Yuekang Li scite author profile

Existing coverage-based fuzzers usually use the individual control flow graph (CFG) edge coverage to guide the fuzzing process, which has shown great potential in finding vulnerabilities. However, CFG edge coverage is not effective in discovering vulnerabilities such as use-after-free (UaF). This is because, to trigger UaF vulnerabilities, one needs not only to cover individual edges, but also to traverse some (long) sequence of edges in a particular order, which is challenging for existing fuzzers. To this end, we propose to model UaF vulnerabilities as typestate properties, and develop a typestateguided fuzzer, named UAFL, for discovering vulnerabilities violating typestate properties. Given a typestate property, we first perform a static typestate analysis to find operation sequences potentially violating the property. Our fuzzing process is then guided by the operation sequences in order to progressively generate test cases triggering property violations. In addition, we also employ an information flow analysis to improve the efficiency of the fuzzing process. We have performed a thorough evaluation of UAFL on 14 widely-used real-world programs. The experiment results show that UAFL substantially outperforms the state-of-the-art fuzzers, including AFL, AFLFast, FairFuzz, MOpt, Angora and QSYM, in terms of the time taken to discover vulnerabilities. We have discovered 10 previously unknown vulnerabilities, and received 5 new CVEs. CCS CONCEPTS• Security and privacy → Software security engineering.

show abstract

DiffChaser: Detecting Disagreements for Deep Neural Networks

Xie

Ма

Wang

et al. 2019

View full text Add to dashboard Cite

The platform migration and customization have become an indispensable process of deep neural network (DNN) development lifecycle. A high-precision but complex DNN trained in the cloud on massive data and powerful GPUs often goes through an optimization phase (e.g, quantization, compression) before deployment to a target device (e.g, mobile device). A test set that effectively uncovers the disagreements of a DNN and its optimized variant provides certain feedback to debug and further enhance the optimization procedure. However, the minor inconsistency between a DNN and its optimized version is often hard to detect and easily bypasses the original test set. This paper proposes DiffChaser, an automated black-box testing framework to detect untargeted/targeted disagreements between version variants of a DNN. We demonstrate 1) its effectiveness by comparing with the state-of-the-art techniques, and 2) its usefulness in real-world DNN product deployment involved with quantization and optimization.

show abstract

Efficient greybox fuzzing of applications in Linux-based IoT devices via enhanced user-mode emulation

Zheng

Zhang

et al. 2022

View full text Add to dashboard Cite

Hawkeye

Chen

Xue

et al. 2018

157

View full text Add to dashboard Cite

LEOPARD: Identifying Vulnerable Code for Vulnerability Assessment Through Program Metrics

Chen

et al. 2019

View full text Add to dashboard Cite

Identifying potentially vulnerable locations in a code base is critical as a pre-step for effective vulnerability assessment; i.e., it can greatly help security experts put their time and effort to where it is needed most. Metric-based and pattern-based methods have been presented for identifying vulnerable code. The former relies on machine learning and cannot work well due to the severe imbalance between non-vulnerable and vulnerable code or lack of features to characterize vulnerabilities. The latter needs the prior knowledge of known vulnerabilities and can only identify similar but not new types of vulnerabilities.In this paper, we propose and implement a generic, lightweight and extensible framework, LEOPARD, to identify potentially vulnerable functions through program metrics. LEOPARD requires no prior knowledge about known vulnerabilities. It has two steps by combining two sets of systematically derived metrics. First, it uses complexity metrics to group the functions in a target application into a set of bins. Then, it uses vulnerability metrics to rank the functions in each bin and identifies the top ones as potentially vulnerable. Our experimental results on 11 real-world projects have demonstrated that, LEOPARD can cover 74.0% of vulnerable functions by identifying 20% of functions as vulnerable and outperform machine learning-based and static analysis-based techniques. We further propose three applications of LEOPARD for manual code review and fuzzing, through which we discovered 22 new bugs in real applications like PHP, radare2 and FFmpeg, and eight of them are new vulnerabilities.

show abstract

Cerebro: context-aware adaptive fuzzing for effective vulnerability detection

Xue

Chen

et al. 2019

View full text Add to dashboard Cite

Avoiding Structural Collapse to Reduce Lead Leakage in Perovskite Photovoltaics

et al. 2022

View full text Add to dashboard Cite

Perovskite solar cells (PSCs) have become a promising candidate for the next‐generation photovoltaic technologies. As an essential element for high‐efficiency PSCs however, the heavy metal Pb is soluble in water, causing a serious threat to the environment and human health. Due to the weak ionic bonding in three‐dimensional (3D) perovskites, drastic structure decomposition occurs when immersing the perovskite film in water, which accelerates the Pb leakage. By introducing the chemically stable Dion‐Jacobson (DJ) 2D perovskite at the 3D perovskite surface, the film dissolution is significantly slowed down, which retards lead leakage. As a result, the Pb contamination is dramatically reduced under various extreme conditions. In addition, the PSCs device deliver a power conversion efficiency (PCE) of 23.6 % and retain over 95 % of their initial PCE after the maximum power point tracking for over 1100 h.

show abstract

scite is a Brooklyn-based organization that helps researchers better discover and understand research articles through Smart Citations–citations that display the context of the citation and describe whether the article provides supporting or contrasting evidence. scite is used by students and researchers from around the world and is funded in part by the National Science Foundation and the National Institute on Drug Abuse of the National Institutes of Health.

Contact Info

hi@scite.ai

10624 S. Eastern Ave., Ste. A-614

Henderson, NV 89052, USA

Blog Terms and Conditions API Terms Privacy Policy Contact Cookie Preferences Do Not Sell or Share My Personal Information

Made with 💙 for researchers

Part of the Research Solutions Family.

Yuekang Li

Steelix: program-state based binary fuzzing

Typestate-guided fuzzer for discovering use-after-free vulnerabilities

DiffChaser: Detecting Disagreements for Deep Neural Networks

Efficient greybox fuzzing of applications in Linux-based IoT devices via enhanced user-mode emulation

Hawkeye

LEOPARD: Identifying Vulnerable Code for Vulnerability Assessment Through Program Metrics

Cerebro: context-aware adaptive fuzzing for effective vulnerability detection

Avoiding Structural Collapse to Reduce Lead Leakage in Perovskite Photovoltaics

Contact Info

Product

Resources

About