POSTED BY: dimitris / 19.10.2018

Program Instrumentation with and without Source Code (FOSSCOMM 2018)

CENSUS was one of the sponsors of FOSSCOMM 2018, the annual free and open source communities conference, that took place this year in Heraklion, Crete. CENSUS participated in the conference with a two part presentation on Program Instrumentation.

FOSSCOMM can only be described as a grassroots Free and Open Source Software conference, where contributors, users and enthusiasts meet to present, discuss and work on FOSS topics. The conference is typically hosted by a hellenic academic institution and run by volunteers. It is supported by a number of organizations including FOSS-promoting organizations, user groups but also commercial organizations. This year the sponsors list included Gitlab, Collabora and Facebook. Among other things, sponsorships make it possible to invite international speakers to the conference.

Although a number of IT related conferences are held in Greece each year, FOSSCOMM retains a special place in the list, as it delivers a good mixture of technical content, spirited audiences and plain fun. The diversity of the audience is interesting, as it ranges from Developers and System Administrators, to students, researchers and consultants. These crowds travel from all over the country for the two-day conference that takes place at a different venue each year.

Having the above diversity in mind, we decided for FOSSCOMM's tenth installment to deliver a Program Instrumentation talk at the Security Track, as the technique can be applied to multiple domains (debugging, performance monitoring, vulnerability research etc.). The talk was divided in two parts; in the first one I covered topics related to Program Instrumentation when source code is available. The second part was delivered by colleague Dimitrios Tatsis and covered binary instrumentation topics. Dimitrios also demonstrated his dissertation project on combining Angr with the DynamoRIO binary instrumentation framework, to extend program coverage during fuzz testing through targeted symbolic execution.

Slides from the two presentations are now available here:

We would like to thank the organizers of FOSSCOMM 2018 for an amazing event and we hope to see everyone again next year!