are ignorant on this topic, I recommend you read Alex’s article, “Applying lessons from our upstream hypervisor fuzzer to improve kernel fuzzing,” to find out more.) Alex, along with his Red Hat mentor Bandan Das, gave me a complete and patient education on the topic of fuzzers and their benefits. His project then was to overcome the difficulties of making a fuzzer that could successfully fuzz DMA inputs to a process—in this case, the QEMU virtual machine management tool. Today, he has not only succeeded with his initial goal, he has moved on to building a generic fuzzing framework that may relieve the need to write complex and precise descriptions of exactly how to fuzz specific inputs to the Linux kernel. If his project succeeds, it will be a significant contribution to the security and testability of the kernel, and I would count it a major achievement both for Alex and for Red Hat Research.

If his project succeeds, it will be a significant contribution to the security and testability of the kernel, and I would count it a major achievement both for Alex and for Red Hat Research.

Our focus on testing continues with our interview with long-time Red Hat Research partner Tomáš Černý. Currently a professor at Baylor University, Tomáš began working with Red Hat while he was still at ČVUT in Prague, in the area of automated test development done by probing the interfaces presented by microservices. As with Bulekov’s fuzzing framework, Tomáš’s interest is in relieving the burden of manual test authoring from the developer while ensuring greater test coverage and hence higher quality. Tomáš is also our foremost cultural exchange ambassador at Red Hat Research: every year, he brings ten or so Baylor undergraduates to Prague and Brno to work with Red Hat engineers and researchers at Czech universities. The students rave about the experience, and no wonder: they get to meet great scientists and engineers from a unique culture while sampling what is, in my opinion, the best beer in the world.

Frequent readers will be aware that 2022 saw the beginning of Red Hat Research’s expanded $4 million annual research agreement with Boston University. Last issue, we featured the largest single grant awarded from our 2021 RFP, the AI for Cloud Ops project. In this issue, we feature a similarly ambitious effort that also touches AI but is otherwise completely different: the Smarta Byar (“Smart Villages,” in English) project to build a complete digital twin of a village in southern Sweden called Veberöd. The project aims to collect data on everything from bus movements to barbeque smoke to see what kind of applications can be built with such a large, continuous flow of information. One of the first challenges, of course, will be familiar to every data scientist: how do you improve the quality of the incoming data while reducing the quantity to a manageable level? Event-driven algorithms are one possibility, but there are others; have a look at Red Hatter Jim Craig’s overview of the project to learn more.

As I write this, the whole Red Hat Research team is frantically at work preparing for our first real in-person event since January of 2020: Red Hat Research Day is coming to Brno, Czech Republic, on September 15 of this year! We are more than a little excited about the ability to again meet with our university and industry partners in person and learn firsthand about where research with open source impact will go next. We hope you will be able to join us there— keep an eye on for details.


More like this