English
Related papers

Related papers: Binary-level Directed Fuzzing for Use-After-Free V…

200 papers

Timing vulnerabilities in processors have emerged as a potent threat. As processors are the foundation of any computing system, identifying these flaws is imperative. Recently fuzzing techniques, traditionally used for detecting software…

Smart contracts are Turing-complete programs that are executed across a blockchain. Unlike traditional programs, once deployed, they cannot be modified. As smart contracts carry more value, they become more of an exciting target for…

Cryptography and Security · Computer Science 2021-03-11 Christof Ferreira Torres , Antonio Ken Iannillo , Arthur Gervais , Radu State

Fuzzing is an important dynamic program analysis technique designed for finding vulnerabilities in complex software. Fuzzing involves presenting a target program with crafted malicious input to cause crashes, buffer overflows, memory…

Coverage-guided fuzzing's aggressive, high-volume testing has helped reveal tens of thousands of software security flaws. While executing billions of test cases mandates fast code coverage tracing, the nature of binary-only targets leads to…

Cryptography and Security · Computer Science 2022-09-09 Stefan Nagy , Anh Nguyen-Tuong , Jason D. Hiser , Jack W. Davidson , Matthew Hicks

As the complexity of modern processors has increased over the years, developing effective verification strategies to identify bugs prior to manufacturing has become critical. Undiscovered micro-architectural bugs in processors can manifest…

Autonomous driving has become real; semi-autonomous driving vehicles in an affordable price range are already on the streets, and major automotive vendors are actively developing full self-driving systems to deploy them in this decade.…

Robotics · Computer Science 2022-11-04 Seulbae Kim , Major Liu , Junghwan "John" Rhee , Yuseok Jeon , Yonghwi Kwon , Chung Hwan Kim

A code-level backdoor is a hidden access, programmed and concealed within the code of a program. For instance, hard-coded credentials planted in the code of a file server application would enable maliciously logging into all deployed…

Cryptography and Security · Computer Science 2025-05-14 Dimitri Kokkonis , Michaël Marcozzi , Emilien Decoux , Stefano Zacchiroli

Many business processes currently depend on web services, often using REST APIs for communication. REST APIs expose web service functionality through endpoints, allowing easy client interaction over the Internet. To reduce the security risk…

Software Engineering · Computer Science 2026-03-26 Thomas Rooijakkers , Anne Nijsten , Cristian Daniele , Erieke Weitenberg , Ringo Groenewegen , Arthur Melissen

Fuzzing is a highly effective automated testing method for uncovering software vulnerabilities. Despite advances in fuzzing techniques, such as coverage-guided greybox fuzzing, many fuzzers struggle with coverage plateaus caused by fuzz…

Software Engineering · Computer Science 2025-10-07 Wentao Gao , Renata Borovica-Gajic , Sang Kil Cha , Tian Qiu , Van-Thuan Pham

Fuzzing has become a widely adopted technique for vulnerability discovery, yet it remains ineffective for structured-input programs due to strict syntactic constraints and limited semantic awareness. Traditional greybox fuzzers rely on…

Cryptography and Security · Computer Science 2026-04-21 Yihao Zou , Tianming Zheng , Futai Zou , Yue Wu

Mutation-based fuzzing is popular and effective in discovering unseen code and exposing bugs. However, only a few studies have concentrated on quantifying the importance of input bytes, which refers to the degree to which a byte contributes…

Cryptography and Security · Computer Science 2023-10-24 Kunpeng Zhang , Xiaogang Zhu , Xi Xiao , Minhui Xue , Chao Zhang , Sheng Wen

Fuzz Testing is a largely automated testing technique that provides random and unexpected input to a program in attempt to trigger failure conditions. Much of the research conducted thus far into Fuzz Testing has focused on developing…

Software Engineering · Computer Science 2019-07-30 Matthew Kelly , Christoph Treude , Alex Murray

Fuzzing has proven to be a highly effective approach to uncover software bugs over the past decade. After AFL popularized the groundbreaking concept of lightweight coverage feedback, the field of fuzzing has seen a vast amount of scientific…

Fuzzing is highly effective in detecting bugs due to the key contribution of randomness. However, randomness significantly reduces the efficiency of fuzzing, causing it to cost days or weeks to expose bugs. Even though directed fuzzing…

Software Engineering · Computer Science 2025-07-31 Xiaotao Feng , Xiaogang Zhu , Kun Hu , Jincheng Wang , Yingjie Cao , Guang Gong , Jianfeng Pan

Software's pervasive impact and increasing reliance in the era of digital transformation raise concerns about vulnerabilities, emphasizing the need for software security. Fuzzy testing is a dynamic analysis software testing technique that…

Software Engineering · Computer Science 2024-07-22 Tiago Dias , Eva Maia , Isabel Praça

Fuzzing is a powerful technique for finding bugs in software libraries, but scaling it remains difficult. Automated harness generation commits to fixed API sequences at synthesis time, limiting the behaviors each harness can test.…

Software Engineering · Computer Science 2026-02-24 Harrison Green , Fraser Brown , Claire Le Goues

Traffic Steering (TS) dynamically allocates user traffic across cells to enhance Quality of Experience (QoE), load balance, and spectrum efficiency in 5G networks. However, TS algorithms remain vulnerable to adversarial conditions such as…

Signal Processing · Electrical Eng. & Systems 2026-02-17 Seyed Bagher Hashemi Natanzi , Hossein Mohammadi , Bo Tang , Vuk Marojevic

Fuzz testing has enjoyed great success at discovering security critical bugs in real software. Recently, researchers have devoted significant effort to devising new fuzzing techniques, strategies, and algorithms. Such new ideas are…

Cryptography and Security · Computer Science 2018-10-22 George Klees , Andrew Ruef , Benji Cooper , Shiyi Wei , Michael Hicks

Fuzzing is the process of finding security vulnerabilities in input-processing code by repeatedly testing the code with modified inputs. In this paper, we formalize fuzzing as a reinforcement learning problem using the concept of Markov…

Artificial Intelligence · Computer Science 2018-01-16 Konstantin Böttinger , Patrice Godefroid , Rishabh Singh

Modern fuzzers scale to large, real-world software but often fail to exercise the program states developers consider most fragile or security-critical. Such states are typically deep in the execution space, gated by preconditions, or…

Cryptography and Security · Computer Science 2026-02-12 Viet Hoang Luu , Amirmohammad Pasdar , Wachiraphan Charoenwet , Toby Murray , Shaanan Cohney , Van-Thuan Pham