English
Related papers

Related papers: Fuzzm: Finding Memory Bugs through Binary-Only Ins…

200 papers

Coverage-based graybox fuzzer (CGF), such as AFL has gained great success in vulnerability detection thanks to its ease-of-use and bug-finding power. Since some code fragments such as memory allocation are more vulnerable than others,…

Cryptography and Security · Computer Science 2021-03-02 Wenshuo Wang , Liang Cheng , Yang Zhang

Firmware serves as the critical interface between hardware and software in computing systems, making any bugs or vulnerabilities particularly dangerous as they can cause catastrophic system failures. While fuzzing is a promising approach…

Cryptography and Security · Computer Science 2026-02-03 Dakshina Tharindu , Aruna Jayasena , Prabhat Mishra

Fuzz testing (or fuzzing) is an effective technique used to find security vulnerabilities. It consists of feeding a software under test with malformed inputs, waiting for a weird system behaviour (often a crash of the system). Over the…

Cryptography and Security · Computer Science 2023-03-14 Marcello Maugeri , Cristian Daniele , Giampaolo Bella , Erik Poll

Library fuzzing is essential for hardening the software supply chain, but adopting it at scale remains expensive. Practitioners still spend substantial effort on environment setup, struggle to generate harnesses that respect intricate API…

Software Engineering · Computer Science 2026-05-15 Yunlong Lyu , Peng Chen , Fengyi Wu , Junzhe Yu , Kit Long Hon , Hao Chen

Processor designs rely on iterative modifications and reuse well-established designs. However, this reuse of prior designs also leads to similar vulnerabilities across multiple processors. As processors grow increasingly complex with…

Cryptography and Security · Computer Science 2025-12-09 Chen Chen , Zaiyan Xu , Mohamadreza Rostami , David Liu , Dileep Kalathil , Ahmad-Reza Sadeghi , Jeyavijayan Rajendran

Fuzzing is one of the most effective technique to identify potential software vulnerabilities. Most of the fuzzers aim to improve the code coverage, and there is lack of directedness (e.g., fuzz the specified path in a software). In this…

Cryptography and Security · Computer Science 2020-10-26 Xiaogang Zhu , Shigang Liu , Xian Li , Sheng Wen , Jun Zhang , Camtepe Seyit , Yang Xiang

Modern computing systems heavily rely on hardware as the root of trust. However, their increasing complexity has given rise to security-critical vulnerabilities that cross-layer at-tacks can exploit. Traditional hardware vulnerability…

Software Engineering · Computer Science 2024-04-11 Mohamadreza Rostami , Marco Chilese , Shaza Zeitouni , Rahul Kande , Jeyavijayan Rajendran , Ahmad-Reza Sadeghi

Fuzzing is an effective technique for discovering software vulnerabilities by generating random test inputs and executing them against the target program. However, fuzzing large and complex programs remains challenging due to difficulties…

Cryptography and Security · Computer Science 2024-06-10 Dongdong She , Adam Storek , Yuchong Xie , Seoyoung Kweon , Prashast Srivastava , Suman Jana

Buffer-overruns are a prevalent vulnerability in software libraries and applications. Fuzz testing is one of the effective techniques to detect vulnerabilities in general. Greybox fuzzers such as AFL automatically generate a sequence of…

Software Engineering · Computer Science 2021-04-22 Raveendra Kumar Medicherla , Malathy Nagalakshmi , Tanya Sharma , Raghavan Komondoor

WebAssembly (Wasm), as a compact, fast, and isolation-guaranteed binary format, can be compiled from more than 40 high-level programming languages. However, vulnerabilities in Wasm binaries could lead to sensitive data leakage and even…

Cryptography and Security · Computer Science 2024-08-19 Ningyu He , Zhehao Zhao , Hanqin Guan , Jikai Wang , Shuo Peng , Ding Li , Haoyu Wang , Xiangqun Chen , Yao Guo

Fuzzing is an automated application vulnerability detection method. For genetic algorithm-based fuzzing, it can mutate the seed files provided by users to obtain a number of inputs, which are then used to test the objective application in…

Cryptography and Security · Computer Science 2019-06-04 Chenyang Lyu , Shouling Ji , Yuwei Li , Junfeng Zhou , Jianhai Chen , Jing Chen

Fuzzing is widely used for detecting bugs and vulnerabilities, with various techniques proposed to enhance its effectiveness. To combine the advantages of multiple technologies, researchers proposed ensemble fuzzing, which integrates…

Software Engineering · Computer Science 2025-07-31 Yukai Zhao , Shaohua Wang , Jue Wang , Xing Hu , Xin Xia

WebAssembly is increasingly used as the compilation target for cross-platform applications. In this paper, we investigate whether one can rely on the security measures enforced by existing C compilers when compiling C programs to…

Cryptography and Security · Computer Science 2021-11-03 Quentin Stiévenart , Coen De Roover , Mohammad Ghafari

Emulation-based fuzzers enable testing binaries without source code, and facilitate testing embedded applications where automated execution on the target hardware architecture is difficult and slow. The instrumentation techniques added to…

Cryptography and Security · Computer Science 2023-06-22 Michael Chesser , Surya Nepal , Damith C. Ranasinghe

Among the many software vulnerability discovery techniques available today, fuzzing has remained highly popular due to its conceptual simplicity, its low barrier to deployment, and its vast amount of empirical evidence in discovering…

Cryptography and Security · Computer Science 2019-04-09 Valentin J. M. Manes , HyungSeok Han , Choongwoo Han , Sang Kil Cha , Manuel Egele , Edward J. Schwartz , Maverick Woo

GPUs play an increasingly important role in modern software. However, the heterogeneous host-device execution model and expanding software stacks make GPU programs prone to memory-safety and concurrency bugs that evade static analysis.…

Cryptography and Security · Computer Science 2026-03-16 Mohamed Tarek Ibn ziad , Christos Kozyrakis

WebAssembly (Wasm) is a low-level binary format for web applications, which has found widespread adoption due to its improved performance and compatibility with existing software. However, the popularity of Wasm has also led to its…

Cryptography and Security · Computer Science 2023-05-25 Nils Loose , Felix Mächtle , Claudius Pott , Volodymyr Bezsmertnyi , Thomas Eisenbarth

Patch fuzzing is a technique aimed at identifying vulnerabilities that arise from newly patched code. While researchers have made efforts to apply patch fuzzing to testing JavaScript engines with considerable success, these efforts have…

Cryptography and Security · Computer Science 2025-05-02 Junjie Wang , Yuhan Ma , Xiaofei Xie , Xiaoning Du , Xiangwei Zhang

In recent years, REST API fuzzing has emerged to explore errors on a cloud service. Its performance highly depends on the sequence construction and request generation. However, existing REST API fuzzers have trouble generating long…

Cryptography and Security · Computer Science 2023-03-07 Chenyang Lyu , Jiacheng Xu , Shouling Ji , Xuhong Zhang , Qinying Wang , Binbin Zhao , Gaoning Pan , Wei Cao , Raheem Beyah

Fuzzing -- whether generating or mutating inputs -- has found many bugs and security vulnerabilities in a wide range of domains. Stateful and highly structured web APIs present significant challenges to traditional fuzzing techniques, as…

Cryptography and Security · Computer Science 2021-12-21 Zac Hatfield-Dodds , Dmitry Dygalo