Fuzzing is an effective and widely used technique for finding security bugs and
vulnerabilities in software. It inputs irregular test data into a target program to try to trigger a …

In the era of the internet of things (IoT), software-enabled inter-connected devices are of
paramount importance. The embedded systems are very frequently used in both security …

Among the many software testing techniques available today, fuzzing has remained highly
popular due to its conceptual simplicity, its low barrier to deployment, and its vast amount of …

Programs that take highly-structured files as inputs normally process inputs in stages: syntax
parsing, semantic checking, and application execution. Deep bugs are often hidden in the …

Fuzz testing is a well-known method for efficiently identifying bugs in programs.
Unfortunately, when programs that require highly-structured inputs such as interpreters are …

Coverage-based fuzzing is one of the most effective techniques to find vulnerabilities, bugs
or crashes. However, existing techniques suffer from the difficulty in exercising the paths that …

In recent years, coverage-based greybox fuzzing has proven itself to be one of the most
effective techniques for finding security bugs in practice. Particularly, American Fuzzy Lop …

Embedded devices have become ubiquitous, and they are used in a range of privacy-
sensitive and security-critical applications. Most of these devices run proprietary software …

In this paper we present Mayhem, a new system for automatically finding exploitable bugs in
binary (ie, executable) programs. Every bug reported by Mayhem is accompanied by a …

This paper presents SAILFISH, a scalable system for automatically finding state-
inconsistency bugs in smart contracts. To make the analysis tractable, we introduce a hybrid …