Sailfish: Vetting smart contract state-inconsistency bugs in seconds
This paper presents SAILFISH, a scalable system for automatically finding state-
inconsistency bugs in smart contracts. To make the analysis tractable, we introduce a hybrid …
inconsistency bugs in smart contracts. To make the analysis tractable, we introduce a hybrid …
A tale of two worlds: Assessing the vulnerability of enclave shielding runtimes
This paper analyzes the vulnerability space arising in Trusted Execution Environments
(TEEs) when interfacing a trusted enclave application with untrusted, potentially malicious …
(TEEs) when interfacing a trusted enclave application with untrusted, potentially malicious …
[PDF][PDF] HFL: Hybrid Fuzzing on the Linux Kernel.
Hybrid fuzzing, combining symbolic execution and fuzzing, is a promising approach for
vulnerability discovery because each approach can complement the other. However, we …
vulnerability discovery because each approach can complement the other. However, we …
Where does it go? refining indirect-call targets with multi-layer type analysis
System software commonly uses indirect calls to realize dynamic program behaviors.
However, indirect-calls also bring challenges to constructing a precise control-flow graph …
However, indirect-calls also bring challenges to constructing a precise control-flow graph …
Retrofitting fine grain isolation in the Firefox renderer
Firefox and other major browsers rely on dozens of third-party libraries to render audio,
video, images, and other content. These libraries are a frequent source of vulnerabilities. To …
video, images, and other content. These libraries are a frequent source of vulnerabilities. To …
{In-Kernel}{Control-Flow} integrity on commodity {OSes} using {ARM} pointer authentication
This paper presents an in-kernel, hardware-based control-flow integrity (CFI) protection,
called PAL, that utilizes ARM's Pointer Authentication (PA). It provides three important …
called PAL, that utilizes ARM's Pointer Authentication (PA). It provides three important …
Snowboard: Finding kernel concurrency bugs through systematic inter-thread communication analysis
Kernel concurrency bugs are challenging to find because they depend on very specific
thread interleavings and test inputs. While separately exploring kernel thread interleavings …
thread interleavings and test inputs. While separately exploring kernel thread interleavings …
Debloating address sanitizer
Y Zhang, C Pang, G Portokalidis… - 31st USENIX Security …, 2022 - usenix.org
Address Sanitizer (ASan) is a powerful memory error detector. It can detect various errors
ranging from spatial issues like out-of-bound accesses to temporal issues like use-after-free …
ranging from spatial issues like out-of-bound accesses to temporal issues like use-after-free …
NTFuzz: Enabling type-aware kernel fuzzing on windows with static binary analysis
Although it is common practice for kernel fuzzers to leverage type information of system
calls, current Windows kernel fuzzers do not follow the practice as most system calls are …
calls, current Windows kernel fuzzers do not follow the practice as most system calls are …
[PDF][PDF] Unleashing the power of type-based call graph construction by using regional pointer information
When dealing with millions of lines of C code, we still cannot have the cake and eat it: type
analysis for call graph construction is scalable yet highly imprecise. We address this …
analysis for call graph construction is scalable yet highly imprecise. We address this …