Many security and software testing applications require checking whether certain properties
of a program hold for any possible usage scenario. For instance, a tool for identifying …

Identifying potentially vulnerable locations in a code base is critical as a pre-step for effective
vulnerability assessment; ie, it can greatly help security experts put their time and effort to …

Existing greybox fuzzers mainly utilize program coverage as the goal to guide the fuzzing
process. To maximize their outputs, coverage-based greybox fuzzers need to evaluate the …

We present a technique, called CFAR, that developers can use to reason precisely about
how their code, as well as third-party code, uses the CPU cache. Given a piece of systems …

Modern websites extensively rely on JavaScript to implement both functionality and tracking.
Existing privacy-enhancing content-blocking tools struggle against mixed scripts, which …

Currently, Android malware detection is mostly performed on the server side against the
increasing number of Android malware. Powerful computing resource gives more …

Contemporary fuzz testing techniques focus on identifying memory corruption vulnerabilities
that allow adversaries to achieve either remote code execution or information disclosure …

Verification of programs continues to be a challenge and no single known technique
succeeds on all programs. In this paper we present VeriAbs, a reachability verifier for C …

Stress testing is an important task in software testing, which examines the behavior of a
program under a heavy load. Symbolic execution is a useful tool to find out the worst-case …

This works studies abstract backward semantics to infer sufficient program preconditions,
based on an idea first proposed in previous work. This analysis exploits under-approximated …