English
Related papers

Related papers: Gray-Box Fuzzing via Gradient Descent and Boolean …

200 papers

BusyBox, an open-source software bundling over 300 essential Linux commands into a single executable, is ubiquitous in Linux-based embedded devices. Vulnerabilities in BusyBox can have far-reaching consequences, affecting a wide array of…

Software Engineering · Computer Science 2025-03-26 Asmita , Yaroslav Oliinyk , Michael Scott , Ryan Tsang , Chongzhou Fang , Houman Homayoun

Coverage guided fuzzing (CGF) is an effective testing technique which has detected hundreds of thousands of bugs from various software applications. It focuses on maximizing code coverage to reveal more bugs during fuzzing. However, a…

Software Engineering · Computer Science 2022-05-03 Ruixiang Qian , Quanjun Zhang , Chunrong Fang , Lihua Guo

Many protocol implementations are reactive systems, where the protocol process is in continuous interaction with other processes and the environment. If a bug can be exposed only in a certain state, a fuzzer needs to provide a specific…

Cryptography and Security · Computer Science 2023-06-06 Jinsheng Ba , Marcel Böhme , Zahra Mirzamomen , Abhik Roychoudhury

Real-world programs expecting structured inputs often has a format-parsing stage gating the deeper program space. Neither a mutation-based approach nor a generative approach can provide a solution that is effective and scalable. Large…

Cryptography and Security · Computer Science 2023-06-13 Jie Hu , Qian Zhang , Heng Yin

A fuzzer provides randomly generated inputs to a targeted software to expose erroneous behavior. To efficiently detect defects, generated inputs should conform to the structure of the input format and thus, grammars can be used to generate…

Software Engineering · Computer Science 2020-08-05 Martin Eberlein , Yannic Noller , Thomas Vogel , Lars Grunske

Grey-box fuzz testing has revealed thousands of vulnerabilities in real-world software owing to its lightweight instrumentation, fast coverage feedback, and dynamic adjusting strategies. However, directly applying grey-box fuzzing to…

Software Engineering · Computer Science 2020-08-03 Hongxu Chen , Shengjian Guo , Yinxing Xue , Yulei Sui , Cen Zhang , Yuekang Li , Haijun Wang , Yang Liu

Hardware Fuzzing emerged as one of the crucial techniques for finding security flaws in modern hardware designs by testing a wide range of input scenarios. One of the main challenges is creating high-quality input seeds that maximize…

Cryptography and Security · Computer Science 2026-01-27 Raghul Saravanan , Sudipta Paria , Aritra Dasgupta , Swarup Bhunia , Sai Manoj P D

Network protocols are the foundation of modern communication, yet their implementations often contain semantic vulnerabilities stemming from inadequate understanding of specification semantics. Existing gray-box and black-box testing…

Cryptography and Security · Computer Science 2026-03-09 Yanbang Sun , Quan Luo , Yuelin Wang , Qian Chen , Benjin Liu , Ruiqi Chen , Qing Huang , Xiaohong Li , Junjie Wang

Graph algorithms, such as shortest path finding, play a crucial role in enabling essential applications and services like infrastructure planning and navigation, making their correctness important. However, thoroughly testing graph…

Software Engineering · Computer Science 2025-02-24 Wenqi Yan , Manuel Rigger , Anthony Wirth , Van-Thuan Pham

As the complexity of logic designs increase, new avenues for testing digital hardware becomes necessary. Fuzz Testing (fuzzing) has recently received attention as a potential candidate for input vector generation on hardware designs. Using…

Hardware Architecture · Computer Science 2023-12-12 Ruochen Dai , Michael Lee , Patrick Hoey , Weimin Fu , Tuba Yavuz , Xiaolong Guo , Shuo Wang , Dean Sullivan , Orlando Arias

Testing ultra-large microservices-based FinTech systems presents significant challenges, including restricted access to production environments, complex dependencies, and stringent security constraints. We propose SandBoxFuzz, a scalable…

Software Engineering · Computer Science 2025-04-29 Jiazhao Yu , Yanlun Tu , Zhanlei Zhang , Tiehua Zhang , Cheng Xu , Weigang Wu , Hong Jin Kang , Xi Zheng

Dynamic data flow analysis has been widely used to guide greybox fuzzing. However, traditional dynamic data flow analysis tends to go astray in the massive path tracking and requires to process a large volume of data, resulting in low…

Cryptography and Security · Computer Science 2023-03-28 Xiaofan Li , Xuan Li , Guangfa Lv , Yongzheng Zhang , Fengyu Wang

Program analysis and automated testing have recently become an essential part of SSDLC. Directed greybox fuzzing is one of the most popular automated testing methods that focuses on error detection in predefined code regions. However, it…

Cryptography and Security · Computer Science 2026-02-02 Darya Parygina , Timofey Mezhuev , Daniil Kuts

Grey-box fuzzing is the lightweight approach of choice for finding bugs in sequential programs. It provides a balance between efficiency and effectiveness by conducting a biased random search over the domain of program inputs using a…

Software Engineering · Computer Science 2023-08-15 Ruijie Meng , George Pîrlea , Abhik Roychoudhury , Ilya Sergey

Fuzz testing has enjoyed great success at discovering security critical bugs in real software. Recently, researchers have devoted significant effort to devising new fuzzing techniques, strategies, and algorithms. Such new ideas are…

Cryptography and Security · Computer Science 2018-10-22 George Klees , Andrew Ruef , Benji Cooper , Shiyi Wei , Michael Hicks

Coverage-based graybox fuzzer (CGF), such as AFL has gained great success in vulnerability detection thanks to its ease-of-use and bug-finding power. Since some code fragments such as memory allocation are more vulnerable than others,…

Cryptography and Security · Computer Science 2021-03-02 Wenshuo Wang , Liang Cheng , Yang Zhang

Fuzzing is a widely used technique for detecting software bugs and vulnerabilities. Most popular fuzzers generate new inputs using an evolutionary search to maximize code coverage. Essentially, these fuzzers start with a set of seed inputs,…

Software Engineering · Computer Science 2020-09-14 Dongdong She , Rahul Krishna , Lu Yan , Suman Jana , Baishakhi Ray

Objective: Machine learning (ML) models are increasingly used to generate electrical stimulation patterns in neuroprosthetic devices such as visual prostheses. While these models promise precise and personalized control, they also introduce…

Software Engineering · Computer Science 2025-12-08 Mara Downing , Matthew Peng , Jacob Granley , Michael Beyeler , Tevfik Bultan

Coverage-based greybox fuzzing (CGF) is one of the most successful methods for automated vulnerability detection. Given a seed file (as a sequence of bits), CGF randomly flips, deletes or bits to generate new files. CGF iteratively…

Cryptography and Security · Computer Science 2020-05-22 Van-Thuan Pham , Marcel Böhme , Andrew E. Santosa , Alexandru Răzvan Căciulescu , Abhik Roychoudhury

Software fuzzing is a strong testing technique that has become the de facto approach for automated software testing and software vulnerability detection in the industry. The random nature of fuzzing makes monitoring and understanding the…

Software Engineering · Computer Science 2021-12-28 Aftab Hussain , Mohammad Amin Alipour