English
Related papers

Related papers: HyPFuzz: Formal-Assisted Processor Fuzzing

200 papers

Network applications are routinely under attack. We consider the problem of developing an effective and efficient fuzzer for the recently ratified QUIC network protocol to uncover security vulnerabilities. QUIC offers a unified transport…

Cryptography and Security · Computer Science 2025-03-26 Kian Kai Ang , Damith C. Ranasinghe

CPUs are becoming more complex with every generation, at both the logical and the physical levels. This potentially leads to more logic bugs and electrical defects in CPUs being overlooked during testing, which causes data corruption or…

Hardware Architecture · Computer Science 2021-10-25 Kostya Serebryany , Maxim Lifantsev , Konstantin Shtoyk , Doug Kwan , Peter Hochschild

Hardware Fuzzing emerged as one of the crucial techniques for finding security flaws in modern hardware designs by testing a wide range of input scenarios. One of the main challenges is creating high-quality input seeds that maximize…

Cryptography and Security · Computer Science 2026-01-27 Raghul Saravanan , Sudipta Paria , Aritra Dasgupta , Swarup Bhunia , Sai Manoj P D

Dynamic analysis and especially fuzzing are challenging tasks for embedded firmware running on modern low-end Microcontroller Units (MCUs) due to performance overheads from instruction emulation, the difficulty of emulating the vast space…

Cryptography and Security · Computer Science 2024-12-18 Florian Hofhammer , Qinying Wang , Atri Bhattacharyya , Majid Salehi , Bruno Crispo , Manuel Egele , Mathias Payer , Marcel Busch

Despite its effectiveness in uncovering software defects, American Fuzzy Lop (AFL), one of the best grey-box fuzzers, is inefficient when fuzz-testing source-unavailable programs. AFL's binary-only fuzzing mode, QEMU-AFL, is typically 2-5X…

Software Engineering · Computer Science 2019-05-28 Yaohui Chen , Dongliang Mu , Jun Xu , Zhichuang Sun , Wenbo Shen , Xinyu Xing , Long Lu , Bing Mao

Cyber-physical systems (CPSs) in critical infrastructure face a pervasive threat from attackers, motivating research into a variety of countermeasures for securing them. Assessing the effectiveness of these countermeasures is challenging,…

Software Engineering · Computer Science 2020-07-17 Yuqi Chen , Bohan Xuan , Christopher M. Poskitt , Jun Sun , Fan Zhang

Fuzzing is one of the most effective technique to identify potential software vulnerabilities. Most of the fuzzers aim to improve the code coverage, and there is lack of directedness (e.g., fuzz the specified path in a software). In this…

Cryptography and Security · Computer Science 2020-10-26 Xiaogang Zhu , Shigang Liu , Xian Li , Sheng Wen , Jun Zhang , Camtepe Seyit , Yang Xiang

Guided fuzzing has, in recent years, been able to uncover many new vulnerabilities in real-world software due to its fast input mutation strategies guided by path-coverage. However, most fuzzers are unable to achieve high coverage in deeper…

Software Engineering · Computer Science 2019-10-14 Saahil Ognawala , Fabian Kilger , Alexander Pretschner

Given the growing importance of smart contracts in various applications, ensuring their security and reliability is critical. Fuzzing, an effective vulnerability detection technique, has recently been widely applied to smart contracts.…

Software Engineering · Computer Science 2024-02-06 Shuohan Wu , Zihao Li , Luyi Yan , Weimin Chen , Muhui Jiang , Chenxu Wang , Xiapu Luo , Hao Zhou

SpecFuzz is the first tool that enables dynamic testing for speculative execution vulnerabilities (e.g., Spectre). The key is a novel concept of speculation exposure: The program is instrumented to simulate speculative execution in software…

Cryptography and Security · Computer Science 2020-03-11 Oleksii Oleksenko , Bohdan Trach , Mark Silberstein , Christof Fetzer

Crafting high-quality fuzz drivers not only is time-consuming but also requires a deep understanding of the library. However, the state-of-the-art automatic fuzz driver generation techniques fall short of expectations. While fuzz drivers…

Cryptography and Security · Computer Science 2024-05-30 Yunlong Lyu , Yuxuan Xie , Peng Chen , Hao Chen

Fuzz testing has enjoyed great success at discovering security critical bugs in real software. Recently, researchers have devoted significant effort to devising new fuzzing techniques, strategies, and algorithms. Such new ideas are…

Cryptography and Security · Computer Science 2018-10-22 George Klees , Andrew Ruef , Benji Cooper , Shiyi Wei , Michael Hicks

Binary-only fuzzing often struggles with achieving thorough code coverage and uncovering hidden vulnerabilities due to limited insight into a program's internal dataflows. Traditional grey-box fuzzers guide test case generation primarily…

Software Engineering · Computer Science 2025-09-08 Kai Feng , Jeremy Singer , Angelos K Marnerides

The rise of smart devices in critical domains--including automotive, medical, industrial--demands robust firmware testing. Fuzzing firmware in re-hosted environments is a promising method for automated testing at scale, but remains…

Cryptography and Security · Computer Science 2026-02-10 Guy Farrelly , Michael Chesser , Seyit Camtepe , Damith C. Ranasinghe

Nested virtualization is now widely supported by major cloud vendors, allowing users to leverage virtualization-based technologies in the cloud. However, supporting nested virtualization significantly increases host hypervisor complexity…

Operating Systems · Computer Science 2025-12-10 Reima Ishii , Takaaki Fukai , Takahiro Shinagawa

Modern processor advancements have introduced security risks, particularly in the form of microarchitectural timing attacks. High-profile attacks such as Meltdown and Spectre have revealed critical flaws, compromising the entire system's…

Cryptography and Security · Computer Science 2024-10-23 Congcong Chen , Jinhua Cui , Jiliang Zhang

SystemC-based virtual prototypes have emerged as widely adopted tools to test software ahead of hardware availability, reducing the time-to-market and improving software reliability. Recently, fuzzing has become a popular method for…

Software Engineering · Computer Science 2025-09-04 Chiara Ghinami , Jonas Winzer , Nils Bosbach , Lennart M. Reimann , Lukas Jünger , Simon Wörner , Rainer Leupers

Grey box fuzzing is one of the most successful methods for automatic vulnerability detection. However,conventional Grey box Fuzzers like AFL can open perform fuzzing against the whole input and spend more time on smaller seeds with lower…

Cryptography and Security · Computer Science 2022-03-31 Linlin Zhang , Ning Luo

As mobile networks transition to 5G infrastructure, ensuring robust security becomes more important due to the complex architecture and expanded attack surface. Traditional security testing approaches for 5G networks rely on black-box…

Cryptography and Security · Computer Science 2026-02-26 Yu Wang , Yang Xiang , Chandra Thapa , Hajime Suzuki

We present Harvey, an industrial greybox fuzzer for smart contracts, which are programs managing accounts on a blockchain. Greybox fuzzing is a lightweight test-generation approach that effectively detects bugs and security vulnerabilities.…

Software Engineering · Computer Science 2019-05-17 Valentin Wüstholz , Maria Christakis