Fuzzing is a practical, widely-deployed technique to find bugs in complex, real-world programs like JavaScript engines. We observed, however, that existing fuzzing approaches, either generative or mutational, fall short in fully harvesting …
Debugging software failures in deployed systems is important because they
impact real users and customers. However, debugging such failures is
notoriously hard in practice because developers have to rely on limited
information such as memory dumps. …
Recently, hybrid fuzzing has been proposed to address the limitations of
fuzzing and concolic execution by combining both approaches. The hybrid
approach has shown its effectiveness in various synthetic benchmarks such as
DARPA Cyber Grand Challenge …
AVPASS is a tool for leaking the detection model
of Android antivirus (AV) programs, and bypassing
the AV detection by using the leaked information
coupled with APK perturbation techniques. AVPASS
is able to infer not only the detection features, …
Discovering the security vulnerabilities of commercial off-the-shelf
(COTS) operating systems (OSes) is challenging because they not only
are huge and complex, but also lack detailed debug
information. Concolic testing, which generates all feasible …
API misuse is a well-known source of bugs. Some of them (e.g., incorrect use of
SSL API, and integer overflow of memory allocation size) can cause serious
security vulnerabilities (e.g., man-in-the-middle (MITM) attack, and privilege
escalation). …
Memory corruption vulnerabilities are the root cause of many modern attacks. Existing defense mechanisms are inadequate; in general, the software-based approaches are not efficient and the hardware-based approaches are not flexible. In this paper, we …
As high-speed networks are becoming commonplace, it is increasingly challenging
to prevent the attack attempts at the edge of the Internet. While many
high-performance intrusion detection systems (IDSes) employ dedicated network
processors or special …