Massive software applications possess complex data structures or parse complex data
structures; in such cases, vulnerabilities in the software become inevitable. The …

Fuzzing network servers is a technical challenge, since the behavior of the target server
depends on its state over a sequence of multiple messages. Existing solutions are costly …

Program vulnerabilities, even when detected and reported, are not fixed immediately. The
time lag between the reporting and fixing of a vulnerability causes open-source software …

A recent trend for assessing the security of an embedded system's firmware is rehosting, the
art of running the firmware in a virtualized environment, rather than on the original hardware …

AC decompiler converts an executable into source code. The recovered C source code,
once re-compiled, is expected to produce an executable with the same functionality as the …

Trusted execution environments (TEEs) provide an environment for running workloads in the
cloud without having to trust cloud service providers, by offering additional hardware …

Despite the fact that the state-of-the-art fuzzers can generate inputs efficiently, existing fuzz
drivers still cannot adequately cover entries in libraries. Most of these fuzz drivers are crafted …

Fuzzing stripped binaries poses many hard challenges as fuzzers require instrumenting
binaries to collect runtime feedback for guiding input mutation. However, due to the lack of …

Uncovering bugs in concurrent programs is a challenging problem owing to the
exponentially large search space of thread interleavings. Past approaches towards …

Recent advances in fuzz testing have introduced several forms of feedback mechanisms,
motivated by the fact that for a large range of programs and libraries, edgecoverage alone is …