Thuan Pham

Dr. Van-Thuan Pham

Lecturer at the University of Melbourne

About

Thuan Pham is a Lecturer in Cyber Security at the University of Melbourne (UoM). He has been working on scalable and high-performance fuzz testing to improve the reliability & security of software systems. Before joining UoM, he worked with Dr. Marcel Böhme at Monash University and Provost's Chair Professor Abhik Roychoudhury at National University of Singapore (NUS) as a postdoctoral Research Fellow. He received his Ph.D. degree in Computer Science from NUS in July 2017. His research, in collaboration with companies and government agencies, has led to many papers published at premier journals and conferences (e.g., TSE, ICSE, CCS) and one U.S. patent. He has developed several open-source automated security testing tools (e.g., AFLGo, AFLSmart, AFLNet, AFLTeam) that are responsible for 100+ (critical) vulnerabilities discovered in large real-world software systems. His research has been featured on media channels like Theregister.co.uk and Securityweek.com.   

Openings

I am looking for a motivated PhD student to work on (security) testing solutions for embedded systems. If you are interested, please check the entry requirements and application submission process before sending me your CV, transcript(s) and research statement. Please feel free to contact me if you have any questions.

News

  • Oct 2021. I will be speaking at the FuzzCon Europe 2021 online conference about our work on effective parallel fuzzing.
  • Aug 2021. Our paper entitled "Towards Systematic and Dynamic Task Allocation for Collaborative Parallel Fuzzing" has been accepted to ASE 2021 (NIER Track).
  • Jan 2021. We have released ProFuzzBench - A Benchmark for Stateful Protocol Fuzzing. Please check it out.
  • Nov 2020. I have been invited to join the USENIX Security '21 Program Committee. Please consider to submit your papers.
  • July 2020. I have joined the University of Melbourne as a Lecturer in Cyber Security.
  • May 2020. I have been invited to join the APSEC'20 Program Committee. Please consider to submit your papers.
  • Mar 2020. AFLNet - our greybox fuzzer for network protocols has been released at https://github.com/aflnet/aflnet.
  • Feb 2020. I have been invited to join the ISSTA'20 Artifact Evaluation Committee.
  • Jan 2020. Our paper entitled "AFLNet: A Greybox Fuzzer for Network Protocols" has been accepted to ICST 2020 (Testing Tools Track).
  • Dec 2019. My talk entitled "Secure Software Development with Continuous Fuzzing" has been accepted to Bsides Melbourne 2020.
  • Dec 2019. Our paper "Human-In-The-Loop Automatic Program Repair" has been accepted to ICST'20.
  • Sep 2019. I have attended the Shonan meeting on Fuzzing and Symbolic Execution in Tokyo .
  • Sep 2019. AFLSmart (Smart Greybox Fuzzing) has been accepted by TSE.
  • Feb 2019. We have released the source code of AFLSmart (Smart Greybox Fuzzing).
  • Publications

    Towards Systematic and Dynamic Task Allocation for Collaborative Parallel Fuzzing

    Van-Thuan Pham, Manh-Dung Nguyen, Quang-Trung Ta, Toby Murray, Benjamin I.P. Rubinstein
    IEEE/ACM International Conference on Automated Software Engineering 2021 (ASE'21) (NIER Track)

    PDF

    ProFuzzBench: A Benchmark for Stateful Protocol Fuzzing

    Roberto Natella, and Van-Thuan Pham
    ACM International Symposium on Software Testing and Analysis 2021 (ISSTA'21) (Tool Demonstrations Track)

    PDF

    AFLNet: A Greybox Fuzzer for Network Protocols

    Van-Thuan Pham, Marcel Böhme, and Abhik Roychoudhury
    IEEE International Conference on Software Testing, Verification and Validation 2020 (ICST'20) (Testing Tools Track)

    PDF Video

    Human-In-The-Loop Automatic Program Repair

    Marcel Böhme, Charaka Gheetal and Van-Thuan Pham
    IEEE International Conference on Software Testing, Verification and Validation 2020 (ICST'20)

    PDF

    Smart Greybox Fuzzing

    Van-Thuan Pham, Marcel Böhme, Andrew E. Santosa, Alexandru Răzvan Căciulescu and Abhik Roychoudhury
    IEEE Transactions on Software Engineering (TSE) 2019 (To appear)

    PDF

    Coverage-based Greybox Fuzzing as Markov Chain

    Marcel Böhme, Van-Thuan Pham and Abhik Roychoudhury
    IEEE Transactions on Software Engineering (TSE) 2018

    Directed Greybox Fuzzing

    Marcel Böhme, Van-Thuan Pham, Manh-Dung Nguyen and Abhik Roychoudhury
    ACM Conference on Computer and Communications Security (CCS) 2017

    PDF

    Bucketing Failing Tests via Symbolic Analysis

    Van-Thuan Pham, Sakaar Khurana, Subhajit Roy and Abhik Roychoudhury
    International Conference on Fundamental Approaches to Software Engineering (FASE) 2017

    PDF

    Coverage-based Greybox Fuzzing as Markov Chain

    Marcel Böhme, Van-Thuan Pham and Abhik Roychoudhury
    ACM Conference on Computer and Communications Security (CCS) 2016

    PDF

    Model-based Whitebox Fuzzing for Program Binaries

    Van-Thuan Pham, Marcel Böhme, Abhik Roychoudhury
    IEEE/ACM International Conference on Automated Software Engineering (ASE) 2016

    PDF Slides Video

    Hercules: Reproducing Crashes in Real-World Application Binaries

    Van-Thuan Pham, Wei Boon Ng, Konstantin Rubinov and Abhik Roychoudhury
    ACM/IEEE International Conference on Software Engineering (ICSE) 2015

    PDF

    Integrated Timing Analysis of Application and Operating Systems Code

    Lee Kee Chong, Clement Ballabriga, Van-Thuan Pham, Sudipta Chattopadhyay and Abhik Roychoudhury
    IEEE Real-time Systems Symposium (RTSS) 2013

    A General Solution supporting Real-time and Remote Electrocardiogram Diagnostic based on Embedded and Mobile Technology

    Dung Cao Tuan, Thuan Pham Van, Viet Hoang Anh
    International Symposium on Information and Communication Technology (SoICT) 2012

    Patent

    Autonomous reasoning system for vulnerability analysis

    Praveen Murthy, Bogdan Copos and Thuan Pham
    (Short description) Automated vulnerability detection and program repair system working directly on program binaries.
    United States Patent - US9767290B2

    Selected Work Experience

    Lecturer - University of Melbourne (From 7/2020)

    Teaching and doing research on software security.

    Research Fellow - Monash University (12/2018 - 6/2020)

    Worked on Fuzz testing techniques for vulnerability detection.

    Research Fellow - NUS (8/2017 - 11/2018)

    Worked on Fuzz testing techniques for vulnerability detection & crash reproduction.

    Research Associate - NUS (4/2017 - 7/2017)

    Worked on Fuzz testing techniques for vulnerability detection & crash reproduction.

    Research Assistant - NUS (5/2016 - 3/2017)

    Worked on Fuzz testing techniques for vulnerability detection & crash reproduction.

    Research Intern - Fujitsu Laboratories of America (2/2015 - 5/2015)

    Involved in a team to build an automated Cyber Reasoning System (CRS) to participate in the DARPA Cyber Grand Challenge - The World’s first all-machine hacking tournament.

    Lecturer - Hanoi University of Science and Technology (8/2007 - 8/2012)

    Taught courses in subjects such as Microprocessors, Embedded Systems, Microsoft .NET Framework and involved in R&D and technonogy transfers activities.

    Co-founder & Trainer - Embedded247 Training Center (5/2011 - 7/2012)

    Designed courses & involved in training activities.

    Co-founder & Research Lead - Mimas Solutions and Services jsc., (5/2011 - 7/2012)

    Designed and developed prototypes for emotion & image recognition systems.

    Research Intern - Orange France Telecom (2/2009 - 7/2009)

    Designed and evaluated routing protocols for wireless sensor networks.

    Awards

    Research Achievement Award AY2014/2015 - School of Computing, NUS (AY2014/2015)

    Presented to PhD students who have achieved outstanding research performance.

    3rd prize VIFOTEC Scientific and Technological Innovation Award - Ministry of Science and Technology (Vietnam) (2011)

    For an automatic mirror-rotation based Goniophotometer hardware & software system. The product was bought by Rang Dong Lighting Ltd., one of the biggest lighting companies in Vietnam.

    Top 5 Intel & DST Asia Pacific Challenge 2011 - (2011)

    For a Brain-Computer-Interace (BCI) based emotion recognition system.

    1st prize Vietnamese Talent Award - (2010)

    For a system helping disabled people to control electronic/electrical devices via brain signals.