[PDF][PDF] Sok: The progress, challenges, and perspectives of directed greybox fuzzing
Greybox fuzzing has been the most scalable and practical approach to software testing.
Most greybox fuzzing tools are coverage guided as code coverage is strongly correlated …
Most greybox fuzzing tools are coverage guided as code coverage is strongly correlated …
Static detection of unsafe {DMA} accesses in device drivers
Direct Memory Access (DMA) is a popular mechanism for improving hardware I/O
performance, and it has been widely used by many existing device drivers. However, DMA …
performance, and it has been widely used by many existing device drivers. However, DMA …
Segfuzz: Segmentizing thread interleaving to discover kernel concurrency bugs through fuzzing
Discovering kernel concurrency bugs through fuzzing is challenging. Identifying kernel
concurrency bugs, as opposed to non-concurrency bugs, necessitates an analysis of …
concurrency bugs, as opposed to non-concurrency bugs, necessitates an analysis of …
Warpattack: bypassing cfi through compiler-introduced double-fetches
Code-reuse attacks are dangerous threats that attracted the attention of the security
community for years. These attacks aim at corrupting important control-flow transfers for …
community for years. These attacks aim at corrupting important control-flow transfers for …
Midas: Systematic Kernel {TOCTTOU} Protection
Double-fetch bugs are a plague across all major operating system kernels. They occur when
data is fetched twice across the user/kernel trust boundary while allowing concurrent …
data is fetched twice across the user/kernel trust boundary while allowing concurrent …
Defense and attack techniques against file-based TOCTOU vulnerabilities: A systematic review
File-based Time-of-Check to Time-of-Use (TOCTOU) race conditions are a well-known type
of security vulnerability. A wide variety of techniques have been proposed to detect, mitigate …
of security vulnerability. A wide variety of techniques have been proposed to detect, mitigate …
{SGXJail}: Defeating enclave malware via confinement
Trusted execution environments, such as Intel SGX, allow executing enclaves shielded from
the rest of the system. This fosters new application scenarios not only in cloud settings but …
the rest of the system. This fosters new application scenarios not only in cloud settings but …
Watch out for race condition attacks when using android external storage
S Du, X Liu, G Lai, X Luo - Proceedings of the 2022 ACM SIGSAC …, 2022 - dl.acm.org
Currently, in Android, applications (apps for short) rely heavily on external storage to provide
their services. Race conditions are introduced by the inappropriate file operations. Through …
their services. Race conditions are introduced by the inappropriate file operations. Through …
The progress, challenges, and perspectives of directed greybox fuzzing
Greybox fuzzing is a scalable and practical approach for software testing. Most greybox
fuzzing tools are coverage‐guided as reaching high code coverage is more likely to find …
fuzzing tools are coverage‐guided as reaching high code coverage is more likely to find …
Untrusted hardware causes double-fetch problems in the I/O memory
K Lu, PF Wang, G Li, X Zhou - Journal of Computer Science and …, 2018 - Springer
The double fetch problem occurs when the data is maliciously changed between two kernel
reads of the supposedly same data, which can cause serious security problems in the …
reads of the supposedly same data, which can cause serious security problems in the …