Many security and software testing applications require checking whether certain properties
of a program hold for any possible usage scenario. For instance, a tool for identifying …

We present MergePoint, a new binary-only symbolic execution system for large-scale and
fully unassisted testing of commodity off-the-shelf (COTS) software. MergePoint introduces …

Symbolic execution has proven to be a practical technique for building automated test case
generation and bug finding tools. Nevertheless, due to state explosion, these tools still …

Embedded systems increasingly use software-driven low-power microprocessors for
security-critical settings, surfacing a need for tools that can audit the security of the software …

The automation of software testing promises to delegate to machines what is otherwise the
most labor-intensive and expensive part of software development. The past decade has …

Spectre are microarchitectural attacks which were made public in January 2018. They allow
an attacker to recover secrets by exploiting speculations. Detection of Spectre is particularly …

Spectre-style attacks disclosed in early 2018 expose data leakage scenarios via cache side
channels. Specifically, speculatively executed paths due to branch mis-prediction may bring …

Map/Reduce style data-parallel computation is characterized by the extensive use of user-
defined functions for data processing and relies on data-shuffling stages to prepare data …

Abstract The Software Analysis Workbench (SAW) is a system for translating programs into
logical expressions, transforming these expressions, and using external reasoning tools …

Most software analysis techniques focus on bug reachability. However, this approach is not
ideal for security evaluation as it does not take into account the difficulty of triggering said …