English
Related papers

Related papers: ODDFUZZ: Discovering Java Deserialization Vulnerab…

200 papers

Java (de)serialization is prone to causing security-critical vulnerabilities that attackers can invoke existing methods (gadgets) on the application's classpath to construct a gadget chain to perform malicious behaviors. Several techniques…

Cryptography and Security · Computer Science 2023-04-05 Sicong Cao , Xiaobing Sun , Xiaoxue Wu , Lili Bo , Bin Li , Rongxin Wu , Wei Liu , Biao He , Yu Ouyang , Jiajia Li

Contemporary fuzz testing techniques focus on identifying memory corruption vulnerabilities that allow adversaries to achieve either remote code execution or information disclosure. Meanwhile, Algorithmic Complexity (AC)vulnerabilities,…

Cryptography and Security · Computer Science 2020-02-18 William Blair , Andrea Mambretti , Sajjad Arshad , Michael Weissbacher , William Robertson , Engin Kirda , Manuel Egele

Developers utilize third-party libraries to improve productivity, which also introduces potential security risks. Existing approaches generate tests for public functions to trigger library vulnerabilities from client programs, yet they…

Cryptography and Security · Computer Science 2026-04-07 Yukai Zhao , Menghan Wu , Xing Hu , Shaohua Wang , Meng Luo , Xin Xia

Nowadays, an increasing number of applications uses deserialization. This technique, based on rebuilding the instance of objects from serialized byte streams, can be dangerous since it can open the application to attacks such as remote code…

Cryptography and Security · Computer Science 2022-08-18 Imen Sayar , Alexandre Bartel , Eric Bodden , Yves Le Traon

Directed greybox fuzzing (DGF) can quickly discover or reproduce bugs in programs by seeking to reach a program location or explore some locations in order. However, due to their static stage division and coarse-grained energy scheduling,…

Cryptography and Security · Computer Science 2022-07-01 Hongliang Liang , Xianglin Cheng , Jie Liu , Jin Li

Hardware Fuzzing emerged as one of the crucial techniques for finding security flaws in modern hardware designs by testing a wide range of input scenarios. One of the main challenges is creating high-quality input seeds that maximize…

Cryptography and Security · Computer Science 2026-01-27 Raghul Saravanan , Sudipta Paria , Aritra Dasgupta , Swarup Bhunia , Sai Manoj P D

Inter-app communication is a mandatory and security-critical functionality of operating systems, such as Android. On the application level, Android implements this facility through Intents, which can also transfer non-primitive objects…

Cryptography and Security · Computer Science 2025-02-13 Bruno Kreyssig , Timothée Riom , Sabine Houy , Alexandre Bartel , Patrick McDaniel

Patch fuzzing is a technique aimed at identifying vulnerabilities that arise from newly patched code. While researchers have made efforts to apply patch fuzzing to testing JavaScript engines with considerable success, these efforts have…

Cryptography and Security · Computer Science 2025-05-02 Junjie Wang , Yuhan Ma , Xiaofei Xie , Xiaoning Du , Xiangwei Zhang

Side-channel attacks allow an adversary to uncover secret program data by observing the behavior of a program with respect to a resource, such as execution time, consumed memory or response size. Side-channel vulnerabilities are difficult…

Cryptography and Security · Computer Science 2019-02-27 Shirin Nilizadeh , Yannic Noller , Corina S. Pasareanu

The increasing complexity of modern processors poses many challenges to existing hardware verification tools and methodologies for detecting security-critical bugs. Recent attacks on processors have shown the fatal consequences of…

Cryptography and Security · Computer Science 2022-01-26 Aakash Tyagi , Addison Crump , Ahmad-Reza Sadeghi , Garrett Persyn , Jeyavijayan Rajendran , Patrick Jauernig , Rahul Kande

Modern hardware systems, driven by demands for high performance and application-specific functionality, have grown increasingly complex, introducing large surfaces for bugs and security-critical vulnerabilities. Fuzzing has emerged as a…

Cryptography and Security · Computer Science 2025-12-29 Lichao Wu , Mohamadreza Rostami , Huimin Li , Nikhilesh Singh , Ahmad-Reza Sadeghi

Fuzzing is one of the most effective technique to identify potential software vulnerabilities. Most of the fuzzers aim to improve the code coverage, and there is lack of directedness (e.g., fuzz the specified path in a software). In this…

Cryptography and Security · Computer Science 2020-10-26 Xiaogang Zhu , Shigang Liu , Xian Li , Sheng Wen , Jun Zhang , Camtepe Seyit , Yang Xiang

Java deserialization gadget chains are a well-researched critical software weakness. The vast majority of known gadget chains rely on gadgets from software dependencies. Furthermore, it has been shown that small code changes in dependencies…

Cryptography and Security · Computer Science 2025-04-30 Bruno Kreyssig , Sabine Houy , Timothée Riom , Alexandre Bartel

Fuzzing is a technique of finding bugs by executing a software recurrently with a large number of abnormal inputs. Most of the existing fuzzers consider all parts of a software equally, and pay too much attention on how to improve the code…

Cryptography and Security · Computer Science 2019-01-07 Yuwei Li , Shouling Ji , Chenyang Lv , Yuan Chen , Jianhai Chen , Qinchen Gu , Chunming Wu

Directed greybox fuzzing (DGF) focuses on efficiently reaching specific program locations or triggering particular behaviors, making it essential for tasks like vulnerability detection and crash reproduction. However, existing methods often…

Cryptography and Security · Computer Science 2025-05-07 Hanxiang Xu , Yanjie Zhao , Haoyu Wang

In recent years, there has been a notable surge in attention towards hardware security, driven by the increasing complexity and integration of processors, SoCs, and third-party IPs aimed at delivering advanced solutions. However, this…

Cryptography and Security · Computer Science 2024-03-20 Raghul Saravanan , Sai Manoj Pudukotai Dinakarrao

Grey-box fuzz testing has revealed thousands of vulnerabilities in real-world software owing to its lightweight instrumentation, fast coverage feedback, and dynamic adjusting strategies. However, directly applying grey-box fuzzing to…

Software Engineering · Computer Science 2020-08-03 Hongxu Chen , Shengjian Guo , Yinxing Xue , Yulei Sui , Cen Zhang , Yuekang Li , Haijun Wang , Yang Liu

Directed greybox fuzzing (DGF) aims to efficiently trigger bugs at specific target locations by prioritizing seeds whose execution paths are more likely to reach the targets. However, existing DGF approaches suffer from imprecise potential…

Cryptography and Security · Computer Science 2026-02-03 Yifan Zhang , Xin Zhang

Binary-only fuzzing often struggles with achieving thorough code coverage and uncovering hidden vulnerabilities due to limited insight into a program's internal dataflows. Traditional grey-box fuzzers guide test case generation primarily…

Software Engineering · Computer Science 2025-09-08 Kai Feng , Jeremy Singer , Angelos K Marnerides

Greybox fuzzing is a scalable and practical approach for software testing. Most greybox fuzzing tools are coverage-guided as reaching high code coverage is more likely to find bugs. However, since most covered codes may not contain bugs,…

Cryptography and Security · Computer Science 2023-11-22 Pengfei Wang , Xu Zhou , Tai Yue , Peihong Lin , Yingying Liu , Kai Lu
‹ Prev 1 2 3 10 Next ›