In the era of the internet of things (IoT), software-enabled inter-connected devices are of paramount importance. The embedded systems are very frequently used in both security …
Among the many software testing techniques available today, fuzzing has remained highly popular due to its conceptual simplicity, its low barrier to deployment, and its vast amount of …
Programs that take highly-structured files as inputs normally process inputs in stages: syntax parsing, semantic checking, and application execution. Deep bugs are often hidden in the …
Fuzz testing is a well-known method for efficiently identifying bugs in programs. Unfortunately, when programs that require highly-structured inputs such as interpreters are …
Coverage-based fuzzing is one of the most effective techniques to find vulnerabilities, bugs or crashes. However, existing techniques suffer from the difficulty in exercising the paths that …
In recent years, coverage-based greybox fuzzing has proven itself to be one of the most effective techniques for finding security bugs in practice. Particularly, American Fuzzy Lop …
Embedded devices have become ubiquitous, and they are used in a range of privacy- sensitive and security-critical applications. Most of these devices run proprietary software …
In this paper we present Mayhem, a new system for automatically finding exploitable bugs in binary (ie, executable) programs. Every bug reported by Mayhem is accompanied by a …
This paper presents SAILFISH, a scalable system for automatically finding state- inconsistency bugs in smart contracts. To make the analysis tractable, we introduce a hybrid …