中文
相关论文

相关论文: OverrideFuzz: Semantic-Aware Grammar Fuzzing for S…

200 篇论文

Fuzzing is a widely used technique for detecting vulnerabilities in smart contracts, which generates transaction sequences to explore the execution paths of smart contracts. However, existing fuzzers are falling short in detecting…

密码学与安全 · 计算机科学 2025-11-18 Jie Chen , Liangmin Wang

Fuzzing is one of the key techniques for evaluating the robustness of programs against attacks. Fuzzing has to be effective in producing inputs that cover functionality and find vulnerabilities. But it also has to be efficient in producing…

软件工程 · 计算机科学 2019-11-19 Rahul Gopinath , Andreas Zeller

Network protocols are the foundation of modern communication, yet their implementations often contain semantic vulnerabilities stemming from inadequate understanding of specification semantics. Existing gray-box and black-box testing…

密码学与安全 · 计算机科学 2026-03-09 Yanbang Sun , Quan Luo , Yuelin Wang , Qian Chen , Benjin Liu , Ruiqi Chen , Qing Huang , Xiaohong Li , Junjie Wang

Processor designs rely on iterative modifications and reuse well-established designs. However, this reuse of prior designs also leads to similar vulnerabilities across multiple processors. As processors grow increasingly complex with…

密码学与安全 · 计算机科学 2025-12-09 Chen Chen , Zaiyan Xu , Mohamadreza Rostami , David Liu , Dileep Kalathil , Ahmad-Reza Sadeghi , Jeyavijayan Rajendran

While AI-coding assistants accelerate software development, current testing frameworks struggle to keep pace with the resulting volume of AI-generated code. Traditional fuzzing techniques often allocate resources uniformly and lack semantic…

软件工程 · 计算机科学 2026-02-13 Ziyi Yang , Kalit Inani , Keshav Kabra , Vima Gupta , Anand Padmanabha Iyer

Software fuzzing has become a cornerstone in automated vulnerability discovery, yet existing mutation strategies often lack semantic awareness, leading to redundant test cases and slow exploration of deep program states. In this work, I…

密码学与安全 · 计算机科学 2025-11-07 Shiyin Lin

A fuzzer provides randomly generated inputs to a targeted software to expose erroneous behavior. To efficiently detect defects, generated inputs should conform to the structure of the input format and thus, grammars can be used to generate…

软件工程 · 计算机科学 2020-08-05 Martin Eberlein , Yannic Noller , Thomas Vogel , Lars Grunske

As the complexity of modern processors has increased over the years, developing effective verification strategies to identify bugs prior to manufacturing has become critical. Undiscovered micro-architectural bugs in processors can manifest…

Fuzzing is effective for vulnerability discovery but struggles with complex targets such as compilers, interpreters, and database engines, which accept textual input that must satisfy intricate syntactic and semantic constraints. Although…

密码学与安全 · 计算机科学 2025-09-26 Jiayi Lin , Liangcai Su , Junzhe Li , Chenxiong Qian

Multi-robot swarms play an essential role in complex missions including battlefield reconnaissance, agricultural pest monitoring, as well as disaster search and rescue. Unfortunately, given the complexity of swarm algorithms, logical…

密码学与安全 · 计算机科学 2025-10-06 Ruoyu Zhou , Zhiwei Zhang , Haocheng Han , Xiaodong Zhang , Zehan Chen , Jun Sun , Yulong Shen , Dehai Xu

Fuzzing has become a popular technique for automatically detecting vulnerabilities and bugs by generating unexpected inputs. In recent years, the fuzzing process has been integrated into continuous integration workflows (i.e., continuous…

软件工程 · 计算机科学 2026-02-06 Tatsuya Shirai , Olivier Nourry , Yutaro Kashiwa , Kenji Fujiwara , Hajimu Iida

Large Language Models (LLMs) have gained widespread use in various applications due to their powerful capability to generate human-like text. However, prompt injection attacks, which involve overwriting a model's original instructions with…

密码学与安全 · 计算机科学 2025-04-07 Jiahao Yu , Yangguang Shao , Hanwen Miao , Junzheng Shi

Firmware serves as the critical interface between hardware and software in computing systems, making any bugs or vulnerabilities particularly dangerous as they can cause catastrophic system failures. While fuzzing is a promising approach…

密码学与安全 · 计算机科学 2026-02-03 Dakshina Tharindu , Aruna Jayasena , Prabhat Mishra

Fuzzing is a widely used software security testing technique that is designed to identify vulnerabilities in systems by providing invalid or unexpected input. Continuous fuzzing systems like OSS-FUZZ have been successful in finding security…

密码学与安全 · 计算机科学 2023-07-04 Chaitanya Rahalkar

Fuzzing continues to be the most effective method for identifying security vulnerabilities in software. In the context of fuzz testing, the fuzzer supplies varied inputs to fuzz targets, which are designed to comprehensively exercise…

软件工程 · 计算机科学 2026-01-21 Chi Thien Tran

Modern fuzzers increasingly use Large Language Models (LLMs) to generate structured inputs, but LLM-driven fuzzing is sensitive to prompt initialization and sampling variance, which can reduce exploration efficiency and lead to redundant…

密码学与安全 · 计算机科学 2026-05-05 Mario Rodríguez Béjar , B. Romera-Paredes , Jose L. Hernández-Ramos

Large Language Models (LLMs) increasingly exhibit over-refusal - erroneously rejecting benign queries due to overly conservative safety measures - a critical functional flaw that undermines their reliability and usability. Current methods…

软件工程 · 计算机科学 2026-05-05 Haonan Zhang , Dongxia Wang , Yi Liu , Kexin Chen , Jiashui Wang , Xinlei Ying , Long Liu , Wenhai Wang

Fuzzing is one of the most effective technique to identify potential software vulnerabilities. Most of the fuzzers aim to improve the code coverage, and there is lack of directedness (e.g., fuzz the specified path in a software). In this…

密码学与安全 · 计算机科学 2020-10-26 Xiaogang Zhu , Shigang Liu , Xian Li , Sheng Wen , Jun Zhang , Camtepe Seyit , Yang Xiang

Code reuse in software development frequently facilitates the spread of vulnerabilities, making the scope of affected software in CVE reports imprecise. Traditional methods primarily focus on identifying reused vulnerability code within…

软件工程 · 计算机科学 2024-11-28 Siyuan Li , Yuekang Li , Zuxin Chen , Chaopeng Dong , Yongpan Wang , Hong Li , Yongle Chen , Hongsong Zhu

PHP, a dominant scripting language in web development, powers a vast range of websites, from personal blogs to major platforms. While existing research primarily focuses on PHP application-level security issues like code injection, memory…

密码学与安全 · 计算机科学 2025-02-05 Yuancheng Jiang , Chuqi Zhang , Bonan Ruan , Jiahao Liu , Manuel Rigger , Roland Yap , Zhenkai Liang
‹ 上一页 1 2 3 10 下一页 ›