Posted in 2021

Conceptually, a fuzzing test starts with generating massive normal and abnormal inputs to target applications, and try to detect exceptions by feeding the generated inputs to the target applications and monitoring the execution states. 1

Fuzzing with AFL workshop: AFL training

SeqTrans: Automatic Vulnerability Fix via Sequence to Sequence Learning

Link: https://arxiv.org/pdf/2010.10805

Software vulnerability can be viewed as a specific category of bugs that are still mainly solved by programmers’ manual efforts. An automated method based on Neural Machine Translation (NMT), which is previously used for bugs repairs, can also be transfered to target on the vulnerability fixes after fine-tuning.

LIGHTBLUE: Automatic Profile-Aware Debloating of Bluetooth Stacks (USENIX Security’21)

Paper & Presentation: https://www.usenix.org/conference/usenixsecurity21/presentation/wu-jianliang

Bluetooth standards and their implementations are diverse and complex, which contains many functionalities that never be required in the common scenarios. Those useless parts actually extend the attack surface.

Asleep at the Keyboard? Assessing the Security of GitHub Copilot’s Code Contributions

A Survey on Firmware Security

Automatic Firmware Emulation through Invalidity-guided Knowledge Inference

A Survey on Security of Automatic Generated Code

Reinforcement Learning-based Hierarchical Seed Scheduling for Greybox Fuzzing

A Survey on Fuzzing

SeqTrans: Automatic Vulnerability Fix via Sequence to Sequence Learning

LIGHTBLUE: Automatic Profile-Aware Debloating of Bluetooth Stacks (USENIX Security’21)