Computer Systems & Security Group, USTC

Home
Publications
Projects
Courses
Members

ChemSmith: Detecting Bugs in Quantum Chemical Computation Software

Overview:

Based on molecular dynamics and density functional theory (DFT), the first-principle calculation has become an indispensable part of realms in Chemistry, Biology, material computation and prediction, and condensed matter physics. Multiple quantum chemical calculation software such as Gaussian, SIESTA, VASP, QUANTUM ESPRESSO, and ABACUS are developed to perform molecular dynamics simulation, electronic structure calculation, and produce predictions of materials which includes, but are not limited to their crystal structure, Physical and Chemical properties, Thermodynamic properties, and Mechanical properties. Nevertheless, less effort is made to study potential vulnerabilities in these systems.

In this project, to fill the gap, we present the general methodology for detecting vulnerabilities in quantum chemical computation programs. Our key idea is to leverage fuzz-based approach via a chemistry oracle. To validate our approach, we designed and implemented the first prototype system: ChemSmith, to detect and understand vulnerabilities in quantum chemical computation software. ChemSmith has several key components: first, it constructs and generates a large spectrum of random structured data following the Forms Data Format (FDF) files that can be accepted by computation software. Second, ChemSmith incorporates domain-specific chemical knowledge database, to guarantee and validate special-purpose chemical properties such as value ranges or data symmetry. Third, ChemSmith leverages the key insight of error feedback fuzzing by monitoring program executions, resource usage, unusual exceptions and crashes to discover functional vulnerabilities. Furthermore, ChemSmith leverages differential testing approach to ensure the rationality, accuracy, and consistency of results. Finally, any irrational and unexpected result should be automatically detected and manually classified for the purpose of vulnerability analysis.

From a long-term perspective, ChemSmith represents the first step towards detecting vulnerabilities in quantum chemical computation software, thus making the whole ecosystem more reliable and trustworthy.

Publications:
Members:
  • Baojian Hua
  • Pu Ji
  • Feng Qiu