Work on automating vulnerability discovery has long been hampered by a shortage of
ground-truth corpora with which to evaluate tools and techniques. This lack of ground truth …

Memory corruption bugs in software written in low-level languages like C or C++ are one of
the oldest problems in computer security. The lack of safety in these languages allows …

Current software attacks often build on exploits that subvert machine-code execution. The
enforcement of a basic safety property, control-flow integrity (CFI), can prevent such attacks …

Software vulnerabilities have had a devastating effect on the Internet. Worms such as
CodeRed and Slammer can compromise hundreds of thousands of hosts within hours or …

This article presents EXE, an effective bug-finding tool that automatically generates inputs
that crash real code. Instead of running code on manually or randomly constructed input …

Software bugs are a well-known source of security vulnerabilities. One technique for finding
bugs, symbolic execution, considers all possible inputs to a program but suffers from …

The serious bugs and security vulnerabilities facilitated by C/C++'s lack of bounds checking
are well known, yet C and C++ remain in widespread use. Unfortunately, C's arbitrary …

The C and C++ programming languages are notoriously insecure yet remain indispensable.
Developers therefore resort to a multi-pronged approach to find security issues before …

Most memory corruption attacks and Internet worms follow a familiar pattern known as the
control-data attack. Hence, many defensive techniques are designed to protect program …

We present a simple architectural mechanism called dynamic information flow tracking that
can significantly improve the security of computing systems with negligible performance …