English
Related papers

Related papers: Binary-level Directed Fuzzing for Use-After-Free V…

200 papers

Emulation-based fuzzers enable testing binaries without source code, and facilitate testing embedded applications where automated execution on the target hardware architecture is difficult and slow. The instrumentation techniques added to…

Cryptography and Security · Computer Science 2023-06-22 Michael Chesser , Surya Nepal , Damith C. Ranasinghe

Fuzzing consists of repeatedly testing an application with modified, or fuzzed, inputs with the goal of finding security vulnerabilities in input-parsing code. In this paper, we show how to automate the generation of an input grammar…

Artificial Intelligence · Computer Science 2017-01-26 Patrice Godefroid , Hila Peleg , Rishabh Singh

The emerging data-intensive applications are increasingly dependent on data-intensive scalable computing (DISC) systems, such as Apache Spark, to process large data. Despite their popularity, DISC applications are hard to test. In recent…

Software Engineering · Computer Science 2021-03-10 Qian Zhang , Jiyuan Wang , Muhammad Ali Gulzar , Rohan Padhye , Miryung Kim

Fuzzing has proven to be a fundamental technique to automated software testing but also a costly one. With the increased adoption of CI/CD practices in software development, a natural question to ask is `What are the best ways to integrate…

Software Engineering · Computer Science 2022-06-08 Thijs Klooster , Fatih Turkmen , Gerben Broenink , Ruben ten Hove , Marcel Böhme

Modern hardware systems, driven by demands for high performance and application-specific functionality, have grown increasingly complex, introducing large surfaces for bugs and security-critical vulnerabilities. Fuzzing has emerged as a…

Cryptography and Security · Computer Science 2025-12-29 Lichao Wu , Mohamadreza Rostami , Huimin Li , Nikhilesh Singh , Ahmad-Reza Sadeghi

Fuzzing has been studied and applied ever since the 1990s. Automated and continuous fuzzing has recently been applied also to open source software projects, including the Linux and BSD kernels. This paper concentrates on the practical…

Software Engineering · Computer Science 2020-02-26 Jukka Ruohonen , Kalle Rindell

Fuzzing has become one of the most effective bug finding approach for software. In recent years, 24*7 continuous fuzzing platforms have emerged to test critical pieces of software, e.g., Linux kernel. Though capable of discovering many bugs…

Cryptography and Security · Computer Science 2021-11-12 Xiaochen Zou , Guoren Li , Weiteng Chen , Hang Zhang , Zhiyun Qian

Computer programs are not executed in isolation, but rather interact with the execution environment which drives the program behaviors. Software validation methods thus need to capture the effect of possibly complex environmental…

Software Engineering · Computer Science 2024-09-04 Ruijie Meng , Gregory J. Duck , Abhik Roychoudhury

Monolithic Firmware is widespread. Unsurprisingly, fuzz testing firmware is an active research field with new advances addressing the unique challenges in the domain. However, understanding and evaluating improvements by deriving metrics…

Cryptography and Security · Computer Science 2026-02-09 Mathew Duong , Michael Chesser , Guy Farrelly , Surya Nepal , Damith C. Ranasinghe

Side-channel attacks allow an adversary to uncover secret program data by observing the behavior of a program with respect to a resource, such as execution time, consumed memory or response size. Side-channel vulnerabilities are difficult…

Cryptography and Security · Computer Science 2019-02-27 Shirin Nilizadeh , Yannic Noller , Corina S. Pasareanu

Deep learning (DL) systems are increasingly applied to safety-critical domains such as autonomous driving cars. It is of significant importance to ensure the reliability and robustness of DL systems. Existing testing methodologies always…

Software Engineering · Computer Science 2018-08-29 Jianmin Guo , Yu Jiang , Yue Zhao , Quan Chen , Jiaguang Sun

Robustness is a key concern for Rust library development because Rust promises no risks of undefined behaviors if developers use safe APIs only. Fuzzing is a practical approach for examining the robustness of programs. However, existing…

Software Engineering · Computer Science 2021-10-25 Jianfeng Jiang , Hui Xu , Yangfan Zhou

The increasing complexity of modern processors poses many challenges to existing hardware verification tools and methodologies for detecting security-critical bugs. Recent attacks on processors have shown the fatal consequences of…

Cryptography and Security · Computer Science 2022-01-26 Aakash Tyagi , Addison Crump , Ahmad-Reza Sadeghi , Garrett Persyn , Jeyavijayan Rajendran , Patrick Jauernig , Rahul Kande

Many assisting exploration strategies have been proposed to assist grey-box fuzzers in exploring program states guarded by tight and complex branch conditions such as equality constraints. Although they have shown promising results in their…

Software Engineering · Computer Science 2024-09-25 Mingyuan Wu , Jiahong Xiang , Kunqiu Chen , Peng DI , Shin Hwei Tan , Heming Cui , Yuqun Zhang

Of coverage-guided fuzzing's three main components: (1) testcase generation, (2) code coverage tracing, and (3) crash triage, code coverage tracing is a dominant source of overhead. Coverage-guided fuzzers trace every testcase's code…

Cryptography and Security · Computer Science 2019-01-30 Stefan Nagy , Matthew Hicks

Deep Learning (DL) library bugs affect downstream DL applications, emphasizing the need for reliable systems. Generating valid input programs for fuzzing DL libraries is challenging due to the need for satisfying both language…

Software Engineering · Computer Science 2023-04-05 Yinlin Deng , Chunqiu Steven Xia , Chenyuan Yang , Shizhuo Dylan Zhang , Shujing Yang , Lingming Zhang

Program fuzzing---providing randomly constructed inputs to a computer program---has proved to be a powerful way to uncover bugs, find security vulnerabilities, and generate test inputs that increase code coverage. In many applications,…

Software Engineering · Computer Science 2020-05-05 Zi Wang , Ben Liblit , Thomas Reps

The eBPF technology in the Linux kernel has been widely adopted for different applications, such as networking, tracing, and security, thanks to the programmability it provides. By allowing user-supplied eBPF programs to be executed…

Cryptography and Security · Computer Science 2023-05-16 Hsin-Wei Hung , Ardalan Amiri Sani

In modern software development, vulnerability detection is crucial due to the inevitability of bugs and vulnerabilities in complex software systems. Effective detection and elimination of these vulnerabilities during the testing phase are…

Cryptography and Security · Computer Science 2025-09-29 Christopher Scherb , Luc Bryan Heitz , Hermann Grieder

In recent years, fuzz testing has proven itself to be one of the most effective techniques for finding correctness bugs and security vulnerabilities in practice. One particular fuzz testing tool, American Fuzzy Lop or AFL, has become…

Software Engineering · Computer Science 2018-07-31 Caroline Lemieux , Koushik Sen