Academic papers related to fuzzing, binary analysis, and exploit dev, which I want to read or have already read

Note

The sole purpose of this repository is to help me organize recent academic papers related to fuzzing, binary analysis, IoT security, and general exploitation. This is a non-exhausting list, even though I’ll try to keep it updated… Feel free to suggest decent papers via a PR.

Read & Tagged

• 2020 - P2IM: Scalable and Hardware-independent Firmware Testing via Automatic Peripheral Interface Modeling
  • Tags: HALucinator, emulation, firmware, QEMU, AFL, requires source, MCU, peripheral abstraction
• 2020 - What Exactly Determines the Type? Inferring Types with Context
  • Tags: context assisted type inference, stripped binaries, variable and type reconstruction, IDA Pro, Word2Vec, CNN,
• 2020 - Causal Testing: Understanding Defects’ Root Causes
  • Tags: Defects4J, causal relationships, Eclipse plugin, unit test mutation, program trace diffing, static value diffing, user study
• 2020 - AURORA: Statistical Crash Analysis for Automated Root Cause Explanation
  • Tags: RCA, program traces, input diversification, Intel PIN, Rust, CFG,
• 2020 - ParmeSan: Sanitizer-guided Greybox Fuzzing
  • Tags: interprocedural CFG, data flow analysis, directed fuzzing (DGF), disregarding ‘hot paths’, LAVA-M based primitives, LLVM, Angora, AFLGo, ASAP, santizer dependent
• 2020 - Magma: A Ground-Truth Fuzzing Benchmark
  • Tags: best practices, fuzzer benchmarking, ground truth, Lava-M
• 2020 - Fitness Guided Vulnerability Detection with Greybox Fuzzing
  • Tags: AFL, vuln specific fitness metric (headroom), buffer/integer overflow detection, AFLGo, pointer analysis, CIL, bad benchmarking
• 2020 - GREYONE: Data Flow Sensitive Fuzzing
  • Tags: data-flow fuzzing, taint-guided mutation, input prioritization, constraint conformance, REDQUEEN, good evaluation, VUzzer
• 2020 - FairFuzz-TC: a fuzzer targeting rare branches
  • Tags: AFL, required seeding, branch mask
• 2020 - Fitness Guided Vulnerability Detection with Greybox Fuzzing
  • Tags: AFL, vuln specific fitness metric (headroom), buffer/integer overflow detection, AFLGo, pointer analysis, CIL, bad evaluation
• 2020 - TOFU: Target-Oriented FUzzer
  • Tags: DGF, structured mutations, staged fuzzing/learning of cli args, target fitness, structure aware, Dijkstra for priority, AFLGo, Superion
• 2020 - FuZZan: Efficient Sanitizer Metadata Design for Fuzzing
  • Tags:: sanitizer metadata, optimization, ASAN, MSan, AFL
• 2020 - Boosting Fuzzer Efficiency: An Information Theoretic Perspective
  • Tags:: Shannon entropy, seed power schedule, libfuzzer, active SLAM, DGF, fuzzer efficiency
• 2020 - Learning Input Tokens for Effective Fuzzing
  • Tags: dynamic taint tracking, parser checks, magic bytes, creation of dict inputs for fuzzers
• 2020 - A Review of Memory Errors Exploitation in x86-64
  • Tags: NX, canaries, ASLR, new mitigations, mitigation evaluation, recap on memory issues
• 2020 - SoK: The Progress, Challenges, and Perspectives of Directed Greybox Fuzzing
  • Tags: SoK, directed grey box fuzzing, AFL, AFL mutation operators, DGF vs CGF
• 2020 - MemLock: Memory Usage Guided Fuzzing
  • Tags: memory consumption, AFL, memory leak, uncontrolled-recursion, uncontrolled-memory-allocation, static analysis
• 2019 - Building Fast Fuzzers
  • Tags: grammar based fuzzing, optimization, bold claims, comparison to badly/non-optimized fuzzers, python, lots of micro-optimizations, nice protocolling of failures, bad ASM optimization
• 2019 - Not All Bugs Are the Same: Understanding, Characterizing, and Classifying the Root Cause of Bugs
  • Tags: RCA via bug reports, classification model, F score,
• 2019 - AntiFuzz: Impeding Fuzzing Audits of Binary Executables
  • Tags: anti fuzzing, prevent crashes, delay executions, obscure coverage information, overload symbolic execution
• 2019 - MOpt: Optimized Mutation Scheduling for Fuzzers
  • Tags: mutation scheduling, particle swarm optimization (PSO), AFL, AFL mutation operators, VUzzer,
• 2019 - FuzzFactory: Domain-Specific Fuzzing with Waypoints
  • Tags: domain-specific fuzzing, AFL, LLVM, solve hard constraints like cmp, find dynamic memory allocations, binary-based
• 2019 - Fuzzing File Systems via Two-Dimensional Input Space Exploration
  • Tags: Ubuntu, file systems, library OS, ext4, brtfs, meta block mutations, edge cases
• 2019 - REDQUEEN: Fuzzing with Input-to-State Correspondence
  • Tags: feedback-driven, AFL, magic-bytes, nested contraints, input-to-state correspondence
• 2019 - PeriScope: An Effective Probing and Fuzzing Framework for the Hardware-OS Boundary
  • Tags: kernel, android, userland, embedded, hardware, Linux, device driver, WiFi
• 2019 - FirmFuzz: Automated IoT Firmware Introspection and Analysis
  • Tags: emulation, firmadyne, BOF, XSS, CI, NPD, semi-automatic
• 2019 - Firm-AFL: High-Throughput Greybox Fuzzing of IoT Firmware via Augmented Process Emulation
  • Tags: emulation, qemu, afl, full vs user mode, syscall redirect, “augmented process emulation”, firmadyne
• 2018 - A Survey of Automated Root Cause Analysisof Software Vulnerability
  • Tags: Exploit mitigations, fuzzing basics, symbolic execution basics, fault localization, high level
• 2018 - PhASAR: An Inter-procedural Static Analysis Framework for C/C++
  • Tags: LLVM, (inter-procedural) data-flow analysis, call-graph, points-to, class hierachy, CFG, IR
• 2018 - INSTRIM: Lightweight Instrumentation for Coverage-guided Fuzzing
  • Tags: LLVM, instrumentation optimization, graph algorithms, selective instrumentation, coverage calculation
• 2018 - What You Corrupt Is Not What You Crash: Challenges in Fuzzing Embedded Devices
  • Tags: embedded, challenges, heuristics, emulation, crash classification, fault detection
• 2018 - Evaluating Fuzz Testing
  • Tags: fuzzing evaluation, good practices, bad practices
• 2017 - Root Cause Analysis of Software Bugs using Machine Learning Techniques
  • Tags: ML, RC prediction for filed bug reports, unsupervides + supervised combination, RC categorisation, F score
• 2017 - kAFL: Hardware-Assisted Feedback Fuzzing for OS Kernels
  • Tags: intel PT, kernel, AFL, file systems, Windows, NTFS, Linux, ext, macOS, APFS, driver, feedback-driven
• 2016 - Driller: Argumenting Fuzzing Through Selective Symbolic Execution
  • Tags: DARPA, CGC, concolic execution, hybrid fuzzer, binary based
• 2015 - Challenges with Applying Vulnerability Prediction Models
  • Tags: VPM vs DPM, prediction models on large scale systems, files with frequent changes leave more vulns, older code exhibits more vulns
• 2013 - Automatic Recovery of Root Causes from Bug-Fixing Changes
  • Tags: ML + SCA, F score, AST, PPA, source tree analysis

Unread

Unread papers categorized by a common main theme.

General fuzzing implementations

• 2020 - CrFuzz: Fuzzing Multi-purpose Programs through InputValidation
• 2020 - EPfuzzer: Improving Hybrid Fuzzing with Hardest-to-reach Branch Prioritization
• 2020 - Fuzzing Based on Function Importance by Attributed Call Graph
• 2020 - UNIFUZZ: A Holistic and Pragmatic Metrics-Driven Platform for Evaluating Fuzzers
• 2020 - PathAFL: Path-Coverage Assisted Fuzzing
• 2020 - Path Sensitive Fuzzing for Native Applications
• 2020 - UniFuzz: Optimizing Distributed Fuzzing via Dynamic Centralized Task Scheduling
• 2020 - Symbolic execution with SymCC: Don’t interpret, compile!
• 2020 - Fuzzing Error Handling Code using Context-Sensitive Software Fault Injection
• 2020 - SpecFuzz: Bringing Spectre-type vulnerabilities to the surface
• 2020 - Zeror: Speed Up Fuzzing with Coverage-sensitive Tracing and Scheduling
• 2020 - MUZZ: Thread-aware Grey-box Fuzzing for Effective Bug Hunting in Multithreaded Programs
• 2020 - Evolutionary Grammar-Based Fuzzing
• 2020 - AFLpro: Direction sensitive fuzzing
• 2020 - WEIZZ: Automatic Grey-Box Fuzzing for Structured Binary Formats
• 2020 - AFL++: Combining Incremental Steps of Fuzzing Research
• 2020 - CSI-Fuzz: Full-speed Edge Tracing Using Coverage Sensitive Instrumentation
• 2020 - Scalable Greybox Fuzzing for Effective Vulnerability Management DISS
• 2020 - HotFuzz Discovering Algorithmic Denial-of-Service Vulnerabilities through Guided Micro-Fuzzing
• 2020 - Fuzzing Binaries for Memory Safety Errors with QASan
• 2020 - Suzzer: A Vulnerability-Guided Fuzzer Based on Deep Learning
• 2020 - IJON: Exploring Deep State Spaces via Fuzzing
• 2020 - Binary-level Directed Fuzzing for Use-After-Free Vulnerabilities
• 2020 - AFLNET: A Greybox Fuzzer for Network Protocols
• 2020 - PANGOLIN: Incremental Hybrid Fuzzing with Polyhedral Path Abstraction
• 2020 - UEFI Firmware Fuzzing with Simics Virtual Platform
• 2020 - Finding Security Vulnerabilities in Network Protocol Implementations
• 2020 - Typestate-Guided Fuzzer for Discovering Use-after-Free Vulnerabilities
• 2020 - FuzzGuard: Filtering out Unreachable Inputs in Directed Grey-box Fuzzing through Deep Learning
• 2020 - HyDiff: Hybrid Differential Software Analysis
• 2019 - Engineering a Better Fuzzer with SynergicallyIntegrated Optimizations
• 2019 - Superion: Grammar-Aware Greybox Fuzzing
• 2019 - ProFuzzer: On-the-fly Input Type Probing for Better Zero-day Vulnerability Discovery
• 2019 - Grimoire: Synthesizing Structure while Fuzzing
• 2019 - Ptrix: Efficient Hardware-Assisted Fuzzing for COTS Binary
• 2019 - SAVIOR: Towards Bug-Driven Hybrid Testing
• 2019 - Matryoshka: Fuzzing Deeply Nested Branches
• 2019 - FUDGE: Fuzz Driver Generation at Scale
• 2019 - NAUTILUS: Fishing for Deep Bugs with Grammars
• 2019 - Send Hardest Problems My Way: Probabilistic Path Prioritization for Hybrid Fuzzing
• 2019 - EnFuzz: Ensemble Fuzzing with Seed Synchronization among Diverse Fuzzers
• 2018 - Angora: Efficient Fuzzing by Principled Search
• 2018 - FairFuzz: A Targeted Mutation Strategy for Increasing Greybox Fuzz Testing Coverage
• 2018 - NEUZZ: Efficient Fuzzing with Neural Program Smoothing
• 2018 - CollAFL: path Sensitive Fuzzing
• 2018 - Full-speed Fuzzing: Reducing Fuzzing Overhead through Coverage-guided Tracing
• 2018 - QSYM: A Practical Concolic Execution Engine Tailored for Hybrid Fuzzing
• 2018 - Coverage-based Greybox Fuzzing as Markov Chain
• 2018 - MoonShine: Optimizing OS Fuzzer Seed Selection with Trace Distillation
• 2018 - Singularity: Pattern Fuzzing for Worst Case Complexity
• 2018 - Smart Greybox Fuzzing
• 2018 - Hawkeye: Towards a Desired Directed Grey-box Fuzzer
• 2018 - PerfFuzz: Automatically Generating Pathological Inputs
• 2018 - FairFuzz: A Targeted Mutation Strategy for Increasing Greybox Fuzz Testing Coverage
• 2018 - Enhancing Memory Error Detection forLarge-Scale Applications and Fuzz Testing
• 2018 - T-Fuzz: fuzzing by program transformation
• 2017 - IMF: Inferred Model-based Fuzzer
• 2017 - Synthesizing Program Input Grammars
• 2017 - Stateful Fuzzing of Wireless Device Drivers in an Emulated Environment
• 2017 - Steelix: Program-State Based Binary Fuzzing
• 2017 - Designing New Operating Primitives to ImproveFuzzing Performance
• 2017 - VUzzer: Application-aware Evolutionary Fuzzing
• 2017 - DIFUZE: Interface Aware Fuzzing for Kernel Drivers
• 2017 - Instruction Punning: Lightweight Instrumentation for x86-64
• 2017 - Designing New Operating Primitives to Improve Fuzzing Performance
• 2014 - Optimizing Seed Selection for Fuzzing
• 2014 - A Large-Scale Analysis of the Security of Embedded Firmwares
• 2013 - Scheduling Black-box Mutational Fuzzing
• 2013 - Dowsing for Overflows: A Guided Fuzzer to Find Buffer Boundary Violations
• 2013 - RPFuzzer: A Framework for Discovering Router Protocols Vulnerabilities Based on Fuzzing
• 2011 - Offset-Aware Mutation based Fuzzing for Buffer Overflow Vulnerabilities: Few Preliminary Results
• 2010 - TaintScope: A Checksum-Aware Directed Fuzzing Tool for Automatic Software Vulnerability Detection
• 2009 - Taint-based Directed Whitebox Fuzzing
• 2009 - Dynamic Test Generation To Find Integer Bugs in x86 Binary Linux Programs
• 2008 - Grammar-based Whitebox Fuzzing
• 2008 - Vulnerability Analysis for X86 Executables Using Genetic Algorithm and Fuzzing
• 2008 - Fuzzing Wi-Fi Drivers to Locate Security Vulnerabilities
• 2008 - KLEE: Unassisted and Automatic Generation of High-Coverage Tests for Complex Systems Programs
• 2008 - Automated Whitebox Fuzz Testing
• 2005 - DART: Directed Automated Random Testing

IoT fuzzing

• 2020 - ARM-AFL: Coverage-Guided Fuzzing Framework for ARM-Based IoT Devices
• 2020 - Bug detection in embedded environments by fuzzing and symbolic execution
• 2020 - FirmXRay: Detecting Bluetooth Link Layer Vulnerabilities From Bare-Metal Firmware
• 2020 - EM-Fuzz: Augmented Firmware Fuzzing via Memory Checking
• 2020 - Verification of Embedded Binaries using Coverage-guided Fuzzing with System C-based Virtual Prototypes
• 2020 - DICE: Automatic Emulation of DMA Input Channels for Dynamic Firmware Analysis
• 2020 - Fw‐fuzz: A code coverage‐guided fuzzing framework for network protocols on firmware
• 2020 - TAINT-DRIVEN FIRMWARE FUZZING OF EMBEDDED SYSTEMS THESIS
• 2020 - A Dynamic Instrumentation Technology for IoT Devices
• 2020 - Vulcan: a state-aware fuzzing tool for wear OS ecosystem
• 2020 - A Novel Concolic Execution Approach on Embedded Device
• 2020 - HFuzz: Towards automatic fuzzing testing of NB-IoT core network protocols implementations
• 2020 - FIRMCORN: Vulnerability-Oriented Fuzzing of IoT Firmware via Optimized Virtual Execution
• 2018 - IoTFuzzer: Discovering Memory Corruptions in IoT Through App-based Fuzzing
• 2017 - Towards Automated Dynamic Analysis for Linux-based Embedded Firmware
• 2016 - Scalable Graph-based Bug Search for Firmware Images
• 2015 - SURROGATES: Enabling Near-Real-Time Dynamic Analyses of Embedded Systems
• 2015 - Firmalice - Automatic Detection of Authentication Bypass Vulnerabilities in Binary Firmware
• 2014 - A Large-Scale Analysis of the Security of Embedded Firmwares
• 2013 - RPFuzzer: A Framework for Discovering Router Protocols Vulnerabilities Based on Fuzzing

Kernel fuzzing

• 2020 - FINDING RACE CONDITIONS IN KERNELS:FROM FUZZING TO SYMBOLIC EXECUTION - THESIS
• 2020 - Agamotto: Accelerating Kernel Driver Fuzzing with Lightweight Virtual Machine Checkpoints
• 2020 - X-AFL: a kernel fuzzer combining passive and active fuzzing
• 2020 - Identification of Kernel Memory Corruption Using Kernel Memory Secret Observation Mechanism
• 2020 - HFL: Hybrid Fuzzing on the Linux Kernel
• 2020 - Realistic Error Injection for System Calls
• 2020 - KRACE: Data Race Fuzzing for Kernel File Systems
• 2020 - USBFuzz: A Framework for Fuzzing USB Drivers by Device Emulation
• 2019 - Fuzzing File Systems via Two-Dimensional Input Space Exploration
• 2019 - Razzer: Finding Kernel Race Bugs through Fuzzing
• 2019 - Unicorefuzz: On the Viability of Emulation for Kernel space Fuzzing
• 2017 - Stateful Fuzzing of Wireless Device Drivers in an Emulated Environment
• 2017 - DIFUZE: Interface Aware Fuzzing for Kernel Drivers
• 2008 - Fuzzing Wi-Fi Drivers to Locate Security Vulnerabilities

Format specific fuzzing

• 2020 - Tree2tree Structural Language Modeling for Compiler Fuzzing
• 2020 - Detecting Critical Bugs in SMT Solvers Using Blackbox Mutational Fuzzing
• 2020 - JS Engine - Montage: A Neural Network Language Model-Guided JavaScript Engine Fuzzer
• 2020 - JS Engine - Fuzzing JavaScript Engines with Aspect-preserving Mutation
• 2020 - CUDA Compiler - CUDAsmith: A Fuzzer for CUDA Compilers
• 2020 - Smart Contracts - sFuzz: An Efficient Adaptive Fuzzer for Solidity Smart Contracts
• 2019 - Compiler Fuzzing: How Much Does It Matter?
• 2019 - Smart Contracts - Harvey: A Greybox Fuzzer for Smart Contracts
• 2017 - XML - Skyfire: Data-Driven Seed Generation for Fuzzing

Exploitation

• 2020 - Localizing Patch Points From One Exploit
• 2020 - Speculative Dereferencing of Registers: Reviving Foreshadow
• 2020 - HAEPG: An Automatic Multi-hop Exploitation Generation Framework
• 2020 - Exploiting More Binaries by Using Planning to Assemble ROP Exploiting More Binaries by Using Planning to Assemble ROP Attacks Attacks
• 2020 - ROPminer: Learning-Based Static Detection of ROP Chain Considering Linkability of ROP Gadgets
• 2020 - KOOBE: Towards Facilitating Exploit Generation of Kernel Out-Of-Bounds Write Vulnerabilities
• 2020 - Preventing Return Oriented Programming Attacks By Preventing Return Instruction Pointer Overwrites
• 2020 - KASLR: Break It, Fix It, Repeat
• 2020 - ShadowGuard : Optimizing the Policy and Mechanism of Shadow Stack Instrumentation using Binary Static Analysis
• 2020 - VulHunter: An Automated Vulnerability Detection System Based on Deep Learning and Bytecode
• 2020 - Analysis and Evaluation of ROPInjector
• 2020 - API Misuse Detection in C Programs: Practice on SSL APIs
• 2020 - KOOBE: Towards Facilitating Exploit Generation of Kernel Out-Of-Bounds Write Vulnerabilities
• 2020 - Egalito: Layout-Agnostic Binary Recompilation
• 2020 - Verifying Software Vulnerabilities in IoT Cryptographic Protocols
• 2020 - μRAI: Securing Embedded Systems with Return Address Integrity
• 2020 - Preventing Return Oriented Programming Attacks By Preventing Return Instruction Pointer Overwrites
• 2019 - Kernel Protection Against Just-In-Time Code Reuse
• 2019 - Kernel Exploitation Via Uninitialized Stack
• 2019 - KEPLER: Facilitating Control-flow Hijacking Primitive Evaluation for Linux Kernel Vulnerabilities
• 2019 - SLAKE: Facilitating Slab Manipulation for Exploiting Vulnerabilities in the Linux Kernel
• 2018 - K-Miner: Uncovering Memory Corruption in Linux
• 2017 - DROP THE ROP: Fine-grained Control-flow Integrity for the Linux Kernel
• 2017 - kR^X: Comprehensive Kernel Protection against Just-In-Time Code Reuse
• 2017 - Unleashing Use-Before-Initialization Vulnerabilities in the Linux Kernel Using Targeted Stack Spraying
• 2017 - Towards Automated Dynamic Analysis for Linux-based Embedded Firmware
• 2016 - Scalable Graph-based Bug Search for Firmware Images
• 2015 - Cross-Architecture Bug Search in Binary Executables
• 2015 - SURROGATES: Enabling Near-Real-Time Dynamic Analyses of Embedded Systems
• 2015 - From Collision To Exploitation: Unleashing Use-After-Free Vulnerabilities in Linux Kernel
• 2015 - PIE: Parser Identification in Embedded Systems
• 2014 - ret2dir: Rethinking Kernel Isolation
• 2014 - Make It Work, Make It Right, Make It Fast: Building a Platform-Neutral Whole-System Dynamic Binary Analysis Platform
• 2012 - Anatomy of a Remote Kernel Exploit
• 2012 - A Heap of Trouble: Breaking the LinuxKernel SLOB Allocator
• 2011 - Linux kernel vulnerabilities: state-of-the-art defenses and open problems
• 2011 - Protecting the Core: Kernel Exploitation Mitigations
• 2015 - From Collision To Exploitation: Unleashing Use-After-Free Vulnerabilities in Linux Kernel
• 2014 - ret2dir: Rethinking Kernel Isolation
• 2012 - Anatomy of a Remote Kernel Exploit
• 2012 - A Heap of Trouble: Breaking the Linux Kernel SLOB Allocator
• 2011 - Linux kernel vulnerabilities: state-of-the-art defenses and open problems
• 2011 - Protecting the Core: Kernel Exploitation Mitigations

Static Binary Analysis

• 2020 - HART: Hardware-Assisted Kernel Module Tracing on Arm
• 2020 - AN APPROACH TO COMPARING CONTROL FLOW GRAPHS BASED ON BASIC BLOCK MATCHING
• 2020 - How Far We Have Come: Testing Decompilation Correctness of C Decompilers
• 2020 - Dynamic Binary Lifting and Recompilation DISS
• 2020 - Similarity Based Binary Backdoor Detection via Attributed Control Flow Graph
• 2020 - IoTSIT: A Static Instrumentation Tool for IoT Devices
• 2019 - Code Similarity Detection using AST and Textual Information
• 2018 - CodEX: Source Code Plagiarism DetectionBased on Abstract Syntax Trees
• 2017 - rev.ng: a unified binary analysis framework to recover CFGs and function boundaries
• 2017 - Angr: The Next Generation of Binary Analysis
• 2016 - Binary code is not easy
• 2015 - Cross-Architecture Bug Search in Binary Executables
• 2014 - A platform for secure static binary instrumentation
• 2013 - MIL: A language to build program analysis tools through static binary instrumentation
• 2013 - Binary Code Analysis
• 2013 - A compiler-level intermediate representation based binary analysis and rewriting system
• 2013 - Protocol reverse engineering through dynamic and static binary analysis
• 2013 - BinaryPig: Scalable Static Binary Analysis Over Hadoop
• 2011 - BAP: A Binary Analysis Platform
• 2009 - Syntax tree fingerprinting for source code similarity detection
• 2008 - BitBlaze: A New Approach to Computer Security via Binary Analysis
• 2005 - Practical analysis of stripped binary code
• 2004 - Detecting kernel-level rootkits through binary analysis

Misc

• 2020 - MVP: Detecting Vulnerabilities using Patch-Enhanced Vulnerability Signatures
• 2020 - Collecting Vulnerable Source Code from Open-Source Repositories for Dataset Generation
• 2020 - LEOPARD: Identifying Vulnerable Code for Vulnerability Assessment through Program Metrics
• 2020 - Dynamic Program Analysis Tools in GCC and CLANG Compilers
• 2020 - On Using k-means Clustering for Test Suite Reduction
• 2020 - Optimizing the Parameters of an Evolutionary Algorithm for Fuzzing and Test Data Generation
• 2020 - Inputs from Hell: Learning Input Distributions for Grammar-Based Test Generation
• 2020 - IdSan: An identity-based memory sanitizer for fuzzing binaries
• 2020 - An experimental study oncombining automated andstochastic test data generation - MASTER THESIS
• 2020 - FuzzGen: Automatic Fuzzer Generation
• 2020 - Fuzzing: On the Exponential Cost of Vulnerability Discovery
• 2020 - Efficient Binary-Level Coverage Analysis
• 2020 - Poster: Debugging Inputs
• 2020 - API Misuse Detection in C Programs: Practice on SSL APIs
• 2020 - Egalito: Layout-Agnostic Binary Recompilation
• 2020 - Verifying Software Vulnerabilities in IoT Cryptographic Protocols
• 2020 - μRAI: Securing Embedded Systems with Return Address Integrity
• 2020 - Fast Bit-Vector Satisfiability
• 2020 - MARDU: Efficient and Scalable Code Re-randomization
• 2020 - Towards formal verification of IoT protocols: A Review
• 2020 - Automating the fuzzing triage process
• 2020 - Test-Case Reduction via Test-Case Generation: Insights From the Hypothesis Reducer
• 2020 - COMPARING AFL SCALABILITY IN VIRTUAL-AND NATIVE ENVIRONMENT
• 2020 - SYMBION: Interleaving Symbolic with Concrete Execution
• 2020 - Not All Coverage Measurements Are Equal: Fuzzing by Coverage Accounting for Input Prioritization
• 2019 - Toward the Analysis of Embedded Firmware through Automated Re-hosting
• 2019 - FUZZIFICATION: Anti-Fuzzing Techniques
• 2018 - VulinOSS: A Dataset of Security Vulnerabilities in Open-source Systems
• 2017 - VUDDY: A Scalable Approach for Vulnerable CodeClone Discovery
• 2017 - Postmortem Program Analysis with Hardware-Enhanced Post-Crash Artifacts
• 2017 - Synthesizing Program Input Grammars
• 2017 - Designing New Operating Primitives to Improve Fuzzing Performance
• 2017 - Instruction Punning: Lightweight Instrumentation for x86-64
• 2016 - VulPecker: An Automated Vulnerability Detection SystemBased on Code Similarity Analysis
• 2016 - CREDAL: Towards Locating a Memory Corruption Vulnerability with Your Core Dump
• 2016 - RETracer: Triaging Crashes by Reverse Execution fromPartial Memory Dumps
• 2015 - PIE: Parser Identification in Embedded Systems
• 2014 - Optimizing Seed Selection for Fuzzing
• 2009 - Dynamic Test Generation To Find Integer Bugs in x86 Binary Linux Programs

Surveys, SoKs, and Studies

• 2020 - Fuzzing: Challenges and Reflections
• 2020 - The Relevance of Classic Fuzz Testing: Have We Solved This One?
• 2020 - A Practical, Principled Measure of Fuzzer Appeal:A Preliminary Study
• 2020 - SoK: All You Ever Wanted to Know About x86/x64 Binary Disassembly But Were Afraid to Ask
• 2020 - A Quantitative Comparison of Coverage-Based Greybox Fuzzers
• 2020 - A Survey of Security Vulnerability Analysis, Discovery, Detection, and Mitigation on IoT Devices