English
Related papers

Related papers: spotFuzzer: Static Instrument and Fuzzing Windows …

200 papers

Recent efforts in practical symbolic execution have successfully mitigated the path-explosion problem to some extent with search-based heuristics and compositional approaches. Similarly, due to an increase in the performance of cheap…

Software Engineering · Computer Science 2017-12-20 Saahil Ognawala , Ana Petrovska , Kristian Beckers

Transient execution vulnerabilities have emerged as a critical threat to modern processors. Hardware fuzzing testing techniques have recently shown promising results in discovering transient execution bugs in large-scale out-of-order…

Hardware Architecture · Computer Science 2025-04-30 Jinyan Xu , Yangye Zhou , Xingzhi Zhang , Yinshuai Li , Qinhan Tan , Yinqian Zhang , Yajin Zhou , Rui Chang , Wenbo Shen

Guided fuzzing has, in recent years, been able to uncover many new vulnerabilities in real-world software due to its fast input mutation strategies guided by path-coverage. However, most fuzzers are unable to achieve high coverage in deeper…

Software Engineering · Computer Science 2019-10-14 Saahil Ognawala , Fabian Kilger , Alexander Pretschner

Dynamic testing or fuzzing of embedded firmware is severely limited by hardware-dependence and poor scalability, partly contributing to the widespread vulnerable IoT devices. We propose a software framework that continuously executes a…

Cryptography and Security · Computer Science 2019-09-27 Bo Feng , Alejandro Mera , Long Lu

Smart contracts are critical financial instruments, and their security is of utmost importance. However, smart contract programs are difficult to fuzz due to the persistent blockchain state behind all transactions. Mutating sequences of…

Cryptography and Security · Computer Science 2023-06-30 Chaofan Shou , Shangyin Tan , Koushik Sen

Program analysis and automated testing have recently become an essential part of SSDLC. Directed greybox fuzzing is one of the most popular automated testing methods that focuses on error detection in predefined code regions. However, it…

Cryptography and Security · Computer Science 2026-02-02 Darya Parygina , Timofey Mezhuev , Daniil Kuts

Combinatorial interaction testing is an important software testing technique that has seen lots of recent interest. It can reduce the number of test cases needed by considering interactions between combinations of input parameters.…

Software Engineering · Computer Science 2018-10-16 Kamal Z. Zamli , Bestoun S. Ahmed , Thair Mahmoud , Wasif Afzal

Grey-box fuzz testing has revealed thousands of vulnerabilities in real-world software owing to its lightweight instrumentation, fast coverage feedback, and dynamic adjusting strategies. However, directly applying grey-box fuzzing to…

Software Engineering · Computer Science 2020-08-03 Hongxu Chen , Shengjian Guo , Yinxing Xue , Yulei Sui , Cen Zhang , Yuekang Li , Haijun Wang , Yang Liu

Dynamic analysis and especially fuzzing are challenging tasks for embedded firmware running on modern low-end Microcontroller Units (MCUs) due to performance overheads from instruction emulation, the difficulty of emulating the vast space…

Cryptography and Security · Computer Science 2024-12-18 Florian Hofhammer , Qinying Wang , Atri Bhattacharyya , Majid Salehi , Bruno Crispo , Manuel Egele , Mathias Payer , Marcel Busch

Fuzzing is a technique of finding bugs by executing a software recurrently with a large number of abnormal inputs. Most of the existing fuzzers consider all parts of a software equally, and pay too much attention on how to improve the code…

Cryptography and Security · Computer Science 2019-01-07 Yuwei Li , Shouling Ji , Chenyang Lv , Yuan Chen , Jianhai Chen , Qinchen Gu , Chunming Wu

Certifiable robustness gives the guarantee that small perturbations around an input to a classifier will not change the prediction. There are two approaches to provide certifiable robustness to adversarial examples: a) explicitly training…

Machine Learning · Computer Science 2025-08-04 Meiyu Zhong , Ravi Tandon

Coverage-guided fuzzers are powerful automated bug-finding tools. They mutate program inputs, observe coverage, and save any input that hits an unexplored path for future mutation. Unfortunately, without knowledge of input formats--for…

Cryptography and Security · Computer Science 2025-07-09 Harrison Green , Claire Le Goues , Fraser Brown

Automatic test generation typically aims to generate inputs that explore new paths in the program under test in order to find bugs. Existing work has, therefore, focused on guiding the exploration toward program parts that are more likely…

Software Engineering · Computer Science 2019-05-20 Valentin Wüstholz , Maria Christakis

Modern hardware systems, driven by demands for high performance and application-specific functionality, have grown increasingly complex, introducing large surfaces for bugs and security-critical vulnerabilities. Fuzzing has emerged as a…

Cryptography and Security · Computer Science 2025-12-29 Lichao Wu , Mohamadreza Rostami , Huimin Li , Nikhilesh Singh , Ahmad-Reza Sadeghi

Directed fuzzing aims to find program inputs that lead to specified target program states. It has broad applications, such as debugging system crashes, confirming reported bugs, and generating exploits for potential vulnerabilities. This…

Cryptography and Security · Computer Science 2025-12-10 Jie Zhu , Chihao Shen , Ziyang Li , Jiahao Yu , Yizheng Chen , Kexin Pei

One of the biggest attack surfaces of embedded systems is their network interfaces, which enable communication with other devices. Unlike their general-purpose counterparts, embedded systems are designed for specialized use cases, resulting…

Cryptography and Security · Computer Science 2025-09-18 Moritz Bley , Tobias Scharnowski , Simon Wörner , Moritz Schloegel , Thorsten Holz

Expressing class specifications via executable constraints is important for various software engineering tasks such as test generation, bug finding and automated debugging, but developers rarely write them. Techniques that infer…

Software Engineering · Computer Science 2022-01-27 Facundo Molina , Marcelo d'Amorim , Nazareno Aguirre

Fuzzing is a widely used technique for detecting software bugs and vulnerabilities. Most popular fuzzers generate new inputs using an evolutionary search to maximize code coverage. Essentially, these fuzzers start with a set of seed inputs,…

Software Engineering · Computer Science 2020-09-14 Dongdong She , Rahul Krishna , Lu Yan , Suman Jana , Baishakhi Ray

Sanitizers provide robust test oracles for various software vulnerabilities. Fuzzing on sanitizer-enabled programs has been the best practice to find software bugs. Since sanitizers need to heavily instrument a target program to insert…

Cryptography and Security · Computer Science 2025-02-13 Ziqiao Kong , Shaohua Li , Heqing Huang , Zhendong Su

Protocol fuzzing is a scalable and cost-effective technique for identifying security vulnerabilities in deployed Internet of Things devices. During their operational phase, IoT devices often run lightweight servers to handle user…

Cryptography and Security · Computer Science 2025-09-12 Priyanka Rushikesh Chaudhary , Rajib Ranjan Maiti