A survey of symbolic execution techniques

R Baldoni, E Coppa, DC D'elia, C Demetrescu… - ACM Computing …, 2018 - dl.acm.org
Many security and software testing applications require checking whether certain properties
of a program hold for any possible usage scenario. For instance, a tool for identifying …

A survey of binary code similarity

IU Haq, J Caballero - Acm computing surveys (csur), 2021 - dl.acm.org
Binary code similarityapproaches compare two or more pieces of binary code to identify their
similarities and differences. The ability to compare binary code enables many real-world …

Unleashing mayhem on binary code

SK Cha, T Avgerinos, A Rebert… - 2012 IEEE Symposium …, 2012 - ieeexplore.ieee.org
In this paper we present Mayhem, a new system for automatically finding exploitable bugs in
binary (ie, executable) programs. Every bug reported by Mayhem is accompanied by a …

S2E: A platform for in-vivo multi-path analysis of software systems

V Chipounov, V Kuznetsov, G Candea - Acm Sigplan Notices, 2011 - dl.acm.org
This paper presents S2E, a platform for analyzing the properties and behavior of software
systems. We demonstrate S2E's use in developing practical tools for comprehensive …

Program-adaptive mutational fuzzing

SK Cha, M Woo, D Brumley - 2015 IEEE Symposium on …, 2015 - ieeexplore.ieee.org
We present the design of an algorithm to maximize the number of bugs found for black-box
mutational fuzzing given a program and a seed input. The major intuition is to leverage white …

BAP: A binary analysis platform

D Brumley, I Jager, T Avgerinos… - … , UT, USA, July 14-20, 2011 …, 2011 - Springer
BAP is a publicly available infrastructure for performing program verification and analysis
tasks on binary (ie, executable) code. In this paper, we describe BAP as well as lessons …

Automatic exploit generation

T Avgerinos, SK Cha, A Rebert, EJ Schwartz… - Communications of the …, 2014 - dl.acm.org
Automatic exploit generation Page 1 contributed articles 74 CoMMuniCations of the aCM |
feBRuARy 2014 | voL. 57 | No. 2 aTTacKers commonLy eXpLoIT buggy programs to break into …

{BYTEWEIGHT}: Learning to recognize functions in binary code

T Bao, J Burket, M Woo, R Turner… - 23rd USENIX Security …, 2014 - usenix.org
Function identification is a fundamental challenge in reverse engineering and binary
program analysis. For instance, binary rewriting and control flow integrity rely on accurate …

Enhancing symbolic execution with veritesting

T Avgerinos, A Rebert, SK Cha, D Brumley - Proceedings of the 36th …, 2014 - dl.acm.org
We present MergePoint, a new binary-only symbolic execution system for large-scale and
fully unassisted testing of commodity off-the-shelf (COTS) software. MergePoint introduces …

ISA Semantics for ARMv8-a, RISC-v, and CHERI-MIPS

A Armstrong, T Bauereiss, B Campbell, A Reid… - Proceedings of the …, 2019 - dl.acm.org
Architecture specifications notionally define the fundamental interface between hardware
and software: the envelope of allowed behaviour for processor implementations, and the …