English
Related papers

Related papers: Contextualizing Sink Knowledge for Java Vulnerabil…

200 papers

Modern hardware systems, driven by demands for high performance and application-specific functionality, have grown increasingly complex, introducing large surfaces for bugs and security-critical vulnerabilities. Fuzzing has emerged as a…

Cryptography and Security · Computer Science 2025-12-29 Lichao Wu , Mohamadreza Rostami , Huimin Li , Nikhilesh Singh , Ahmad-Reza Sadeghi

The art of finding software vulnerabilities has been covered extensively in the literature and there is a huge body of work on this topic. In contrast, the intentional insertion of exploitable, security-critical bugs has received little…

Cryptography and Security · Computer Science 2020-07-07 Jannik Pewny , Thorsten Holz

In vulnerability detection, machine learning has been used as an effective static analysis technique, although it suffers from a significant rate of false positives. Contextually, in vulnerability discovery, fuzzing has been used as an…

Cryptography and Security · Computer Science 2025-05-05 Gianpietro Castiglione , Marcello Maugeri , Giampaolo Bella

Software vulnerabilities continue to undermine the reliability and security of modern systems, particularly as software complexity outpaces the capabilities of traditional detection methods. This study introduces a genetic algorithm-based…

Software Engineering · Computer Science 2025-08-11 Yanusha Mehendran , Maolin Tang , Yi Lu

Vulnerable software represents a tremendous threat to modern information systems. Vulnerabilities in widespread applications may be used to spread malware, steal money and conduct target attacks. To address this problem, developers and…

Cryptography and Security · Computer Science 2018-07-06 Maksim Shudrak , Vyacheslav Zolotarev

Android apps could expose their components for cooperating with other apps. This convenience, however, makes apps susceptible to the exposed component vulnerability (ECV), in which a dangerous API (commonly known as sink) inside its…

Cryptography and Security · Computer Science 2014-05-27 Daoyuan Wu , Xiapu Luo , Rocky K. C. Chang

Command-line interface (CLI) fuzzing tests programs by mutating both command-line options and input file contents, thus enabling discovery of vulnerabilities that only manifest under specific option-input combinations. Prior works of CLI…

Cryptography and Security · Computer Science 2026-03-16 Momoko Shiraishi , Yinzhi Cao , Takahiro Shinagawa

Apps on mobile phones manipulate all sorts of data, including sensitive data, leading to privacy-related concerns. Recent regulations like the European GDPR provide rules for the processing of personal and sensitive data, like that no such…

Cryptography and Security · Computer Science 2023-01-12 Jordan Samhi , Maria Kober , Abdoul Kader Kabore , Steven Arzt , Tegawendé F. Bissyandé , Jacques Klein

Softwarization and virtualization in 5G and beyond require rigorous testing against vulnerabilities and unintended emergent behaviors for critical infrastructure and network security assurance. Formal methods operates efficiently in…

Cryptography and Security · Computer Science 2023-07-13 Jingda Yang , Ying Wang

Previous work has shown that taint analyses are only useful if correctly customized to the context in which they are used. Existing domain-specific languages (DSLs) allow such customization through the definition of deny-listing data-flow…

Programming Languages · Computer Science 2022-04-08 Goran Piskachev , Johannes Späth , Ingo Budde , Eric Bodden

Fuzzing is widely used for software vulnerability detection. There are various kinds of fuzzers with different fuzzing strategies, and most of them perform well on their targets. However, in industry practice and empirical study, the…

Software Engineering · Computer Science 2019-05-07 Yuanliang Chen , Yu Jiang , Fuchen Ma , Jie Liang , Mingzhe Wang , Chijin Zhou , Zhuo Su , Xun Jiao

Securing operating system (OS) kernel is one central challenge in today's cyber security landscape. The cutting-edge testing technique of OS kernel is software fuzz testing. By mutating the program inputs with random variations for…

Cryptography and Security · Computer Science 2023-10-05 Wei Chen , Huaijin Wang , Weixi Gu , Shuai Wang

With the rapid development of the computer industry and computer software, the risk of software vulnerabilities being exploited has greatly increased. However, there are still many shortcomings in the existing mining techniques for leakage…

Artificial Intelligence · Computer Science 2023-03-27 Wen Zhou

As machine learning gains prominence in various sectors of society for automated decision-making, concerns have risen regarding potential vulnerabilities in machine learning (ML) frameworks. Nevertheless, testing these frameworks is a…

Software Engineering · Computer Science 2023-07-13 Zhao Liu , Quanchen Zou , Tian Yu , Xuan Wang , Guozhu Meng , Kai Chen , Deyue Zhang

Over 70% of security vulnerabilities in critical software systems today result from memory safety violations. To address this challenge, fuzzing and static analysis are widely used automated methods to discover such vulnerabilities. Fuzzing…

Cryptography and Security · Computer Science 2026-03-31 Keno Hassler , Philipp Görz , Stephan Lipp

Fuzzing continues to be the most effective method for identifying security vulnerabilities in software. In the context of fuzz testing, the fuzzer supplies varied inputs to fuzz targets, which are designed to comprehensively exercise…

Software Engineering · Computer Science 2026-01-21 Chi Thien Tran

gVisor is a Google-published application-level kernel for containers. As gVisor is lightweight and has sound isolation, it has been widely used in many IT enterprises \cite{Stripe, DigitalOcean, Cloundflare}. When a new vulnerability of the…

Cryptography and Security · Computer Science 2024-09-23 Yuwei Li , Yuan Chen , Shouling Ji , Xuhong Zhang , Guanglu Yan , Alex X. Liu , Chunming Wu , Zulie Pan , Peng Lin

Nowadays automated dynamic analysis frameworks for continuous testing are in high demand to ensure software safety and satisfy the security development lifecycle (SDL) requirements. The security bug hunting efficiency of cutting-edge hybrid…

Cryptography and Security · Computer Science 2023-03-24 Alexey Vishnyakov , Daniil Kuts , Vlada Logunova , Darya Parygina , Eli Kobrin , Georgy Savidov , Andrey Fedotov

Coverage-guided fuzzing has proven effective for software testing, but targeting library code requires specialized fuzz harnesses that translate fuzzer-generated inputs into valid API invocations. Manual harness creation is time-consuming…

Software Engineering · Computer Science 2026-03-10 Nils Loose , Nico Winkel , Kristoffer Hempel , Felix Mächtle , Julian Hans , Thomas Eisenbarth

Recently, many Deep Learning fuzzers have been proposed for testing of DL libraries. However, they either perform unguided input generation (e.g., not considering the relationship between API arguments when generating inputs) or only…

Cryptography and Security · Computer Science 2023-12-27 Nima Shiri Harzevili , Mohammad Mahdi Mohajer , Moshi Wei , Hung Viet Pham , Song Wang