Multiple techniques and tools, including static analysis and testing, should be used for software assurance. Fuzz testing is one such technique that can be effective for finding security vulnerabilities. In contrast with traditional testing, fuzz testing only monitors the program for crashes or other undesirable behavior. This makes it feasible to run a very large number of test cases. This art...

Blockchain smart contracts have given rise to a variety of interesting and compelling applications emerged as revolutionary force for the Internet. Smart from various fields now hold over one trillion dollars worth virtual coins, attracting numerous attacks. Quite few practitioners devoted themselves developing tools detecting bugs in contracts. One line efforts revolve around static analysis t...

Fuzz testing, also known as fuzzing, is a software testing technique aimed at identifying vulnerabilities. In recent decades, fuzzing has gained increasing popularity in the research community. However, existing studies led by experts mainly focus on improving coverage and performance of techniques. That is, there still gap empirical knowledge regarding especially about challenges developers fa...

While many real-world programs are shipped with configurations to enable/disable functionalities, fuzzers have mostly been applied test single of these programs. In this work, we first conduct an empirical study understand how program affect fuzzing performance. We find that limiting a campaign configuration can result in failing cover significant amount code. also observe different contribute ...

Greybox fuzzing has been widely used in stateless programs and achieved great success. However, most stateof- the-art greybox fuzzers have slow speed shallow state depth coverage stateful network protocol programs, which are able to remember store the details of interactions. The existing for first send a series well-defined prefix sequences input messages then mutated test target protocol. Thi...

Protocol reverse engineering is the process of extracting application-level specifications for network protocols. Such specifications are very helpful in a number of security-related contexts. For example, they are needed by intrusion detection systems to perform deep packet inspection, and they allow the implementation of black-box fuzzing tools. Unfortunately, manual reverse engineering is a ...

Programming languages and software engineering tools routinely encounter components that are difficult to reason on via formal techniques or whose semantics not even available—third-party libraries, inline assembly code, SIMD instructions, system calls, calls machine learning models, etc. However, often access these is available as input-output oracles—interfaces query certain inputs receive th...

Many software security vulnerabilities only reveal themselves under certain conditions, that is, particular configurations and inputs together with a certain runtime environment. One approach to detecting these vulnerabilities is fuzz testing. However, typical fuzz testing makes no guarantees regarding the syntactic and semantic validity of the input, or of how much of the input space will be e...

Developing a systematic understanding of the attack surface of emergent networks, such as software-defined networks (SDNs), is necessary and arguably the starting point toward making it more secure. Prior studies have largely relied on ad hoc empirical methods to evaluate the security of various SDN elements from different perspectives. However, they have stopped short of converging on a system...