The Award Committee for the Jean-Claude Laprie Award has unanimously chosen a paper entitled, “An Empirical Study of the Reliability of UNIX Utilities” as winner of the 2022 award.
Written by Barton P. Miller, Louis Fredriksen and Bryan So, the article was published in Communications of the ACM, Volume 33, Issue 12, Dec. 1990
The Award Citation: “An Empirical Study of the Reliability of UNIX Utilities” … launched the field of fuzz testing, or fuzzing as it is commonly called.
Based on the observation that the standard UNIX utilities suffered crashes and hangs due to wrong or nonsensical inputs, it went onto systematically evaluating their reliability and study the root causes of the failures.
The paper also released its code and data openly (a novelty at that time) and has been reproduced by many other studies as recently as 2019. The paper has been cited more than 1300 times and was enormously influential. For example, another work that followed up on this idea are Ballista from CMU, which has gone onto become a standard in its own right.
Today, fuzzing is taught in introductory software testing and security courses and is a prominent area of research in many conferences such as ICSE, ISSTA, ISSRE, etc., that have multiple sessions dedicated to this topic.
More importantly, it is being applied in large companies such as Microsoft, Google, etc. For example, Microsoft recently published a paper on how they integrate fuzzing in the life-cycle of almost all their products (https://patricegodefroid.github.io/public_psfiles/Fuzzing-101-CACM2020.pdf). Similarly, Google recently reported that 80% of the bugs they find in production in the Chrome web browser are due to fuzzing (https://i.blackhat.com/eu-19/Wednesday/eu-19-Arya-ClusterFuzz-Fuzzing-At-Google-Scale.pdf).
Fuzzing was the precursor of software-implemented fault injection or SWiFI tools, which have been a research topic at DSN for over two decades. Fuzzing is also heavily used in security research, and is often the first choice of tool for penetration testers. Thus, this paper has important implications for both reliability and security research, and unifies them, which resulted in its unanimous selection for the award.
About the Jean-Claude Laprie Award
The Jean-Claude Laprie Award in Dependable Computing is awarded annually since 2012 by IFIP WG 10.4 (Dependable Computing and Fault Tolerance). The award recognises outstanding papers that have significantly influenced the theory and/or practice of Dependable Computing. It takes the form of a memorial plaque presented to the author(s) at the Annual IEEE/IFIP International Conference on Dependable Systems and Networks (DSN). Any paper relating to dependable and secure computing and published at least 10 years prior to the award year (eg. 2012 or earlier for the 2022 award) is considered eligible.
The award seeks to recognise papers that have had a significant impact in the intervening years in one or more of the three following categories:
- Technical/scientific research impact
- Industrial/commercial product impact
- Broad impact on the dependable computing community
Citations and complete information on the Jean-Claude Laprie awards can be found on the award web page: http://jclaprie-award.dependability.org