More Web Proxy on the site http://driver.im/

research-article

MemLock: memory usage guided fuzzing

Authors:

Ting LiuAuthors Info & Claims

ICSE '20: Proceedings of the ACM/IEEE 42nd International Conference on Software Engineering

Pages 765 - 777

https://doi.org/10.1145/3377811.3380396

Published: 01 October 2020 Publication History

Abstract

Uncontrolled memory consumption is a kind of critical software security weaknesses. It can also become a security-critical vulnerability when attackers can take control of the input to consume a large amount of memory and launch a Denial-of-Service attack. However, detecting such vulnerability is challenging, as the state-of-the-art fuzzing techniques focus on the code coverage but not memory consumption. To this end, we propose a memory usage guided fuzzing technique, named MemLock, to generate the excessive memory consumption inputs and trigger uncontrolled memory consumption bugs. The fuzzing process is guided with memory consumption information so that our approach is general and does not require any domain knowledge. We perform a thorough evaluation for MemLock on 14 widely-used real-world programs. Our experiment results show that MemLock substantially outperforms the state-of-the-art fuzzing techniques, including AFL, AFLfast, PerfFuzz, FairFuzz, Angora and QSYM, in discovering memory consumption bugs. During the experiments, we discovered many previously unknown memory consumption bugs and received 15 new CVEs.

References

[1]

Jeppe L Andersen, Mikkel Todberg, Andreas E Dalsgaard, and René Rydhof Hansen. 2013. Worst-case memory consumption analysis for SCJ. In Proceedings of the 11th International Workshop on Java Technologies for Real-time and Embedded Systems. ACM, 2--10.

Digital Library

[2]

Andrea Arcuri and Lionel Briand. 2011. A practical guide for using statistical tests to assess randomized algorithms in software engineering. In Software Engineering, 2011 33rd International Conference on. IEEE, 1--10.

Digital Library

[3]

Cornelius Aschermann, Sergej Schumilo, Tim Blazytko, Robert Gawlik, and Thorsten Holz. 2019. REDQUEEN: Fuzzing with Input-to-State Correspondence. In Proceedings of the Network and Distributed System Security Symposium.

[4]

Bento4. 2019. Full-featured MP4 format and MPEG DASH library and tools. http://www.bento4.com. accessed: 2019-08-01.

[5]

GNU binutils. 2019. a collection of binary tools. https://www.gnu.org/software/binutils/. accessed: 2019-08-01.

[6]

Tim Blazytko, Cornelius Aschermann, Moritz Schlögel, Ali Abbasi, Sergej Schumilo, Simon Wörner, and Thorsten Holz. 2019. GRIMOIRE: Synthesizing Structure while Fuzzing. (2019).

[7]

Marcel Böhme, Van-Thuan Pham, Manh-DungNguyen, and Abhik Roychoudhury. 2017. Directed greybox fuzzing. In Proceedings of the 2017 ACM SIGSAC Conference on Computer and Communications Security. ACM, 2329--2344.

Digital Library

[8]

Marcel Böhme, Van-Thuan Pham, and Abhik Roychoudhury. 2017. Coverage-based greybox fuzzing as markov chain. IEEE Transactions on Software Engineering (2017).

[9]

Maintained by Google. 2018. honggfuzz. http://honggfuzz.com/.

[10]

Quentin Carbonneaux, Jan Hoffmann, Tahina Ramananandro, and Zhong Shao. 2014. End-to-end verification of stack-space bounds for C programs. In ACM SIGPLAN Notices, Vol. 49. ACM, 270--281.

Digital Library

[11]

Hongxu Chen, Yinxing Xue, Yuekang Li, Bihuan Chen, Xiaofei Xie, Xiuheng Wu, and Yang Liu. 2018. Hawkeye: towards a desired directed grey-box fuzzer. In Proceedings of the 2018 ACM SIGSAC Conference on Computer and Communications Security. ACM, 2095--2108.

Digital Library

[12]

Peng Chen and Hao Chen. 2018. Angora: Efficient fuzzing by principled search. In 2018 IEEE Symposium on Security and Privacy (SP). IEEE, 711--725.

[13]

Wei-Ngan Chin, Huu Hai Nguyen, Corneliu Popeea, and Shengchao Qin. 2008. Analysing memory resource bounds for low-level programs. In the 7th International Symposium on Memory Management, (ISMM 2008). 151--160.

Digital Library

[14]

Wei-Ngan Chin, Huu Hai Nguyen, Shengchao Qin, and Martin C. Rinard. 2005. Memory Usage Verification for OO Programs. In 12th International Symposium on Static Analysis (SAS 2005). 70--86.

Digital Library

[15]

Duc-Hiep Chu, Joxan Jaffar, and Rasool Maghareh. 2016. Symbolic execution for memory consumption analysis. ACM SIGPLAN Notices 51, 5 (2016), 62--71.

Digital Library

[16]

Nicolas Coppik, Oliver Schwahn, and Neeraj Suri. 2019. MemFuzz: Using Memory Accesses to Guide Fuzzing. In 2019 12th IEEE Conference on Software Testing, Validation and Verification (ICST). IEEE, 48--58.

[17]

CVE-2017-9804. 2017. Available from MITRE. https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-9804.

[18]

CVE-2018-17985. 2018. Available from MITRE. https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-17985.

[19]

CVE-2018-4868. 2019. Available from MITRE. https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-4868.

[20]

CVE-2019-6291. 2019. Available from MITRE. https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-6291.

[21]

CVE-2019-6292. 2019. Available from MITRE. https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-6292.

[22]

CVE-2019-7704. 2019. Available from MITRE. https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-7704.

[23]

CVE Details. accessed: 2019. The list of Vulnerabilities according to CWE-400: Uncontrolled Resource Consumption. https://www.cvedetails.com/cwe-details/400/Uncontrolled-Resource-Consumption-039-Resource-Exhaustion.html.

[24]

Mohamed Elsabagh, Daniel Barbará, Dan Fleck, and Angelos Stavrou. 2018. On early detection of application-level resource exhaustion and starvation. Journal of Systems and Software 137 (2018), 430--447.

[25]

Exiv2. 2019. Image metadata library and tools. http://www.exiv2.org/. accessed: 2019-08-01.

[26]

Gang Fan, Rongxin Wu, Qingkai Shi, Xiao Xiao, Jinguo Zhou Zhou, and Charles Zhang. 2019. SMOKE: Scalable Path-Sensitive Memory Leak Detection for Millions of Lines of Code. In Proceedings of the 41st International Conference on Software Engineering, ICSE, Gothenburg, Sweden.

Digital Library

[27]

Flex. 2019. The Fast Lexical Analyzer - scanner generator for lexing in C and C++. https://github.com/westes/flex. accessed: 2019-08-01.

[28]

Shuitao Gan, Chao Zhang, Xiaojun Qin, Xuwen Tu, Kang Li, Zhongyu Pei, and Zuoning Chen. 2018. CollAFL: Path sensitive fuzzing. In 2018 IEEE Symposium on Security and Privacy. IEEE, 679--696.

[29]

Google. 2018. The list of common sanitizer options. https://github.com/google/sanitizers/wiki/SanitizerCommonFlags.

[30]

Google. 2019. ClusterFuzz. https://google.github.io/clusterfuzz/.

[31]

Guanhua He, Shengchao Qin, Chenguang Luo, and Wei-Ngan Chin. 2009. Memory Usage Verification Using Hip/Sleek. In 7th International Symposium on Automated Technology for Verification and Analysis (ATVA 2009). 166--181.

Digital Library

[32]

Jasper. 2019. Image Processing/Coding Tool Kit. https://www.ece.uvic.ca/~frodo/jasper/. accessed: 2019-08-01.

[33]

Xiangkun Jia, Chao Zhang, Purui Su, Yi Yang, Huafeng Huang, and Dengguo Feng. 2017. Towards efficient heap overflow discovery. In 26th USENIX Security Symposium. 989--1006.

[34]

Daniel Kästner and Christian Ferdinand. 2014. Proving the absence of stack overflows. In International Conference on Computer Safety, Reliability, and Security. Springer, 202--213.

Digital Library

[35]

George Klees, Andrew Ruef, Benji Cooper, Shiyi Wei, and Michael Hicks. 2018. Evaluating Fuzz Testing. In Proceedings of the 2018 ACM SIGSAC Conference on Computer and Communications Security. ACM, 2123--2138.

Digital Library

[36]

Chris Lattner and Vikram Adve. 2004. LLVM: A compilation framework for lifelong program analysis & transformation. In Proceedings of the international symposium on Code generation and optimization: feedback-directed and runtime optimization. IEEE Computer Society, 75.

Digital Library

[37]

Caroline Lemieux, Rohan Padhye, Koushik Sen, and Dawn Song. 2018. PerfFuzz: automatically generating pathological inputs. In Proceedings of the 27th ACM SIGSOFT International Symposium on Software Testing and Analysis. ACM, 254--265.

Digital Library

[38]

Caroline Lemieux and Koushik Sen. 2018. Fairfuzz: A targeted mutation strategy for increasing greybox fuzz testing coverage. In Proceedings of the 33rd ACM/IEEE International Conference on Automated Software Engineering. ACM, 475--485.

Digital Library

[39]

Jun Li, Bodong Zhao, and Chao Zhang. 2018. Fuzzing: a survey. Cybersecurity 1, 1 (2018), 6.

[40]

Yuekang Li, Bihuan Chen, Mahinthan Chandramohan, Shang-Wei Lin, Yang Liu, and Alwen Tiu. 2017. Steelix: program-state based binary fuzzing. In Proceedings of the 2017 11th Joint Meeting on Foundations of Software Engineering. ACM, 627--637.

Digital Library

[41]

Hongliang Liang, Xiaoxiao Pei, Xiaodong Jia, Wuwei Shen, and Jian Zhang. 2018. Fuzzing: State of the art. IEEE Transactions on Reliability 67, 3 (2018), 1199--1218.

[42]

Libming. 2019. A library for generating Macromedia Flash files. http://www.libming.org/. accessed: 2019-08-01.

[43]

Libsass. 2019. A C/C++ implementation of a Sass compiler. https://github.com/sass/libsass. accessed: 2019-08-01.

[44]

Xiaolong Liu, Qiang Wei, Qingxian Wang, Zheng Zhao, and Zhongxu Yin. 2018. CAFA: A Checksum-Aware Fuzzing Assistant Tool for Coverage Improvement. Security and Communication Networks (2018).

[45]

LLVM-Documentation. 2018. libFuzzer - a library for coverage-guided fuzz testing. http://llvm.org/docs/LibFuzzer.html.

[46]

Yuki Machigashira and Akio Nakata. 2018. An Improved LLF Scheduling for Reducing Maximum Heap Memory Consumption by Considering Laxity Time. In 2018 International Symposium on Theoretical Aspects of Software Engineering. IEEE, 144--149.

[47]

Valentin JM Manes, HyungSeok Han, Choongwoo Han, Sang Kil Cha, Manuel Egele, Edward J Schwartz, and Maverick Woo. 2018. Fuzzing: Art, Science, and Engineering. arXiv preprint arXiv:1812.00140 (2018).

[48]

MemLock. accessed: 2020-01-01. MemLock's Home Page. https://icse2020-memlock.github.io/.

[49]

MITRE. accessed: 2019. CWE-400: Uncontrolled Resource Consumption. https://cwe.mitre.org/data/definitions/400.html.

[50]

MITRE. accessed: 2019. CWE-401: Missing Release of Memory after Effective Lifetime. https://cwe.mitre.org/data/definitions/401.html.

[51]

MITRE. accessed: 2019. CWE-674: Uncontrolled Recursion. https://cwe.mitre.org/data/definitions/674.html.

[52]

MITRE. accessed: 2019. CWE-789: Uncontrolled Memory Allocation. https://cwe.mitre.org/data/definitions/789.html.

[53]

mjs. 2019. mjs: Restricted JavaScript engine. https://github.com/cesanta/mjs. accessed: 2019-08-01.

[54]

Nasm. 2019. The Netwide Assembler. https://www.nasm.us. accessed: 2019-08-01.

[55]

Openjpeg. 2019. An open-source JPEG 2000 codec written in C language. https://github.com/uclouvain/openjpeg. accessed: 2019-08-01.

[56]

Rohan Padhye, Caroline Lemieux, Koushik Sen, Mike Papadakis, and Yves Le Traon. 2019. Semantic Fuzzing with Zest. In Proceedings of the 28th ACM SIGSOFT International Symposium on Software Testing and Analysis (ISSTA'19).

Digital Library

[57]

Hui Peng, Yan Shoshitaishvili, and Mathias Payer. 2018. T-Fuzz: fuzzing by program transformation. In 2018 IEEE Symposium on Security and Privacy. IEEE, 697--710.

[58]

Theofilos Petsios, Jason Zhao, Angelos D Keromytis, and Suman Jana. 2017. Slowfuzz: Automated domain-independent detection of algorithmic complexity vulnerabilities. In Proceedings of the 2017 ACM SIGSAC Conference on Computer and Communications Security. ACM, 2155--2168.

Digital Library

[59]

Sanjay Rawat, Vivek Jain, Ashish Kumar, Lucian Cojocar, Cristiano Giuffrida, and Herbert Bos. 2017. Vuzzer: Application-aware evolutionary fuzzing. In Proceedings of the Network and Distributed System Security Symposium.

[60]

Alexey Samsonov and Kostya Serebryany. 2013. New features in addresssanitizer. (2013).

[61]

Kostya Serebryany. 2017. OSS-Fuzz-Google's continuous fuzzing service for open source software. (2017).

[62]

Konstantin Serebryany, Derek Bruening, Alexander Potapenko, and Dmitriy Vyukov. 2012. AddressSanitizer: A fast address sanity checker. In Presented as part of the 2012 USENIX Annual Technical Conference. 309--318.

[63]

Yuju Shen, Yanyan Jiang, Chang Xu, Ping Yu, Xiaoxing Ma, and Jian Lu. 2018. ReScue: crafting regular expression DoS attacks. In Proceedings of the 33rd ACM/IEEE International Conference on Automated Software Engineering. ACM, 225--235.

Digital Library

[64]

Nick Stephens, John Grosen, Christopher Salls, Andrew Dutcher, Ruoyu Wang, Jacopo Corbetta, Yan Shoshitaishvili, Christopher Kruegel, and Giovanni Vigna. 2016. Driller: Augmenting Fuzzing Through Selective Symbolic Execution. In NDSS, Vol. 16. 1--16.

[65]

Laszlo Szekeres, Mathias Payer, Tao Wei, and Dawn Song. 2013. Sok: Eternal war in memory. In Security and Privacy, 2013 IEEE Symposium on. IEEE, 48--62.

Digital Library

[66]

Ari Takanen, Jared D Demott, Charles Miller, and Atte Kettunen. 2018. Fuzzing for software security testing and quality assurance. Artech House.

[67]

Victor Van der Veen, Lorenzo Cavallaro, Herbert Bos, et al. 2012. Memory errors: The past, the present, and the future. In International Workshop on Recent Advances in Intrusion Detection. Springer, 86--106.

Digital Library

[68]

András Vargha and Harold D Delaney. 2000. A critique and improvement of the CL common language effect size statistics of McGraw and Wong. Journal of Educational and Behavioral Statistics 25, 2 (2000), 101--132.

[69]

John Vilk and Emery D Berger. 2018. BLeak: automatically debugging memory leaks in web applications. In Proceedings of the 39th ACM SIGPLAN Conference on Programming Language Design and Implementation. ACM, 15--29.

Digital Library

[70]

Di Wang and Jan Hoffmann. 2019. Type-Guided Worst-Case Input Generation. Proceedings of the ACM on Programming Languages (2019).

Digital Library

[71]

Haijun Wang, Yun Lin, Zijiang Yang, Jun Sun, Yang Liu, Jin Song Dong, Qinghua Zheng, and Ting Liu. 2019. Explaining Regressions via Alignment Slicing and Mending. IEEE Transactions on Software Engineering (2019), 1--1.

[72]

Haijun Wang, Ting Liu, Xiaohong Guan, Chao Shen, Qinghua Zheng, and Zijiang Yang. 2016. Dependence guided symbolic execution. IEEE Transactions on Software Engineering 43, 3 (2016), 252--271.

Digital Library

[73]

Haijun Wang, Xiaofei Xie, Yi Li, Cheng Wen, Yang Liu, Shengchao Qin, Hongxu Chen, and Yulei. Sui. 2020. Typestate-Guided Fuzzer for Discovering Use-after-Free Vulnerabilities. In 2020 IEEE/ACM 42nd International Conference on Software Engineering. Seoul, South Korea.

[74]

Haijun Wang, Xiaofei Xie, Shang-Wei Lin, Yun Lin, Yuekang Li, Shengchao Qin, Yang Liu, and Ting Liu. 2019. Locating vulnerabilities in binaries via memory layout recovering. In Proceedings of the 2019 27th ACM Joint Meeting on European Software Engineering Conference and Symposium on the Foundations of Software Engineering. 718--728.

Digital Library

[75]

Junjie Wang, Bihuan Chen, Lei Wei, and Yang Liu. 2019. Superion: Grammar-Aware Greybox Fuzzing. In Proceedings of the 41st International Conference on Software Engineering, ICSE, Gothenburg, Sweden.

Digital Library

[76]

Mingzhe Wang, Jie Liang, Yuanliang Chen, Yu Jiang, Xun Jiao, Han Liu, Xibin Zhao, and Jiaguang Sun. 2018. SAFL: increasing and accelerating testing coverage with symbolic execution and guided fuzzing. In Proceedings of the 40th International Conference on Software Engineering: Companion Proceeedings. ACM, 61--64.

Digital Library

[77]

Jiayi Wei, Jia Chen, Yu Feng, Kostas Ferles, and Isil Dillig. 2018. Singularity: Pattern fuzzing for worst case complexity. In Proceedings of the 2018 26th ACM Joint Meeting on European Software Engineering Conference and Symposium on the Foundations of Software Engineering. ACM, 213--223.

Digital Library

[78]

Technical whitepaper for afl fuzz. 2019. american fuzzy lop. http://lcamtuf.coredump.cx/afl/technical_details.txt. accessed: 2019-08-01.

[79]

Zhiwu Xu, Cheng Wen, and Shengchao Qin. 2018. State-taint analysis for detecting resource bugs. Science of Computer Programming 162 (2018), 93--109.

[80]

yaml cpp. 2019. A YAML parser and emitter in C++. https://github.com/jbeder/yaml-cpp. accessed: 2019-08-01.

[81]

Yara. 2019. The pattern matching swiss knife for malware researchers. http://virustotal.github.io/yara/. accessed: 2019-08-01.

[82]

Wei You, Xueqiang Wang, Shiqing Ma, Jianjun Huang, Xiangyu Zhang, XiaoFeng Wang, and Bin Liang. 2019. Profuzzer: On-the-fly input type probing for better zero-day vulnerability discovery. In Security and Privacy, 2019 IEEE Symposium on. IEEE.

[83]

Insu Yun, Sangho Lee, Meng Xu, Yeongjin Jang, and Taesoo Kim. 2018. QSYM: A Practical Concolic Execution Engine Tailored for Hybrid Fuzzing. In 27th USENIX Security Symposium. 745--761.

[84]

Michal Zalewski. 2017. American Fuzzy Lop 2.52b. http://lcamtuf.coredump.cx/afl/.

Cited By

Zhao XQu HYi JWang JTian MZhao F(2024)A Fuzzer for Detecting Use-After-Free VulnerabilitiesMathematics10.3390/math1221343112:21(3431)Online publication date: 1-Nov-2024
https://doi.org/10.3390/math12213431
Du CXu GGuo YWang ZYu W(2024)A Novel Seed Generation Approach for Vulnerability Mining Based on Generative Adversarial Networks and Attention MechanismsMathematics10.3390/math1205074512:5(745)Online publication date: 1-Mar-2024
https://doi.org/10.3390/math12050745
Guo JZhao DGu CChen XZhang XJu M(2024)An enhanced state-aware model learning approach for security analysis in lightweight protocol implementationsJournal of Cloud Computing: Advances, Systems and Applications10.1186/s13677-024-00593-013:1Online publication date: 30-Jan-2024
https://dl.acm.org/doi/10.1186/s13677-024-00593-0
Show More Cited By

Index Terms

MemLock: memory usage guided fuzzing
1. Security and privacy
  1. Software and application security
    1. Software security engineering

Recommendations

deExploit

We propose to detect memory corruption by identifying misuses of input data.We propose a binary level approach for memory corruption detection and diagnosis.Our approach is generic to typical memory corruption attacks.Our approach is effective in ...
Cerebro: context-aware adaptive fuzzing for effective vulnerability detection
ESEC/FSE 2019: Proceedings of the 2019 27th ACM Joint Meeting on European Software Engineering Conference and Symposium on the Foundations of Software Engineering

Existing greybox fuzzers mainly utilize program coverage as the goal to guide the fuzzing process. To maximize their outputs, coverage-based greybox fuzzers need to evaluate the quality of seeds properly, which involves making two decisions: 1) which is ...
MemSpate: Memory Usage Protocol Guided Fuzzing
Formal Methods and Software Engineering
Abstract
Memory safety vulnerabilities are high-risk and common vulnerabilities in software testing, often leading to a series of system errors. Fuzz testing is widely recognized as one of the most effective methods for detecting vulnerabilities, including ...

Comments

Please enable JavaScript to view thecomments powered by Disqus.

Information & Contributors

Information

Published In

cover image ACM Conferences

ICSE '20: Proceedings of the ACM/IEEE 42nd International Conference on Software Engineering

June 2020

1640 pages

ISBN:9781450371216

DOI:10.1145/3377811

General Chairs:
Gregg Rothermel
North Carolina State University
,
Doo-Hwan Bae
KAIST, South Korea

Copyright © 2020 ACM.

Permission to make digital or hard copies of all or part of this work for personal or classroom use is granted without fee provided that copies are not made or distributed for profit or commercial advantage and that copies bear this notice and the full citation on the first page. Copyrights for components of this work owned by others than ACM must be honored. Abstracting with credit is permitted. To copy otherwise, or republish, to post on servers or to redistribute to lists, requires prior specific permission and/or a fee. Request permissions from [email protected]

Sponsors

SIGSOFT: ACM Special Interest Group on Software Engineering

In-Cooperation

KIISE: Korean Institute of Information Scientists and Engineers
IEEE CS

Publisher

Association for Computing Machinery

New York, NY, United States

Publication History

Published: 01 October 2020

Permissions

Request permissions for this article.

Request Permissions

Check for updates

Badges

Author Tags

Qualifiers

Research-article

Funding Sources

Ant Financial Research Program
National Natural Science Foundation of China
Guangdong Basic and Applied Basic Research Foundation
National Key R&D Program of China

Conference

ICSE '20

Sponsor:

SIGSOFT

ICSE '20: 42nd International Conference on Software Engineering

June 27 - July 19, 2020

Seoul, South Korea

Acceptance Rates

Overall Acceptance Rate 276 of 1,856 submissions, 15%

Upcoming Conference

ICSE 2025

2025 IEEE/ACM 46th International Conference on Software Engineering

April 26 - May 3, 2025

Ottawa , ON , Canada

Contributors

Other Metrics

View Article Metrics

Bibliometrics & Citations

Bibliometrics

Article Metrics

82
Total Citations
View Citations
683
Total Downloads

Downloads (Last 12 months)140
Downloads (Last 6 weeks)16

Reflects downloads up to 03 Jan 2025

Other Metrics

View Author Metrics

Citations

Cited By

Zhao XQu HYi JWang JTian MZhao F(2024)A Fuzzer for Detecting Use-After-Free VulnerabilitiesMathematics10.3390/math1221343112:21(3431)Online publication date: 1-Nov-2024
https://doi.org/10.3390/math12213431
Du CXu GGuo YWang ZYu W(2024)A Novel Seed Generation Approach for Vulnerability Mining Based on Generative Adversarial Networks and Attention MechanismsMathematics10.3390/math1205074512:5(745)Online publication date: 1-Mar-2024
https://doi.org/10.3390/math12050745
Guo JZhao DGu CChen XZhang XJu M(2024)An enhanced state-aware model learning approach for security analysis in lightweight protocol implementationsJournal of Cloud Computing: Advances, Systems and Applications10.1186/s13677-024-00593-013:1Online publication date: 30-Jan-2024
https://dl.acm.org/doi/10.1186/s13677-024-00593-0
Shi HChen SWang RChen YZhang WZhang QShen YShi XHu CJiang YFilkov VRay BZhou M(2024)Industry Practice of Directed Kernel Fuzzing for Open-source Linux DistributionProceedings of the 39th IEEE/ACM International Conference on Automated Software Engineering10.1145/3691620.3695278(2159-2169)Online publication date: 27-Oct-2024
https://dl.acm.org/doi/10.1145/3691620.3695278
Xu HChen LGan SZhang CLi ZJi JChen BHu F(2024)Graphuzz: Data-driven Seed Scheduling for Coverage-guided Greybox FuzzingACM Transactions on Software Engineering and Methodology10.1145/366460333:7(1-36)Online publication date: 26-Aug-2024
https://dl.acm.org/doi/10.1145/3664603
Wen CCai YZhang BSu JXu ZLiu DQin SMing ZCong T(2024)Automatically Inspecting Thousands of Static Bug Warnings with Large Language Model: How Far Are We?ACM Transactions on Knowledge Discovery from Data10.1145/365371818:7(1-34)Online publication date: 19-Jun-2024
https://dl.acm.org/doi/10.1145/3653718
Zhang ZChen LWei HShi GMeng DChristakis MPradel M(2024)Prospector: Boosting Directed Greybox Fuzzing for Large-Scale Target Sets with Iterative PrioritizationProceedings of the 33rd ACM SIGSOFT International Symposium on Software Testing and Analysis10.1145/3650212.3680365(1351-1363)Online publication date: 11-Sep-2024
https://dl.acm.org/doi/10.1145/3650212.3680365
Xu ZWu BWen CZhang BQin SHe MRoychoudhury APaiva AAbreu RStorey M(2024)RPG: Rust Library Fuzzing with Pool-based Fuzz Target Generation and Generic SupportProceedings of the IEEE/ACM 46th International Conference on Software Engineering10.1145/3597503.3639102(1-13)Online publication date: 20-May-2024
https://dl.acm.org/doi/10.1145/3597503.3639102
Du ZLi YZheng YZhang XZhang CLiu YHabib SLi XWang LLiu YMao BChua TNgo CKa-Wei Lee RKumar RLauw H(2024)Medusa: Unveil Memory Exhaustion DoS Vulnerabilities in Protocol ImplementationsProceedings of the ACM Web Conference 202410.1145/3589334.3645476(1668-1679)Online publication date: 13-May-2024
https://dl.acm.org/doi/10.1145/3589334.3645476
Huang HChiu HShi QYao PZhang C(2024)Balance Seed Scheduling via Monte Carlo PlanningIEEE Transactions on Dependable and Secure Computing10.1109/TDSC.2023.328529321:3(1469-1483)Online publication date: May-2024
https://doi.org/10.1109/TDSC.2023.3285293
Show More Cited By

View Options

Login options

Check if you have access through your login credentials or your institution to get full access on this article.

Full Access

Get this Publication

View options

PDF

View or Download as a PDF file.

eReader

View online with eReader.

Media

Figures

Other

Tables

View Table of Contents