Vulpecker: an automated vulnerability detection system based on code similarity analysis
Software vulnerabilities are the fundamental cause of many attacks. Even with rapid
vulnerability patching, the problem is more complicated than it looks. One reason is that …
vulnerability patching, the problem is more complicated than it looks. One reason is that …
[PDF][PDF] Automated whitebox fuzz testing.
P Godefroid, MY Levin, DA Molnar - NDSS, 2008 - pxzhang.cn
Fuzz testing is an effective technique for finding security vulnerabilities in software.
Traditionally, fuzz testing tools apply random mutations to well-formed inputs of a program …
Traditionally, fuzz testing tools apply random mutations to well-formed inputs of a program …
TaintScope: A checksum-aware directed fuzzing tool for automatic software vulnerability detection
Fuzz testing has proven successful in finding security vulnerabilities in large programs.
However, traditional fuzz testing tools have a well-known common drawback: they are …
However, traditional fuzz testing tools have a well-known common drawback: they are …
Automatic inference of search patterns for taint-style vulnerabilities
Taint-style vulnerabilities are a persistent problem in software development, as the recently
discovered" Heart bleed" vulnerability strikingly illustrates. In this class of vulnerabilities …
discovered" Heart bleed" vulnerability strikingly illustrates. In this class of vulnerabilities …
Generalized vulnerability extrapolation using abstract syntax trees
F Yamaguchi, M Lottmann, K Rieck - Proceedings of the 28th annual …, 2012 - dl.acm.org
The discovery of vulnerabilities in source code is a key for securing computer systems. While
specific types of security flaws can be identified automatically, in the general case the …
specific types of security flaws can be identified automatically, in the general case the …
Karonte: Detecting insecure multi-binary interactions in embedded firmware
Low-power, single-purpose embedded devices (eg, routers and IoT devices) have become
ubiquitous. While they automate and simplify many aspects of users' lives, recent large-scale …
ubiquitous. While they automate and simplify many aspects of users' lives, recent large-scale …
Sok: All you ever wanted to know about x86/x64 binary disassembly but were afraid to ask
Disassembly of binary code is hard, but necessary for improving the security of binary
software. Over the past few decades, research in binary disassembly has produced many …
software. Over the past few decades, research in binary disassembly has produced many …
Spain: security patch analysis for binaries towards understanding the pain and pills
Software vulnerability is one of the major threats to software security. Once discovered,
vulnerabilities are often fixed by applying security patches. In that sense, security patches …
vulnerabilities are often fixed by applying security patches. In that sense, security patches …
Wysinwyx: What you see is not what you execute
G Balakrishnan, T Reps - ACM Transactions on Programming …, 2010 - dl.acm.org
Over the last seven years, we have developed static-analysis methods to recover a good
approximation to the variables and dynamically allocated memory objects of a stripped …
approximation to the variables and dynamically allocated memory objects of a stripped …
Chucky: Exposing missing checks in source code for vulnerability discovery
Uncovering security vulnerabilities in software is a key for operating secure systems.
Unfortunately, only some security flaws can be detected automatically and the vast majority …
Unfortunately, only some security flaws can be detected automatically and the vast majority …