Fuzzing has proven to be a highly effective approach to uncover software bugs over the past
decade. After AFL popularized the groundbreaking concept of lightweight coverage …

Coverage-guided fuzz testing (" fuzzing") has become mainstream and we have observed
lots of progress in this research area recently. However, it is still challenging to efficiently test …

Intel's Software Guard Extensions (SGX) provide a nonintrospectable trusted execution
environment (TEE) to protect security-critical code from a potentially malicious OS. This …

TCP stacks provide reliable data transmission in network, and thus they should be correctly
implemented and well tested to ensure reliability and security. However, testing TCP stacks …

With the wide application and deployment of cloud computing in enterprises, virtualization
developers and security researchers are paying more attention to cloud computing security …

Random-based approaches and heuristics are commonly used in kernel concurrency
testing due to the massive scale of modern kernels and corresponding interleaving space …

Coverage-guided fuzzing is one of the most effective approaches for discovering software
defects and vulnerabilities. It executes all mutated tests from seed inputs to expose coverage …

Common network protocol fuzzers use complex grammars for fuzzing clients and servers
with a (semi-) correct input for the server. In contrast, feedback-guided fuzzers learn their …

Peripheral hardware in modern computers is typically assumed to be secure and not
malicious, and device drivers are implemented in a way that trusts inputs from hardware …

Direct Memory Access (DMA) is a popular mechanism for improving hardware I/O
performance, and it has been widely used by many existing device drivers. However, DMA …