English
Related papers

Related papers: DifFuzz: Differential Fuzzing for Side-Channel Ana…

200 papers

Side Channel Analysis (SCA) presents a clear threat to privacy and security in modern computing systems. The vast majority of communications are secured through cryptographic algorithms. These algorithms are often provably-secure from a…

Cryptography and Security · Computer Science 2024-02-06 Max Panoff , Honggang Yu , Haoqi Shan , Yier Jin

Nowadays automated dynamic analysis frameworks for continuous testing are in high demand to ensure software safety and satisfy the security development lifecycle (SDL) requirements. The security bug hunting efficiency of cutting-edge hybrid…

Cryptography and Security · Computer Science 2023-03-24 Alexey Vishnyakov , Daniil Kuts , Vlada Logunova , Darya Parygina , Eli Kobrin , Georgy Savidov , Andrey Fedotov

Software fuzzing is a strong testing technique that has become the de facto approach for automated software testing and software vulnerability detection in the industry. The random nature of fuzzing makes monitoring and understanding the…

Software Engineering · Computer Science 2021-12-28 Aftab Hussain , Mohammad Amin Alipour

Fuzz testing (or fuzzing) is an effective technique used to find security vulnerabilities. It consists of feeding a software under test with malformed inputs, waiting for a weird system behaviour (often a crash of the system). Over the…

Cryptography and Security · Computer Science 2023-03-14 Marcello Maugeri , Cristian Daniele , Giampaolo Bella , Erik Poll

Collaborative fuzzing combines multiple individual fuzzers and dynamically chooses appropriate combinations for different programs. Unlike individual fuzzers that rely on specific assumptions, collaborative fuzzing relaxes assumptions on…

Cryptography and Security · Computer Science 2025-07-23 Wenxuan Shi , Hongwei Li , Jiahao Yu , Xinqian Sun , Wenbo Guo , Xinyu Xing

In recent years, fuzzing has been widely applied not only to application software but also to system software, including the Linux kernel and firmware, and has become a powerful technique for vulnerability discovery. Among these approaches,…

Cryptography and Security · Computer Science 2026-03-27 Masami Ichikawa

Directed fuzzing focuses on automatically testing specific parts of the code by taking advantage of additional information such as (partial) bug stack trace, patches or risky operations. Key applications include bug reproduction, patch…

Cryptography and Security · Computer Science 2020-08-18 Manh-Dung Nguyen , Sébastien Bardin , Richard Bonichon , Roland Groz , Matthieu Lemerre

Deep learning (DL) has attracted wide attention and has been widely deployed in recent years. As a result, more and more research efforts have been dedicated to testing DL libraries and frameworks. However, existing work largely overlooked…

Software Engineering · Computer Science 2024-01-02 Chenyuan Yang , Yinlin Deng , Jiayi Yao , Yuxing Tu , Hanchi Li , Lingming Zhang

Over the past few years, deep learning has been getting progressively more popular for the exploitation of side-channel vulnerabilities in embedded cryptographic applications, as it offers advantages in terms of the amount of attack traces…

Cryptography and Security · Computer Science 2023-09-26 Yohaï-Eliel Berreby , Laurent Sauvage

Deep learning (DL) frameworks serve as the backbone for a wide range of artificial intelligence applications. However, bugs within DL frameworks can cascade into critical issues in higher-level applications, jeopardizing reliability and…

Software Engineering · Computer Science 2025-10-20 Shiwen Ou , Yuwei Li , Lu Yu , Chengkun Wei , Tingke Wen , Qiangpu Chen , Yu Chen , Haizhi Tang , Zulie Pan

Side-channel attacks on microprocessors, like the RISC-V, exhibit security vulnerabilities that lead to several design challenges. Hence, it is imperative to study and analyze these security vulnerabilities comprehensively. In this paper,…

Cryptography and Security · Computer Science 2021-06-17 Mahya Morid Ahmadi , Faiq Khalid , Muhammad Shafique

Deep learning (DL) libraries, widely used in AI applications, often contain vulnerabilities like buffer overflows and use-after-free errors. Traditional fuzzing struggles with the complexity and API diversity of DL libraries such as…

Software Engineering · Computer Science 2025-01-09 Kunpeng Zhang , Shuai Wang , Jitao Han , Xiaogang Zhu , Xian Li , Shaohua Wang , Sheng Wen

Cybersecurity continues to be a difficult issue for society especially as the number of networked systems grows. Techniques to protect these systems range from rules-based to artificial intelligence-based intrusion detection systems and…

Cryptography and Security · Computer Science 2022-05-10 Paul Maxwell , David Niblick , Daniel C. Ruiz

Operating Systems enforce logical isolation using abstractions such as processes, containers, and isolation technologies to protect a system from malicious or buggy code. In this paper, we show new types of side channels through the file…

Cryptography and Security · Computer Science 2025-04-29 Cheng Gu , Yicheng Zhang , Nael Abu-Ghazaleh

Vulnerable software represents a tremendous threat to modern information systems. Vulnerabilities in widespread applications may be used to spread malware, steal money and conduct target attacks. To address this problem, developers and…

Cryptography and Security · Computer Science 2018-07-06 Maksim Shudrak , Vyacheslav Zolotarev

SpecFuzz is the first tool that enables dynamic testing for speculative execution vulnerabilities (e.g., Spectre). The key is a novel concept of speculation exposure: The program is instrumented to simulate speculative execution in software…

Cryptography and Security · Computer Science 2020-03-11 Oleksii Oleksenko , Bohdan Trach , Mark Silberstein , Christof Fetzer

Fuzzing is a widely used software security testing technique that is designed to identify vulnerabilities in systems by providing invalid or unexpected input. Continuous fuzzing systems like OSS-FUZZ have been successful in finding security…

Cryptography and Security · Computer Science 2023-07-04 Chaitanya Rahalkar

Cache timing attacks allow third-party observers to retrieve sensitive information from program executions. But, is it possible to automatically check the vulnerability of a program against cache timing attacks and then, automatically…

Software Engineering · Computer Science 2018-07-23 Sudipta Chattopadhyay , Abhik Roychoudhury

Fuzzing is one of the most popular and widely used techniques to find vulnerabilities in any application. Fuzzers are fast enough, but they still spend a good portion of time to restart a crashed application and then fuzz it from the…

Cryptography and Security · Computer Science 2021-12-21 Prashant Singh Chouhan , Gregory Price , Gene Cooperman

Timing side-channel attacks exploit variations in program execution time to recover sensitive information. Cryptographic implementations are especially vulnerable to these attacks, since even small timing differences in operations such as…

Cryptography and Security · Computer Science 2026-04-21 Nges Brian Njungle , Edwin P. Kayang , Mishel J. Paul , Michel A. Kinsy