yannicnoller.github.io
Open in
urlscan Pro
185.199.109.153
Public Scan
Submitted URL: http://yannicnoller.github.io/
Effective URL: https://yannicnoller.github.io/
Submission: On December 10 via api from US — Scanned from US
Effective URL: https://yannicnoller.github.io/
Submission: On December 10 via api from US — Scanned from US
Form analysis 0 forms found in the DOM
Text Content
Toggle navigation
* About (current)
* Publications
* Service
* Teaching
* Positions
* Team
* Blog
*
YANNIC NOLLER
Professor for Computer Science, Ruhr University Bochum (RUB)
> If you want to write your bachelor/master thesis with us, check our available
> topics!
Yannic (CV) is a professor at the Faculty of Computer Science at the Ruhr
University Bochum (RUB) and leads the Software Quality group. His research
focuses on how software quality can be maintained and improved with automated
testing and repair technologies. His general research goal is to shape the
future of software development by contributing to the domain of automated
software engineering and providing the means to develop reliable, trustworthy,
and secure software systems. In particular, he works in the following areas:
1. Automated Program Repair: developing new repair techniques to aid developers
in fixing program bugs
2. Machine Learning Analysis: automated analysis, testing, and repairing of
machine learning models
3. Software Testing: exploring and designing (hybrid) testing techniques to
systematically generate test inputs that expose incorrect program behavior
4. Intelligent Tutoring Systems: how to help CS students learn programming by
applying concepts from automated testing and repair to guide the students
toward the right solution
5. Human Factors in SE: studying developer needs and requirements for
successful deployment of testing and repair techniques in development
practice
Before joining RUB in July 2024, Yannic was an Assistant Professor at Singapore
University of Technology and Design (SUTD) and a Research Assistant Professor in
the Department of Computer Science at the National University of Singapore
(NUS). He pursued his Ph.D. in Computer Science in the Software Engineering
group (advised by Prof. Lars Grunske) at the Humboldt-Universität zu Berlin,
Germany. His Ph.D. research focused on differential software testing, in
particular, by combining fuzzing and symbolic execution in the context of
regression analysis, algorithmic complexity analysis, side-channel analysis, and
robustness analysis of neural networks.
NEWS
Jul 01, 2024 After almost 4 years in Singapore 🇸🇬, I returned to Germany 🇩🇪
and joined the Ruhr-University Bochum as professor in the faculty of computer
science! Feb 09, 2024 Happy to be the Publicity Co-Chair for ISSTA 2025!🇳🇴🥳
If you also want to contribute, here is your chance! ISSTA is looking for
competent and motivated reviewers for its 2025 edition. Nominate yourself
(deadline Feb 20) using this form: https://t.co/BAxK2wN1V9. Jan 20, 2024 Happy
to share that our poster about “Exploring Complexity Estimation with Symbolic
Execution and Large Language Models” has been accepted for the KLEE Workshop
2024! Jan 18, 2024 I had fun participating in STEAMxD @ SUTD and teaching
Singapore’s bright JC students about basic principles in machine learning! Dec
07, 2023 Our work on “Evolutionary Testing for Program Repair” has been accepted
for ICST 2024! With EvoRepair, we explore a coevolution approach that generates
tests and repairs in a unified workflow using EvoSuite. Stay tuned for the
pre-print :-)
SELECTED PUBLICATIONS
1. ICSE
Trust Enhancement Issues in Program Repair
Yannic Noller, Ridwan Shariffdeen , Xiang Gao , and Abhik Roychoudhury
In Proceedings of the 44th International Conference on Software Engineering
, Pittsburgh, Pennsylvania, 2022
Abs Bib HTML PDF Supp Slides
Automated program repair is an emerging technology that seeks to
automatically rectify bugs and vulnerabilities using learning, search, and
semantic analysis. Trust in automatically generated patches is necessary for
achieving greater adoption of program repair. Towards this goal, we survey
more than 100 software practitioners to understand the artifacts and setups
needed to enhance trust in automatically generated patches. Based on the
feedback from the survey on developer preferences, we quantitatively
evaluate existing test-suite based program repair tools. We find that they
cannot produce high-quality patches within a top-10 ranking and an
acceptable time period of 1 hour. The developer feedback from our
qualitative study and the observations from our quantitative examination of
existing repair tools point to actionable insights to drive program repair
research. Specifically, we note that producing repairs within an acceptable
time-bound is very much dependent on leveraging an abstract search space
representation of a rich enough search space. Moreover, while additional
developer inputs are valuable for generating or ranking patches, developers
do not seem to be interested in a significant human-in-the-loop interaction.
@inproceedings{trustapr_icse2022,
author = {Noller, Yannic and Shariffdeen, Ridwan and Gao, Xiang and Roychoudhury, Abhik},
title = {Trust Enhancement Issues in Program Repair},
year = {2022},
isbn = {9781450392211},
publisher = {Association for Computing Machinery},
address = {New York, NY, USA},
url = {https://doi.org/10.1145/3510003.3510040},
doi = {10.1145/3510003.3510040},
booktitle = {Proceedings of the 44th International Conference on Software Engineering},
pages = {2228–2240},
numpages = {13},
location = {Pittsburgh, Pennsylvania},
series = {ICSE '22},
}
2. ISSTA
QFuzz: Quantitative Fuzzing for Side Channels
Yannic Noller, and Saeid Tizpaz-Niari
In Proceedings of the 30th ACM SIGSOFT International Symposium on Software
Testing and Analysis , Virtual, Denmark, 2021
Abs Bib HTML PDF Supp Code Slides
Side channels pose a significant threat to the confidentiality of software
systems. Such vulnerabilities are challenging to detect and evaluate because
they arise from non-functional properties of software such as execution
times and require reasoning on multiple execution traces. Recently,
noninterference notions have been adapted in static analysis, symbolic
execution, and greybox fuzzing techniques. However, noninterference is a
strict notion and may reject security even if the strength of information
leaks are weak. A quantitative notion of security allows for the relaxation
of noninterference and tolerates small (unavoidable) leaks. Despite progress
in recent years, the existing quantitative approaches have scalability
limitations in practice. In this work, we present QFuzz, a greybox fuzzing
technique to quantitatively evaluate the strength of side channels with a
focus on min entropy. Min entropy is a measure based on the number of
distinguishable observations (partitions) to assess the resulting threat
from an attacker who tries to compromise secrets in one try. We develop a
novel greybox fuzzing equipped with two partitioning algorithms that try to
maximize the number of distinguishable observations and the cost differences
between them. We evaluate QFuzz on a large set of benchmarks from existing
work and real-world libraries (with a total of 70 subjects). QFuzz compares
favorably to three state-of-the-art detection techniques. QFuzz provides
quantitative information about leaks beyond the capabilities of all three
techniques. Crucially, we compare QFuzz to a state-of-the-art quantification
tool and find that QFuzz significantly outperforms the tool in scalability
while maintaining similar precision. Overall, we find that our approach
scales well for real-world applications and provides useful information to
evaluate resulting threats. Additionally, QFuzz identifies a zero-day
side-channel vulnerability in a security critical Java library that has
since been confirmed and fixed by the developers.
@inproceedings{qfuzz_issta2021,
author = {Noller, Yannic and Tizpaz-Niari, Saeid},
title = {QFuzz: Quantitative Fuzzing for Side Channels},
year = {2021},
isbn = {9781450384599},
publisher = {Association for Computing Machinery},
address = {New York, NY, USA},
url = {https://doi.org/10.1145/3460319.3464817},
doi = {10.1145/3460319.3464817},
booktitle = {Proceedings of the 30th ACM SIGSOFT International Symposium on Software Testing and Analysis},
pages = {257–269},
numpages = {13},
keywords = {vulnerability detection, fuzzing, quantification, side-channel analysis, dynamic analysis},
location = {Virtual, Denmark},
series = {ISSTA 2021},
}
3. PLDI
Concolic Program Repair
Ridwan Shariffdeen , Yannic Noller, Lars Grunske , and Abhik Roychoudhury
In Proceedings of the 42nd ACM SIGPLAN International Conference on
Programming Language Design and Implementation , Virtual, Canada, 2021
Abs Bib HTML PDF Code Poster Slides
Automated program repair reduces the manual effort in fixing program errors.
However, existing repair techniques modify a buggy program such that it
passes given tests. Such repair techniques do not discriminate between
correct patches and patches that overfit the available tests (breaking
untested but desired functionality). We propose an integrated approach for
detecting and discarding overfitting patches via systematic co-exploration
of the patch space and input space. We leverage concolic path exploration to
systematically traverse the input space (and generate inputs), while ruling
out significant parts of the patch space. Given a long enough time budget,
this approach allows a significant reduction in the pool of patch
candidates, as shown by our experiments. We implemented our technique in the
form of a tool called ’CPR’ and evaluated its efficacy in reducing the patch
space by discarding overfitting patches from a pool of plausible patches. We
evaluated our approach for fixing real-world software vulnerabilities and
defects, for fixing functionality errors in programs drawn from SV-COMP
benchmarks used in software verification, as well as for test-suite guided
repair. In our experiments, we observed a patch space reduction due to our
concolic exploration of up to 74% for fixing software vulnerabilities and up
to 63% for SV-COMP programs. Our technique presents the viewpoint of gradual
correctness - repair run over longer time leads to less overfitting fixes.
@inproceedings{cpr,
author = {Shariffdeen, Ridwan and Noller, Yannic and Grunske, Lars and Roychoudhury, Abhik},
title = {Concolic Program Repair},
year = {2021},
isbn = {9781450383912},
publisher = {Association for Computing Machinery},
address = {New York, NY, USA},
url = {https://doi.org/10.1145/3453483.3454051},
doi = {10.1145/3453483.3454051},
booktitle = {Proceedings of the 42nd ACM SIGPLAN International Conference on Programming Language Design and Implementation},
pages = {390–405},
numpages = {16},
keywords = {patch overfitting, program repair, symbolic execution, program synthesis},
location = {Virtual, Canada},
series = {PLDI 2021},
}
4. ICSE
HyDiff: Hybrid Differential Software Analysis
Yannic Noller, Corina S. Păsăreanu , Marcel Böhme , Youcheng Sun , Hoang Lam
Nguyen , and Lars Grunske
In Proceedings of the ACM/IEEE 42nd International Conference on Software
Engineering , Seoul, South Korea, 2020
Abs Bib HTML PDF Supp Code Slides
Detecting regression bugs in software evolution, analyzing side-channels in
programs and evaluating robustness in deep neural networks (DNNs) can all be
seen as instances of differential software analysis, where the goal is to
generate diverging executions of program paths. Two executions are said to
be diverging if the observable program behavior differs, e.g., in terms of
program output, execution time, or (DNN) classification. The key challenge
of differential software analysis is to simultaneously reason about multiple
program paths, often across program variants.This paper presents HyDiff, the
first hybrid approach for differential software analysis. HyDiff integrates
and extends two very successful testing techniques: Feedback-directed
greybox fuzzing for efficient program testing and shadow symbolic execution
for systematic program exploration. HyDiff extends greybox fuzzing with
divergence-driven feedback based on novel cost metrics that also take into
account the control flow graph of the program. Furthermore HyDiff extends
shadow symbolic execution by applying four-way forking in a systematic
exploration and still having the ability to incorporate concrete inputs in
the analysis. HyDiff applies divergence revealing heuristics based on
resource consumption and control-flow information to efficiently guide the
symbolic exploration, which allows its efficient usage beyond regression
testing applications. We introduce differential metrics such as output,
decision and cost difference, as well as patch distance, to assist the
fuzzing and symbolic execution components in maximizing the execution
divergence.We implemented our approach on top of the fuzzer AFL and the
symbolic execution framework Symbolic PathFinder. Weillustrate HyDiff on
regression and side-channel analysis for Java bytecode programs, and further
show how to use HyDiff for robustness analysis of neural networks.
@inproceedings{hydiff,
author = {Noller, Yannic and P\u{a}s\u{a}reanu, Corina S. and B\"{o}hme, Marcel and Sun, Youcheng and Nguyen, Hoang Lam and Grunske, Lars},
title = {HyDiff: Hybrid Differential Software Analysis},
year = {2020},
isbn = {9781450371216},
publisher = {Association for Computing Machinery},
address = {New York, NY, USA},
url = {https://doi.org/10.1145/3377811.3380363},
doi = {10.1145/3377811.3380363},
booktitle = {Proceedings of the ACM/IEEE 42nd International Conference on Software Engineering},
pages = {1273–1285},
numpages = {13},
keywords = {differential program analysis, symbolic execution, fuzzing},
location = {Seoul, South Korea},
series = {ICSE '20},
}
5. ICSE
DifFuzz: Differential Fuzzing for Side-channel Analysis
Shirin Nilizadeh , Yannic Noller, and Corina S. Păsăreanu
In Proceedings of the 41st International Conference on Software Engineering
, Montreal, Quebec, Canada, 2019
Abs Bib HTML PDF
Side-channel attacks allow an adversary to uncover secret program data by
observing the behavior of a program with respect to a resource, such as
execution time, consumed memory or response size. Side-channel
vulnerabilities are difficult to reason about as they involve analyzing the
correlations between resource usage over multiple program paths. We present
DifFuzz, a fuzzing-based approach for detecting side-channel vulnerabilities
related to time and space. DifFuzz automatically detects these
vulnerabilities by analyzing two versions of the program and using
resource-guided heuristics to find inputs that maximize the difference in
resource consumption between secret-dependent paths. The methodology of
DifFuzz is general and can be applied to programs written in any language.
For this paper, we present an implementation that targets analysis of Java
programs, and uses and extends the Kelinci and AFL fuzzers. We evaluate
DifFuzz on a large number of Java programs and demonstrate that it can
reveal unknown side-channel vulnerabilities in popular applications. We also
show that DifFuzz compares favorably against Blazer and Themis, two
state-of-the-art analysis tools for finding side-channels in Java programs.
@inproceedings{diffuz,
author = {Nilizadeh, Shirin and Noller, Yannic and P\u{a}s\u{a}reanu, Corina S.},
title = {DifFuzz: Differential Fuzzing for Side-channel Analysis},
booktitle = {Proceedings of the 41st International Conference on Software Engineering},
series = {ICSE '19},
year = {2019},
location = {Montreal, Quebec, Canada},
pages = {176--187},
numpages = {12},
url = {https://doi.org/10.1109/ICSE.2019.00034},
doi = {10.1109/ICSE.2019.00034},
acmid = {3339529},
publisher = {IEEE Press},
address = {Piscataway, NJ, USA},
keywords = {dynamic analysis, fuzzing, side-channel analysis, vulnerability detection},
}
6. ISSTA
Badger: Complexity Analysis with Fuzzing and Symbolic Execution
Yannic Noller, Rody Kersten , and Corina S. Păsăreanu
In Proceedings of the 27th ACM SIGSOFT International Symposium on Software
Testing and Analysis , Amsterdam, Netherlands, 2018
Abs Bib HTML PDF Code Poster Slides
Hybrid testing approaches that involve fuzz testing and symbolic execution
have shown promising results in achieving high code coverage, uncovering
subtle errors and vulnerabilities in a variety of software applications. In
this paper we describe Badger - a new hybrid approach for complexity
analysis, with the goal of discovering vulnerabilities which occur when the
worst-case time or space complexity of an application is significantly
higher than the average case. Badger uses fuzz testing to generate a diverse
set of inputs that aim to increase not only coverage but also a
resource-related cost associated with each path. Since fuzzing may fail to
execute deep program paths due to its limited knowledge about the conditions
that influence these paths, we complement the analysis with a symbolic
execution, which is also customized to search for paths that increase the
resource-related cost. Symbolic execution is particularly good at generating
inputs that satisfy various program conditions but by itself suffers from
path explosion. Therefore, Badger uses fuzzing and symbolic execution in
tandem, to leverage their benefits and overcome their weaknesses. We
implemented our approach for the analysis of Java programs, based on Kelinci
and Symbolic PathFinder. We evaluated Badger on Java applications, showing
that our approach is significantly faster in generating worst-case
executions compared to fuzzing or symbolic execution on their own.
@inproceedings{badger,
author = {Noller, Yannic and Kersten, Rody and P\u{a}s\u{a}reanu, Corina S.},
title = {Badger: Complexity Analysis with Fuzzing and Symbolic Execution},
year = {2018},
isbn = {9781450356992},
publisher = {Association for Computing Machinery},
address = {New York, NY, USA},
url = {https://doi.org/10.1145/3213846.3213868},
doi = {10.1145/3213846.3213868},
booktitle = {Proceedings of the 27th ACM SIGSOFT International Symposium on Software Testing and Analysis},
pages = {322–332},
numpages = {11},
keywords = {Denial-of-Service, Complexity Analysis, Symbolic Execution, Fuzzing},
location = {Amsterdam, Netherlands},
series = {ISSTA 2018},
}
© Copyright 2024 Yannic Noller. Powered by Jekyll with al-folio theme. Hosted by
GitHub Pages. Photos from Unsplash. Last updated: November 11, 2024.