Interpreters for GNN-based vulnerability detection: Are we there yet?
Traditional vulnerability detection methods have limitations due to their need for extensive
manual labor. Using automated means for vulnerability detection has attracted research …
manual labor. Using automated means for vulnerability detection has attracted research …
Selectfuzz: Efficient directed fuzzing with selective path exploration
Directed grey-box fuzzers specialize in testing specific target code. They have been applied
to many security applications such as reproducing known crashes and detecting …
to many security applications such as reproducing known crashes and detecting …
GraphSPD: Graph-based security patch detection with enriched code semantics
With the increasing popularity of open-source software, embedded vulnerabilities have been
widely propagating to downstream software. Due to different maintenance policies, software …
widely propagating to downstream software. Due to different maintenance policies, software …
Patchdb: A large-scale security patch dataset
Security patches, embedding both vulnerable code and the corresponding fixes, are of great
significance to vulnerability detection and software maintenance. However, the existing …
significance to vulnerability detection and software maintenance. However, the existing …
{RapidPatch}: firmware hotpatching for {Real-Time} embedded devices
Nowadays real-time embedded devices are becoming one main target of cyber attacks. A
huge number of embedded devices equipped with outdated firmware are subject to various …
huge number of embedded devices equipped with outdated firmware are subject to various …
Critical code guided directed greybox fuzzing for commits
Newly submitted commits are prone to introducing vulnerabilities into programs. As a
promising countermeasure, directed greybox fuzzers can be employed to test commit …
promising countermeasure, directed greybox fuzzers can be employed to test commit …
Playing for {K (H) eaps}: Understanding and improving linux kernel exploit reliability
The dynamic of the Linux kernel heap layout significantly impacts the reliability of kernel
heap exploits, making exploitability assessment challenging. Though techniques have been …
heap exploits, making exploitability assessment challenging. Though techniques have been …
An investigation of the android kernel patch ecosystem
open-source projects are often reused in commercial software. Android, a popular mobile
operating system, is a great example that has fostered an ecosystem of open-source …
operating system, is a great example that has fostered an ecosystem of open-source …
{Syzscope}: Revealing {high-risk} security impacts of {fuzzer-exposed} bugs in linux kernel
Fuzzing has become one of the most effective bug finding approach for software. In recent
years, 24* 7 continuous fuzzing platforms have emerged to test critical pieces of software …
years, 24* 7 continuous fuzzing platforms have emerged to test critical pieces of software …
[PDF][PDF] On the feasibility of stealthily introducing vulnerabilities in open-source software via hypocrite commits
Open source software (OSS) has thrived since the forming of Open Source Initiative in 1998.
A prominent example is the Linux kernel, which has been used by numerous major software …
A prominent example is the Linux kernel, which has been used by numerous major software …