English
Related papers

Related papers: Binary-level Directed Fuzzing for Use-After-Free V…

200 papers

Network-facing applications are commonly exposed to all kinds of attacks, especially when connected to the internet. As a result, web servers like Nginx or client applications such as curl make every effort to secure and harden their code…

Cryptography and Security · Computer Science 2024-09-04 Nils Bars , Moritz Schloegel , Nico Schiller , Lukas Bernhard , Thorsten Holz

We design and implement from scratch a new fuzzer called SIVO that refines multiple stages of grey-box fuzzing. First, SIVO refines data-flow fuzzing in two ways: (a) it provides a new taint inference engine that requires only logarithmic…

Cryptography and Security · Computer Science 2021-07-16 Ivica Nikolic , Radu Mantu , Shiqi Shen , Prateek Saxena

Fuzzing network servers is a technical challenge, since the behavior of the target server depends on its state over a sequence of multiple messages. Existing solutions are costly and difficult to use, as they rely on manually-customized…

Cryptography and Security · Computer Science 2022-10-05 Roberto Natella

Smart contract transactions are increasingly interleaved by cross-contract calls. While many tools have been developed to identify a common set of vulnerabilities, the cross-contract vulnerability is overlooked by existing tools.…

Cryptography and Security · Computer Science 2022-07-01 Yinxing Xue , Jiaming Ye , Wei Zhang , Jun Sun , Lei Ma , Haijun Wang , Jianjun Zhao

Recent research has sought to improve fuzzing performance via parallel computing. However, researchers focus on improving efficiency while ignoring the increasing cost of testing resources. Parallel fuzzing in the distributed environment…

Cryptography and Security · Computer Science 2022-11-16 Xu Zhou , Pengfei Wang , Chenyifan Liu , Tai Yue , Yingying Liu , Congxi Song , Kai Lu , Qidi Yin , Xu Han

Fuzz testing has been used to find bugs in programs since the 1990s, but despite decades of dedicated research, there is still no consensus on which fuzzing techniques work best. One reason for this is the paucity of ground truth: bugs in…

Cryptography and Security · Computer Science 2022-08-24 Joshua Bundt , Andrew Fasano , Brendan Dolan-Gavitt , William Robertson , Tim Leek

Modern CPUs are black boxes, proprietary, and increasingly characterized by sophisticated microarchitectural flaws that evade traditional analysis. While some of these critical vulnerabilities have been uncovered through cumbersome manual…

Cryptography and Security · Computer Science 2026-01-09 Johannes Lenzen , Mohamadreza Rostami , Lichao Wu , Ahmad-Reza Sadeghi

Grammar-based fuzzing is a technique used to find software vulnerabilities by injecting well-formed inputs generated following rules that encode application semantics. Most grammar-based fuzzers for network protocols rely on human experts…

Cryptography and Security · Computer Science 2021-01-26 Samuel Jero , Maria Leonor Pacheco , Dan Goldwasser , Cristina Nita-Rotaru

Modern compilers, such as LLVM, are complex pieces of software. Due to their complexity, manual testing is unlikely to suffice, yet formal verification is difficult to scale. End-to-end fuzzing can be used, but it has difficulties in…

Software Engineering · Computer Science 2025-07-15 Yuyang Rong , Zhanghan Yu , Zhenkai Weng , Stephen Neuendorffer , Hao Chen

Fuzz testing, or "fuzzing," refers to a widely deployed class of techniques for testing programs by generating a set of inputs for the express purpose of finding bugs and identifying security flaws. Grey-box fuzzing, the most popular…

Artificial Intelligence · Computer Science 2018-08-28 Siddharth Karamcheti , Gideon Mann , David Rosenberg

In company with the data explosion over the past decade, deep neural network (DNN) based software has experienced unprecedented leap and is becoming the key driving force of many novel industrial applications, including many safety-critical…

Software Engineering · Computer Science 2018-11-19 Xiaofei Xie , Lei Ma , Felix Juefei-Xu , Hongxu Chen , Minhui Xue , Bo Li , Yang Liu , Jianjun Zhao , Jianxiong Yin , Simon See

Buffer-overruns are a prevalent vulnerability in software libraries and applications. Fuzz testing is one of the effective techniques to detect vulnerabilities in general. Greybox fuzzers such as AFL automatically generate a sequence of…

Software Engineering · Computer Science 2021-04-22 Raveendra Kumar Medicherla , Malathy Nagalakshmi , Tanya Sharma , Raghavan Komondoor

Fuzz testing, or fuzzing, has become one of the de facto standard techniques for bug finding in the software industry. In general, fuzzing provides various inputs to the target program to discover unhandled exceptions and crashes. In…

Software Engineering · Computer Science 2021-09-20 Yifan Wang , Yuchen Zhang , Chengbin Pang , Peng Li , Nikolaos Triandopoulos , Jun Xu

Transient execution vulnerabilities have emerged as a critical threat to modern processors. Hardware fuzzing testing techniques have recently shown promising results in discovering transient execution bugs in large-scale out-of-order…

Hardware Architecture · Computer Science 2025-04-30 Jinyan Xu , Yangye Zhou , Xingzhi Zhang , Yinshuai Li , Qinhan Tan , Yinqian Zhang , Yajin Zhou , Rui Chang , Wenbo Shen

Ensuring the correctness of compiler optimizations is critical, but existing fuzzers struggle to test optimizations effectively. First, most fuzzers use optimization pipelines (heuristics-based, fixed sequences of passes) as their harness.…

Software Engineering · Computer Science 2025-12-05 Zitong Zhou , Ben Limpanukorn , Hong Jin Kang , Jiyuan Wang , Yaoxuan Wu , Akos Kiss , Renata Hodovan , Miryung Kim

Fuzzers and static analyzers find many bugs but struggle with logic bugs in mature codebases. Triggering such a bug often requires multi-step reasoning that produces no distinctive execution feedback, and variants can appear across…

Cryptography and Security · Computer Science 2026-05-12 Junyoung Park , Insu Yun

Proof-of-Vulnerability (PoV) input generation is a critical task in software security and supports downstream applications such as path generation and validation. Generating a PoV input requires solving two sets of constraints: (1)…

Cryptography and Security · Computer Science 2025-12-05 Haochen Zeng , Andrew Bao , Jiajun Cheng , Chengyu Song

Effective fuzzing of programs that process structured binary inputs, such as multimedia files, is a challenging task, since those programs expect a very specific input format. Existing fuzzers, however, are mostly format-agnostic, which…

Software Engineering · Computer Science 2023-09-28 Rafael Dutra , Rahul Gopinath , Andreas Zeller

Reversible debuggers have been developed at least since 1970. Such a feature is useful when the cause of a bug is close in time to the bug manifestation. When the cause is far back in time, one resorts to setting appropriate breakpoints in…

Software Engineering · Computer Science 2012-12-21 Kapil Arya , Tyler Denniston , Ana-Maria Visan , Gene Cooperman

Unmanned Aerial Vehicles (UAVs) are an emerging computation platform known for their safety-critical need. In this paper, we conduct an empirical study on a widely used open-source UAV software framework, Paparazzi, with the goal of…

Software Engineering · Computer Science 2021-02-16 Xiaozhou Liang , John Henry Burns , Joseph Sanchez , Karthik Dantu , Lukasz Ziarek , Yu David Liu