List of new target papers

[bbb1g]

List of target papers:

USENIX 2019

• [x] GRIMOIRE: Synthesizing Structure while Fuzzing
• [x] EnFuzz: Ensemble Fuzzing with Seed Synchronization among Diverse Fuzzers
• [x] RVFUZZER: Finding Input Validation Bugs in Robotic Vehicles Through Control-Guided Testing
• [x] FIRM-AFL: High-Throughput Greybox Fuzzing of IoT Firmware via Augmented Process Emulation

S&P 2019

• [x] Fuzzing File Systems via Two-Dimensional Input Space Exploration
• [x] NEUZZ: Efficient Fuzzing with Neural Program Smoothing
• [x] ProFuzzer: On-the-fly Input Type Probing for Better Zero-day Vulnerability Discovery
• [x] Razzer: Finding Kernel Race Bugs through Fuzzing
• [x] Touching the Untouchables: Dynamic Security Analysis of the LTE Control Plane

CCS 2019

• [x] Intriguer: Field-Level Constraint Solving for Hybrid Fuzzing
• [x] Matryoshka: Fuzzing Deeply Nested Branches
• [x] Learning to Fuzz from Symbolic Execution with Application to Smart Contracts

ASE 2019

• [ ] Coverage-guided Fuzzing for Feedforward Neural Networks poster
• [ ] DeepMutation++: a Mutation Testing Framework for Deep Learning Systems poster
• [x] History-Guided Configuration Diversification for Compiler Test-Program Generation
• [x] Learning-Guided Network Fuzzing for Testing Cyber-Physical System Defences
• [ ] VisFuzz: Understanding and Intervening Fuzzing with Interactive Visualization demo track

ICSE 2019

• [x] Deep Differential Testing of JVM Implementations
• [x] DIFFUZZ: Differential Fuzzing for Side-Channel Analysis
• [x] Grey-box Concolic Testing on Binary Code
• [x] Practical GUI Testing of Android Applications via Model Abstraction and Refinement
• [x] RESTler: Stateful REST API Fuzzing
• [x] SLF: Fuzzing without Valid Seed Inputs
• [x] Superion: Grammar-Aware Greybox Fuzzing

FSE 2019

• [x] Finding and Understanding Bugs in Software Model Checkers
• [x] Cerebro: Context-Aware Adaptive Fuzzing for Effective Vulnerability Detection

NDSS 2020

• [x] HYPER-CUBE: High-Dimensional Hypervisor Fuzzing
• [x] HFL: Hybrid Fuzzing on the Linux Kernel
• [ ] Data-Driven Debugging for Functional Side Channels not a fuzzer
• [x] HotFuzz: Discovering Algorithmic Denial-of-Service Vulnerabilities Through Guided Micro-Fuzzing
• [x] Not All Coverage Measurements Are Equal: Fuzzing by Coverage Accounting for Input Prioritization

USENIX 2020

• [x] MUZZ: Thread-aware Grey-box Fuzzing for Effective Bug Hunting in Multithreaded Programs
• [x] Analysis of DTLS Implementations Using Protocol State Fuzzing
• [x] GREYONE: Data Flow Sensitive Fuzzing
• [x] Fuzzing Error Handling Code using Context-Sensitive Software Fault Injection
• [x] Montage: A Neural Network Language Model-Guided JavaScript Engine Fuzzer
• [x] FANS: Fuzzing Android Native System Services via Automated Interface Analysis
• [x] Medusa: Microarchitectural Data Leakage via Automated Attack Synthesis
• [x] SpecFuzz
• [x] ParmeSan: Sanitizer-guided Greybox Fuzzing
• [x] USBFuzz: A Framework for Fuzzing USB Drivers by Device Emulation
• [x] Symbolic execution with SYMCC: Don’t interpret, compile!
• [x] Frankenstein: Advanced Wireless Fuzzing to Exploit New Bluetooth Escalation Targets
• [x] EcoFuzz: Adaptive Energy-Saving Greybox Fuzzing as a Variant of the Adversarial Multi-Armed Bandit

S&P 2020

• [x] Ex-vivo dynamic analysis framework for Android device drivers
• [x] Fuzzing JavaScript Engines with Aspect-preserving Mutation
• [x] KRACE: Data Race Fuzzing for Kernel File Systems
• [x] Neutaint: Efficient Dynamic Taint Analysis with Neural Networks
• [x] PANGOLIN: Incremental Hybrid Fuzzing with Polyhedral Path Abstraction
• [x] SAVIOR: Towards Bug-Driven Hybrid Testing
• [x] TRRespass: Exploiting the Many Sides of Target Row Refresh

ICSE 2020

• [x] Typestate-Guided Fuzzer for Discovering Use-after-Free Vulnerabilities
• [x] MemLock: Memory Usage Guided Fuzzing
• [x] Ankou: Guiding Grey-box Fuzzing towards Combinatorial Difference
• [x] JVM Fuzzing for JIT-Induced Side-Channel Detection
• [x] Targeted Greybox Fuzzing with Static Lookahead Analysis
• [x] Fuzz Testing based Data Augmentation to Improve Robustness of Deep Neural Networks
• [x] sFuzz: An Efficient Adaptive Fuzzer for Solidity Smart Contracts
• [x] HyDiff: Hybrid Differential Software Analysis

[sangkilc]

Added FIRM-AFL @ 72d39709e425b96a6202dd1f5c1f08ae5080fee5

[sangkilc]

Added NEUZZ and ILF @ 58c05300920cd09d7a8ad92d5084c40cce3a5cf5

[sangkilc]

Added two more

[Jiliac]

Almost done with 2019! Just ICSE left.

The two firsts and the last paper for ASE 2019 only have 4 pages. Probably they are workshop papers? Maybe we have something similar for USENIX 2020 since it seems a little too much to have 13 fuzzing papers in one conference?

[bbb1g]

Ok I'm gonna checkin

2020년 10월 11일 (일) 오전 3:36, Valentin notifications@github.com님이 작성:

Almost done with 2019! Just ICSE left.

The two firsts and the last paper for ASE 2019 only have 4 pages. Probably they are workshop papers? Maybe we have something similar for USENIX 2020 since it seems a little too much to have 13 fuzzing papers in one conference?

— You are receiving this because you were assigned. Reply to this email directly, view it on GitHub https://github.com/SoftSec-KAIST/Fuzzing-Survey/issues/8#issuecomment-706592876, or unsubscribe https://github.com/notifications/unsubscribe-auth/AHL43FPRSCCTKUFFADMVMULSKCSRLANCNFSM4R7XX5JQ .

[bbb1g]

For ASE, I downloaded all pdfs from this site: https://ieeexplore.ieee.org/xpl/conhome/8949433/proceeding

which included 'ASE 2019 Demonstrations'. We can just delete those 2 papers.

For Usenix Security 2020, I downloaded this file: https://www.usenix.org/sites/default/files/sec20_full_proceedings.pdf

and splited each articles with individual pdf files.

I don't know why there are that much fuzzing-related articles, but I think it is because there exist 'Fuzzing' Category, as follows :

Fuzzing 1 FuzzGuard: Filtering out Unreachable Inputs in Directed Grey-box Fuzzing through Deep Learning. . . . . . . . . . . 2255 Peiyuan Zong, Tao Lv, Dawei Wang, Zizhuang Deng, Ruigang Liang, and Kai Chen, SKLOIS, Institute of Information Engineering, Chinese Academy of Sciences, Beijing, China FuzzGen: Automatic Fuzzer Generation. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 2271 Kyriakos Ispoglou, Daniel Austin, and Vishwath Mohan, Google Inc.; Mathias Payer, EPFL ParmeSan: Sanitizer-guided Greybox Fuzzing. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 2289 Sebastian Österlund, Kaveh Razavi, Herbert Bos, and Cristiano Giuffrida, Vrije Universiteit Amsterdam EcoFuzz: Adaptive Energy-Saving Greybox Fuzzing as a Variant of the Adversarial Multi-Armed Bandit. . . . . . . 2307 Tai Yue, Pengfei Wang, Yong Tang, Enze Wang, Bo Yu, Kai Lu, and Xu Zhou, National University of Defense Technology Muzz: Thread-aware Grey-box Fuzzing for Effective Bug Hunting in Multithreaded Programs. . . . . . . . . . . . . . . . 2325 Hongxu Chen, University of Science and Technology of China and Nayang Technological University; Shengjian Guo, Baidu Security; Yinxing Xue, University of Science and Technology of China; Yulei Sui, University of Technology Sydney; Cen Zhang and Yuekang Li, Nanyang Technological University; Haijun Wang, Ant Financial Services Group; Yang Liu, Nanyang Technological University

Fuzzing 2 Analysis of DTLS Implementations Using Protocol State Fuzzing. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 2523 Paul Fiterau-Brostean and Bengt Jonsson, Uppsala University; Robert Merget, Ruhr-University Bochum; Joeri de Ruiter, SIDN Labs; Konstantinos Sagonas, Uppsala University; Juraj Somorovsky, Paderborn University Agamotto: Accelerating Kernel Driver Fuzzing with Lightweight Virtual Machine Checkpoints. . . . . . . . . . . . . . . 2541 Dokyung Song, University of California, Irvine; Felicitas Hetzelt, Technische Universität Berlin; Jonghwan Kim and Brent Byunghoon Kang, KAIST; Jean-Pierre Seifert, Technische Universität Berlin; Michael Franz, University of California, Irvine USBFuzz: A Framework for Fuzzing USB Drivers by Device Emulation. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 2559 Hui Peng, Purdue University; Mathias Payer, EPFL GreyOne: Data Flow Sensitive Fuzzing. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 2577 Shuitao Gan, State Key Laboratory of Mathematical Engineering and Advanced Computing; Chao Zhang, Institute for Network Sciences and Cyberspace of Tsinghua University; Beijing National Research Center for Information Science and Technology; Peng Chen, ByteDance Inc.; Bodong Zhao, Institute for Network Science and Cyberspace, Tsinghua University; Xiaojun Qin and Dong Wu, State Key Laboratory of Mathematical Engineering and Advanced Computing; Zuoning Chen, National Research Center of Parallel Computer Engineering and Technology Fuzzing Error Handling Code using Context-Sensitive Software Fault Injection. . . . . . . . . . . . . . . . . . . . . . . . . . . . . 2595 Zu-Ming Jiang and Jia-Ju Bai, Tsinghua University; Kangjie Lu, University of Minnesota; Shi-Min Hu, Tsinghua University Montage: A Neural Network Language Model-Guided JavaScript Engine Fuzzer. . . . . . . . . . . . . . . . . . . . . . . . . . . 2613 Suyoung Lee, HyungSeok Han, Sang Kil Cha, and Sooel Son, KAIST

I'm newbie for this area, so I have no idea if this full-proceedings include workshop or something. Can u double-check for this articles?

2020년 10월 11일 (일) 오전 8:20, 이준오 dlwnsdh3@gmail.com님이 작성:

Ok I'm gonna checkin

2020년 10월 11일 (일) 오전 3:36, Valentin notifications@github.com님이 작성:

Almost done with 2019! Just ICSE left.

The two firsts and the last paper for ASE 2019 only have 4 pages. Probably they are workshop papers? Maybe we have something similar for USENIX 2020 since it seems a little too much to have 13 fuzzing papers in one conference?

— You are receiving this because you were assigned. Reply to this email directly, view it on GitHub https://github.com/SoftSec-KAIST/Fuzzing-Survey/issues/8#issuecomment-706592876, or unsubscribe https://github.com/notifications/unsubscribe-auth/AHL43FPRSCCTKUFFADMVMULSKCSRLANCNFSM4R7XX5JQ .

[sangkilc]

Fixed the list and added two more

[sangkilc]

Added two more

[sangkilc]

We need to add SlowFuzz from CCS'17: "https://dl.acm.org/doi/10.1145/3133956.3134073". For some reason, it is missing in our db.

[sangkilc]

Done with NDSS 2020

[Jiliac]

And we are done 🚀