Awesome
Note
The sole purpose of this repository is to help me organize recent academic papers related to fuzzing, binary analysis, IoT security, and general exploitation. This is a non-exhausting list, even though I'll try to keep it updated... Feel free to suggest decent papers via a PR.
Table of Contents
Read & Tagged
- 2023 - Dissecting American Fuzzy Lop A FuzzBench Evaluation
- Tags:: AFL, collisions, hitcounts, timeout, novelty search, corpus culling, score calculation, corpus scheduling, splicing
- 2022 - DARWIN: Survival of the Fittest Fuzzing Mutators
- Tags: mutation scheduling, evolution strategy, AFL, AFL-MOpT, fuzzbench, magma, ecofuzz
- 2022 - Removing Uninteresting Bytes in Software Fuzzing
- Tags: seed optimization, seed minimization, diar, coverage-guided
- 2021 - An Empirical Study of OSS-Fuzz Bugs
- Tags: flaky bugs, clusterfuzz, sanitizer, bug detection, bug classification, time-to-fix, time-to-detect
- 2020 - Corpus Distillation for Effective Fuzzing
- Tags: corpus minimization, afl-cmin, google fuzzer test suite, FTS, minset, AFL
- 2020 - Symbolic execution with SymCC: Don't interpret, compile!
- Tags: KLEE, QSYM, LLVM, C, C++, compiler, symbolic execution, concolic execution, source code level, IR, angr, Z3, DARPA corpus, AFL
- 2020 - WEIZZ: Automatic Grey-Box Fuzzing for Structured Binary Formats
- Tags: REDQUEEN, chunk-based formats, AFLSmart, I2S, checksums, magix bytes, QEMU, Eclipser, short fuzzing runs,
- 2020 - Efficient Binary-Level Coverage Analysis
- Tags: bcov, detour + trampoline, basic block coverage, sliced microexecution, superblocks, strongly connected components, dominator graph, BAP, angr, IDA, DynamoRIO, Intel PI, BAP, angr, IDA, DynamoRIO, Intel PIN
- 2020 - Test-Case Reduction via Test-Case Generation: Insights From the Hypothesis Reducer
- Tags: Test case reducer, property based testing, CSmith, test case generation, hierachical delta debugging
- 2020 - AFL++: Combining Incremental Steps of Fuzzing Research
- Tags: AFL++, AFL, MOpt, LAF-Intel, Fuzzbench, Ngram, RedQueen, Unicorn, QBDI, CmpLog, AFLFast
- 2020 - FirmXRay: Detecting Bluetooth Link Layer Vulnerabilities From Bare-Metal Firmware
- Tags: Ghdira, static analysis, sound disassembly, base address finder, BLE, vulnerability discovery
- 2020 - P2IM: Scalable and Hardware-independent Firmware Testing via Automatic Peripheral Interface Modeling
- Tags: HALucinator, emulation, firmware, QEMU, AFL, requires source, MCU, peripheral abstraction
- 2020 - What Exactly Determines the Type? Inferring Types with Context
- Tags: context assisted type inference, stripped binaries, variable and type reconstruction, IDA Pro, Word2Vec, CNN,
- 2020 - Causal Testing: Understanding Defects’ Root Causes
- Tags: Defects4J, causal relationships, Eclipse plugin, unit test mutation, program trace diffing, static value diffing, user study
- 2020 - AURORA: Statistical Crash Analysis for Automated Root Cause Explanation
- Tags: RCA, program traces, input diversification, Intel PIN, Rust, CFG,
- 2020 - ParmeSan: Sanitizer-guided Greybox Fuzzing
- Tags: interprocedural CFG, data flow analysis, directed fuzzing (DGF), disregarding 'hot paths', LAVA-M based primitives, LLVM, Angora, AFLGo, ASAP, santizer dependent
- 2020 - Magma: A Ground-Truth Fuzzing Benchmark
- Tags: best practices, fuzzer benchmarking, ground truth, Lava-M
- 2020 - Fitness Guided Vulnerability Detection with Greybox Fuzzing
- Tags: AFL, vuln specific fitness metric (headroom), buffer/integer overflow detection, AFLGo, pointer analysis, CIL, bad benchmarking
- 2020 - GREYONE: Data Flow Sensitive Fuzzing
- Tags: data-flow fuzzing, taint-guided mutation, input prioritization, constraint conformance, REDQUEEN, good evaluation, VUzzer
- 2020 - FairFuzz-TC: a fuzzer targeting rare branches
- Tags: AFL, required seeding, branch mask
- 2020 - Fitness Guided Vulnerability Detection with Greybox Fuzzing
- Tags: AFL, vuln specific fitness metric (headroom), buffer/integer overflow detection, AFLGo, pointer analysis, CIL, bad evaluation
- 2020 - TOFU: Target-Oriented FUzzer
- Tags: DGF, structured mutations, staged fuzzing/learning of cli args, target fitness, structure aware, Dijkstra for priority, AFLGo, Superion
- 2020 - FuZZan: Efficient Sanitizer Metadata Design for Fuzzing
- Tags:: sanitizer metadata, optimization, ASAN, MSan, AFL
- 2020 - Boosting Fuzzer Efficiency: An Information Theoretic Perspective
- Tags:: Shannon entropy, seed power schedule, libfuzzer, active SLAM, DGF, fuzzer efficiency
- 2020 - Learning Input Tokens for Effective Fuzzing
- Tags: dynamic taint tracking, parser checks, magic bytes, creation of dict inputs for fuzzers
- 2020 - A Review of Memory Errors Exploitation in x86-64
- Tags: NX, canaries, ASLR, new mitigations, mitigation evaluation, recap on memory issues
- 2020 - SoK: The Progress, Challenges, and Perspectives of Directed Greybox Fuzzing
- Tags: SoK, directed grey box fuzzing, AFL, AFL mutation operators, DGF vs CGF
- 2020 - MemLock: Memory Usage Guided Fuzzing
- Tags: memory consumption, AFL, memory leak, uncontrolled-recursion, uncontrolled-memory-allocation, static analysis
- 2019 - Matryoshka: Fuzzing Deeply Nested Branches
- Tags: AFL, QSYM, Angora, path constraints, nested conditionals, (post) dominator trees, gradient descent, REDQUEEN, LAVA-M
- 2019 - Building Fast Fuzzers
- Tags: grammar based fuzzing, optimization, bold claims, comparison to badly/non-optimized fuzzers, python, lots of micro-optimizations, nice protocolling of failures, bad ASM optimization
- 2019 - Not All Bugs Are the Same: Understanding, Characterizing, and Classifying the Root Cause of Bugs
- Tags: RCA via bug reports, classification model, F score,
- 2019 - AntiFuzz: Impeding Fuzzing Audits of Binary Executables
- Tags: anti fuzzing, prevent crashes, delay executions, obscure coverage information, overload symbolic execution
- 2019 - MOpt: Optimized Mutation Scheduling for Fuzzers
- Tags: mutation scheduling, particle swarm optimization (PSO), AFL, AFL mutation operators, VUzzer,
- 2019 - FuzzFactory: Domain-Specific Fuzzing with Waypoints
- Tags: domain-specific fuzzing, AFL, LLVM, solve hard constraints like cmp, find dynamic memory allocations, binary-based
- 2019 - Fuzzing File Systems via Two-Dimensional Input Space Exploration
- Tags: Ubuntu, file systems, library OS, ext4, brtfs, meta block mutations, edge cases
- 2019 - REDQUEEN: Fuzzing with Input-to-State Correspondence
- Tags: feedback-driven, AFL, magic-bytes, nested contraints, input-to-state correspondence, I2S
- 2019 - PeriScope: An Effective Probing and Fuzzing Framework for the Hardware-OS Boundary
- Tags: kernel, android, userland, embedded, hardware, Linux, device driver, WiFi
- 2019 - FirmFuzz: Automated IoT Firmware Introspection and Analysis
- Tags: emulation, firmadyne, BOF, XSS, CI, NPD, semi-automatic
- 2019 - Firm-AFL: High-Throughput Greybox Fuzzing of IoT Firmware via Augmented Process Emulation
- Tags: emulation, qemu, afl, full vs user mode, syscall redirect, "augmented process emulation", firmadyne
- 2018 - A Survey of Automated Root Cause Analysisof Software Vulnerability
- Tags: Exploit mitigations, fuzzing basics, symbolic execution basics, fault localization, high level
- 2018 - PhASAR: An Inter-procedural Static Analysis Framework for C/C++
- Tags: LLVM, (inter-procedural) data-flow analysis, call-graph, points-to, class hierachy, CFG, IR
- 2018 - INSTRIM: Lightweight Instrumentation for Coverage-guided Fuzzing
- Tags: LLVM, instrumentation optimization, graph algorithms, selective instrumentation, coverage calculation
- 2018 - What You Corrupt Is Not What You Crash: Challenges in Fuzzing Embedded Devices
- Tags: embedded, challenges, heuristics, emulation, crash classification, fault detection
- 2018 - Evaluating Fuzz Testing
- Tags: fuzzing evaluation, good practices, bad practices
- 2017 - Root Cause Analysis of Software Bugs using Machine Learning Techniques
- Tags: ML, RC prediction for filed bug reports, unsupervised + supervised combination, RC categorisation, F score
- 2017 - kAFL: Hardware-Assisted Feedback Fuzzing for OS Kernels
- Tags: intel PT, kernel, AFL, file systems, Windows, NTFS, Linux, ext, macOS, APFS, driver, feedback-driven
- 2016 - Driller: Argumenting Fuzzing Through Selective Symbolic Execution
- Tags: DARPA, CGC, concolic execution, hybrid fuzzer, binary based
- 2015 - Challenges with Applying Vulnerability Prediction Models
- Tags: VPM vs DPM, prediction models on large scale systems, files with frequent changes leave more vulns, older code exhibits more vulns
- 2014 - Optimizing Seed Selection for Fuzzing
- Tags: BFF, (weighted) minset, peach, cover set problem, seed transferabilty, time minset, size minset, round robin
- 2013 - Automatic Recovery of Root Causes from Bug-Fixing Changes
- Tags: ML + SCA, F score, AST, PPA, source tree analysis
Unread
Unread papers categorized by a common main theme.
General fuzzing implementations
- 2025 - Invivo Fuzzing by Amplifying Actual Executions
- 2025 - QMSan: Efficiently Detecting Uninitialized Memory Errors During Fuzzing
- 2024 - Logos: Log Guided Fuzzing for Protocol Implementations
- 2024 - DDGF: Dynamic Directed Greybox Fuzzing with Path Profiling
- 2024 - Sleuth: A Switchable Dual-Mode Fuzzer to Investigate Bug Impacts Following a Single PoC
- 2024 - Tumbling Down the Rabbit Hole: How do Assisting Exploration Strategies Facilitate Grey-box Fuzzing?
- 2024 - Modularizing Directed Greybox Fuzzing for Binaries over Multiple CPU Architectures
- 2024 - LOOL: Low-Overhead, Optimization-Log-Guided Compiler Fuzzing
- 2024 - Visualization Task Taxonomy to Understand the Fuzzing Internals
- 2024 - Directed or Undirected: Investigating Fuzzing Strategies in a CI/CD Setup
- 2024 - ZigZagFuzz: Interleaved Fuzzing of Program Options and Files
- 2024 - Tango: Extracting Higher-Order Feedback through State Inference
- 2024 - Directed Fuzzing Based on Bottleneck Detection
- 2024 - Look Ma, No Input Samples! Mining Input Grammars from Code with Symbolic Parsing
- 2024 - HuntFUZZ: Enhancing Error Handling Testing through Clustering Based Fuzzing
- 2024 - AIMFuzz: Automated Function-Level In-Memory Fuzzing on Binaries
- 2024 - Data Coverage for Guided Fuzzing
- 2024 - Fuzzing at Scale: The Untold Story of the Scheduler
- 2024 - FOX: Coverage-guided Fuzzing as Online Stochastic Control
- 2024 - Fuzzing-based grammar learning from a minimal set of seed inputs
- 2024 - LinFuzz: Program-Sensitive Seed Scheduling Greybox Fuzzing Based on LinUCB Algorithm
- 2024 - Graphuzz: Data-driven Seed Scheduling for Coverage-guided Greybox Fuzzing
- 2024 - Towards Tightly-coupled Hybrid Fuzzing via Excavating Input Specifications
- 2024 - BazzAFL: Moving Fuzzing Campaigns Towards Bugs Via Grouping Bug-Oriented Seeds
- 2024 - DeepGo: Predictive Directed Greybox Fuzzing
- 2024 - LibAFL QEMU: A Library for Fuzzing-oriented Emulation
- 2023 - NestFuzz: Enhancing Fuzzing with Comprehensive Understanding of Input Processing Logic
- 2023 - DSFuzz: Detecting Deep State Bugs with Dependent State Exploration
- 2023 - FA-Fuzz: A Novel Scheduling Scheme Using Firefly Algorithm for Mutation-Based Fuzzing
- 2023 - Make out like a (Multi-Armed) Bandit: Improving the Odds of Fuzzer Seed Scheduling with T-Scheduler
- 2023 - SYNTONY: Potential-Aware Fuzzing with Particle Swarm Optimization
- 2023 - Triereme: Speeding up hybrid fuzzing through efficient query scheduling
- 2023 - Hybrid Testing: Combining Static Analysis and Directed Fuzzing
- 2023 - Titan : Efficient Multi-target Directed Greybox Fuzzing
- 2023 - SpecFuzzer: A Tool for Inferring Class Specifications via Grammar-based Fuzzing
- 2023 - Hopper: Interpretative Fuzzing for Libraries
- 2023 - Enhancing Coverage-Guided Fuzzing via Phantom Program
- 2023 - Hyperfuzzing: black-box security hypertesting with a grey-box fuzzer
- 2023 - SHAPFUZZ: Efficient Fuzzing via Shapley-Guided Byte Selection
- 2023 - PSOFuzz - Fuzzing Processors with Particle Swarm Optimization
- 2023 - SymRustC: A Hybrid Fuzzer for Rust
- 2023 - Finch: Fuzzing with Quantitative and Adaptive Hot-Bytes Identification
- 2023 - HyperGo: Probability-based Directed Hybrid Fuzzing
- 2023 - CrabSandwich: Fuzzing Rust with Rust
- 2023 - InFuzz: An Interactive Tool for Enhancing Efficiency in Fuzzing through Visual Bottleneck Analysis
- 2023 - Rare Path Guided Fuzzing∗
- 2023 - Guiding Greybox Fuzzing with Mutation Testing
- 2023 - FGo: A Directed Grey-box Fuzzer with Probabilistic Exponential cut-the-loss Strategies
- 2023 - FISHFUZZ: Catch Deeper Bugs by Throwing Larger Nets
- 2023 - PosFuzz: augmenting greybox fuzzing with effective position distribution
- 2023 - Bottleneck Analysis via Grammar-based Performance Fuzzing*
- 2023 - What Happens When We Fuzz? Investigating OSS-Fuzz Bug History
- 2023 - Toss a Fault to Your Witcher: Applying Grey-box Coverage-Guided Mutational Fuzzing to Detect SQL and Command Injection Vulnerabilities
- 2023 - Large Language Models are Edge-Case Fuzzers: Testing Deep Learning Libraries via FuzzGPT
- 2023 - SBFT Tool Competition 2023 - Fuzzing Track
- 2023 - CarpetFuzz: Automatic Program Option Constraint Extraction from Documentation for Fuzzing
- 2023 - Learning Seed-Adaptive Mutation Strategies for Greybox Fuzzing
- 2023 - Directed Greybox Fuzzing with Stepwise Constraint Focusing
- 2023 - Generation-based fuzzing? Don’t build a new generator, reuse!
- 2023 - RCABench: Open Benchmarking Platform for Root Cause Analysis
- 2023 - Arvin: Greybox Fuzzing Using Approximate Dynamic CFG Analysis
- 2023 - DAISY: Effective Fuzz Driver Synthesis with Object Usage Sequence Analysis
- 2023 - autofz: Automated Fuzzer Composition at Runtime
- 2023 - Towards Hybrid Fuzzing with Multi-level Coverage Tree and Reinforcement Learning in Greybox Fuzzing
- 2023 - Fuzzing, Symbolic Execution, and Expert Guidance for Better Testing
- 2023 - Fuzzing vs SBST: Intersections & Differences
- 2023 - Evaluating the Fork-Awareness of Coverage-Guided Fuzzers
- 2023 - Homo in Machina: Improving Fuzz Testing Coverage via Compartment Analysis
- 2023 - The fun in fuzzing - The debugging techniquie comes into its own
- 2023 - Reachable Coverage: Estimating Saturation in Fuzzing
- 2023 - A Seed Scheduling Method With a Reinforcement Learning for a Coverage Guided Fuzzing
- 2023 - SelectFuzz: Efficient Directed Fuzzing with Selective Path Exploration
- 2022 - Explainable Fuzzer Evaluation
- 2022 - Rare-Seed Generation for Fuzzing
- 2022 - How to Compare Fuzzers
- 2022 - Valkyrie: Improving Fuzzing Performance Through Deterministic Techniques
- 2022 - FUZZING DEEPER LOGIC WITH IMPEDING FUNCTION TRANSFORMATION
- 2022 - Alphuzz: Monte Carlo Search on Seed-Mutation Tree for Coverage-Guided Fuzzing
- 2022 - AutoGenD: fuzz driver generation for binary libraries without header files and symbol information
- 2022 - Mutation Optimization of Directional Fuzzing for Cumulative Defects
- 2022 - IMPROVING AFL++ CMPLOG: TACKLING THE BOTTLENECKS
- 2022 - One Fuzz Doesn’t Fit All: Optimizing Directed Fuzzing via Target-tailored Program State Restriction
- 2022 - POLYFUZZ: Holistic Greybox Fuzzing of Multi-Language Systems
- 2022 - Sydr-Fuzz: Continuous Hybrid Fuzzing and Dynamic Analysis for Security Development Lifecycle
- 2022 - Nimbus: Toward Speed Up Function Signature Recovery via Input Resizing and Multi-Task Learning
- 2022 - So Many Fuzzers, So Little Time
- 2022 - SLOPT: Bandit Optimization Framework for Mutation-Based Fuzzing
- 2022 - DriveFuzz: Discovering Autonomous Driving Bugs through Driving Quality-Guided Fuzzing
- 2022 - UltraFuzz: Towards Resource-saving in Distributed Fuzzing
- 2022 - Snappy: Efficient Fuzzing with Adaptive and Mutable Snapshots
- 2022 - FuzzerAid: Grouping Fuzzed Crashes Based On Fault Signatures
- 2022 - Automatically Seed Corpus and Fuzzing Executables Generation Using Test Framework
- 2022 - CAMFuzz: Explainable Fuzzing with Local Interpretation
- 2022 - Efficient Greybox Fuzzing to Detect Memory Errors
- 2022 - LibAFL: A Framework to Build Modular and Reusable Fuzzers
- 2022 - FishFuzz: Throwing Larger Nets to Catch Deeper Bugs
- 2022 - SYMSAN: Time and Space Efficient Concolic Execution via Dynamic Data-flow Analysis
- 2022 - AMSFuzz: An adaptive mutation schedule for fuzzing
- 2022 - FixReverter: A Realistic Bug Injection Methodology for Benchmarking Fuzz Testing
- 2022 - Multiple Targets Directed Greybox Fuzzing
- 2022 - Combining BMC and Fuzzing Techniques for Finding Software Vulnerabilities in Concurrent Programs
- 2022 - DocTer: Documentation-Guided Fuzzing for Testing Deep Learning API Functions
- 2022 - Obtaining Fuzzing Results with Different Timeouts
- 2022 - FASSFuzzer—An Automated Vulnerability Detection System for Android System Services
- 2022 - WindRanger: A Directed Greybox Fuzzer driven by Deviation Basic Blocks
- 2022 - Drifuzz: Harvesting Bugs in Device Drivers from Golden Seeds
- 2022 - GraphFuzz: Library API Fuzzing with Lifetime-aware Dataflow Graphs
- 2022 - AcoFuzz: Adaptive Energy Allocation for Greybox Fuzzing
- 2022 - TargetFuzz: Using DARTs to Guide Directed Greybox Fuzzers
- 2022 - Fast Fuzzing for Memory Errors
- 2022 - Stateful Greybox Fuzzing
- 2022 - Metamorphic Fuzzing of C++ Libraries
- 2022 - Effective Seed Scheduling for Fuzzing with Graph Centrality Analysis
- 2022 - Comparing Fuzzers on a Level Playing Field with FuzzBench
- 2022 - Vulnerability-oriented directed fuzzing for binary programs
- 2022 - An Improvement of AFL Based On The Function Call Depth
- 2022 - FuzzingDriver: the Missing Dictionary to Increase Code Coverage in Fuzzers
- 2022 - BeDivFuzz: Integrating Behavioral Diversity into Generator-based Fuzzing
- 2022 - One Fuzzing Strategy to Rule Them All
- 2022 - Grammars for Free: Toward Grammar Inference for Ad Hoc Parsers
- 2022 - Fuzzing Class Specifications
- 2022 - Mutation Analysis: Answering the Fuzzing Challenge
- 2022 - Ferry: State-Aware Symbolic Execution for Exploring State-Dependent Program Paths
- 2022 - BEACON : Directed Grey-Box Fuzzing with Provable Path Pruning
- 2022 - MORPHUZZ: Bending (Input) Space to Fuzz Virtual Devices
- 2021 - A parallel fuzzing method based on two-stage mutation
- 2021 - Better Pay Attention Whilst Fuzzing
- 2021 - Diar: Removing Uninteresting Bytes from Seeds in Software Fuzzing
- 2021 - Reducing Time-To-Fix For Fuzzer Bugs
- 2021 - Casr-Cluster: Crash Clustering for Linux Applications
- 2021 - Fuzzm: Finding Memory Bugs through Binary-Only Instrumentation and Fuzzing of WebAssembly
- 2021 - InstruGuard: Find and Fix Instrumentation Errors for Coverage-based Greybox Fuzzing
- 2021 - POSTER: OS Independent Fuzz Testing of I/O Boundary
- 2021 - HDBFuzzer–Target-oriented Hybrid Directed Binary Fuzzer
- 2021 - ovAFLow: Detecting Memory Corruption Bugs with Fuzzing-based Taint Inference
- 2021 - SyzScope: Revealing High-Risk Security Impacts of Fuzzer-Exposed Bugs in Linux kernel
- 2021 - SiliFuzz: Fuzzing CPUs by proxy
- 2021 - Same Coverage, Less Bloat: Accelerating Binary-only Fuzzing with Coverage-preserving Coverage-guided Tracing
- 2021 - Facilitating Parallel Fuzzing with Mutually-exclusive Task Distribution
- 2021 - PATA: Fuzzing with Path Aware Taint Analysis
- 2021 - BSOD: Binary-only Scalable fuzzing Of device Drivers
- 2021 - FuzzBench: An Open Fuzzer Benchmarking Platform and Service
- 2021 - My Fuzzer Beats Them All! Developing a Framework for Fair Evaluation and Comparison of Fuzzers
- 2021 - Scalable Fuzzing of Program Binaries with E9AFL
- 2021 - HyperFuzzer: An Efficient Hybrid Fuzzer for Virtual CPUs
- 2021 - BigMap: Future-proofing Fuzzers with Efficient Large Maps
- 2021 - Token-Level Fuzzing
- 2021 - Hashing Fuzzing: Introducing Input Diversity to Improve Crash Detection
- 2021 - LeanSym: Efficient Hybrid Fuzzing Through Conservative Constraint Debloating
- 2021 - ESRFuzzer: an enhanced fuzzing framework for physical SOHO router devices to discover multi-Type vulnerabilities
- 2021 - KCFuzz: Directed Fuzzing Based on Keypoint Coverage
- 2021 - TCP-Fuzz: Detecting Memory and Semantic Bugs in TCP Stacks with Fuzzing
- 2021 - Fuzzing with optimized grammar-aware mutation strategies
- 2021 - Directed Fuzzing for Use-After-FreeVulnerabilities Detection
- 2021 - DIFUZZRTL: Differential Fuzz Testing to FindCPU Bugs
- 2021 - Z-Fuzzer: device-agnostic fuzzing of Zigbee protocol implementation
- 2021 - Fuzzing with Multi-dimensional Control of Mutation Strategy
- 2021 - Using a Guided Fuzzer and Preconditions to Achieve Branch Coverage with Valid Inputs
- 2021 - RIFF: Reduced Instruction Footprint for Coverage-Guided Fuzzing
- 2021 - CoCoFuzzing: Testing Neural Code Models with Coverage-Guided Fuzzing
- 2021 - Seed Selection for Successful Fuzzing
- 2021 - Gramatron: Effective Grammar-Aware Fuzzing
- 2021 - Hyntrospect: a fuzzer for Hyper-V devices
- 2021 - FUZZOLIC: mixing fuzzing and concolic execution
- 2021 - QFuzz: Quantitative Fuzzing for Side Channels
- 2021 - Revizor: Fuzzing for Leaks in Black-box CPUs
- 2021 - Unleashing Fuzzing Through Comprehensive, Efficient, and Faithful Exploitable-Bug Exposing
- 2021 - Constraint-guided Directed Greybox Fuzzing
- 2021 - Test-Case Reduction and Deduplication Almost forFree with Transformation-Based Compiler Testing
- 2021 - RULF: Rust Library Fuzzing via API Dependency Graph Traversal
- 2021 - STOCHFUZZ: Sound and Cost-effective Fuzzing of Stripped Binaries by Incremental and Stochastic Rewriting
- 2021 - PS-Fuzz: Efficient Graybox Firmware Fuzzing Based on Protocol State
- 2021 - MuDelta: Delta-Oriented Mutation Testing at Commit Time
- 2021 - CollabFuzz: A Framework for Collaborative Fuzzing
- 2021 - MUTAGEN: Faster Mutation-Based Random Testing
- 2021 - Inducing Subtle Mutations with Program Repair
- 2021 - Differential Analysis of X86-64 Instruction Decoders
- 2021 - On Introducing Automatic Test Case Generation in Practice: A Success Story and Lessons Learned
- 2021 - A Priority Based Path Searching Method for Improving Hybrid Fuzzing
- 2021 - IntelliGen: Automatic Driver Synthesis for Fuzz Testing
- 2021 - icLibFuzzer: Isolated-context libFuzzer for Improving Fuzzer Comparability
- 2021 - SN4KE: Practical Mutation Testing at Binary Level
- 2021 - One Engine to Fuzz ’em All: Generic Language Processor Testing with Semantic Validation
- 2021 - Growing A Test Corpus with Bonsai Fuzzing
- 2021 - Fuzzing Symbolic Expressions
- 2021 - JMPscare: Introspection for Binary-Only Fuzzing
- 2021 - An Improved Directed Grey-box Fuzzer
- 2021 - A Binary Protocol Fuzzing Method Based on SeqGAN
- 2021 - Refined Grey-Box Fuzzing with Sivo
- 2021 - PSOFuzzer: A Target-Oriented Software Vulnerability Detection Technology Based on Particle Swarm Optimization
- 2021 - MooFuzz: Many-Objective Optimization Seed Schedule for Fuzzer
- 2021 - CMFuzz: context-aware adaptive mutation for fuzzers
- 2021 - GTFuzz: Guard Token Directed Grey-Box Fuzzing
- 2021 - ProFuzzBench: A Benchmark for Stateful Protocol Fuzzing
- 2021 - SymQEMU:Compilation-based symbolic execution for binaries
- 2021 - CONCOLIC EXECUTION TAILORED FOR HYBRID FUZZING THESIS
- 2021 - Breaking Through Binaries: Compiler-quality Instrumentationfor Better Binary-only Fuzzing
- 2021 - AlphaFuzz: Evolutionary Mutation-based Fuzzing as Monte Carlo Tree Search
- 2020 - Fuzzing with Fast Failure Feedback
- 2020 - LAFuzz: Neural Network for Efficient Fuzzing
- 2020 - MaxAFL: Maximizing Code Coverage with a Gradient-Based Optimization Technique
- 2020 - Program State Abstraction for Feedback-Driven Fuzz Testing using Likely Invariants
- 2020 - PMFuzz: Test Case Generation for Persistent Memory Programs
- 2020 - FuSeBMC: A White-Box Fuzzer for Finding Security Vulnerabilities in C Programs
- 2020 - Integrity: Finding Integer Errors by Targeted Fuzzing
- 2020 - ConFuzz: Coverage-guided Property Fuzzing for Event-driven Programs
- 2020 - AFLTurbo: Speed up Path Discovery for Greybox Fuzzing
- 2020 - Fuzzing Channel-Based Concurrency Runtimes using Types and Effects
- 2020 - DeFuzz: Deep Learning Guided Directed Fuzzing
- 2020 - CrFuzz: Fuzzing Multi-purpose Programs through InputValidation
- 2020 - EPfuzzer: Improving Hybrid Fuzzing with Hardest-to-reach Branch Prioritization
- 2020 - Fuzzing Based on Function Importance by Attributed Call Graph
- 2020 - UNIFUZZ: A Holistic and Pragmatic Metrics-Driven Platform for Evaluating Fuzzers
- 2020 - PathAFL: Path-Coverage Assisted Fuzzing
- 2020 - Path Sensitive Fuzzing for Native Applications
- 2020 - UniFuzz: Optimizing Distributed Fuzzing via Dynamic Centralized Task Scheduling
- 2020 - Fuzzing Error Handling Code using Context-Sensitive Software Fault Injection
- 2020 - SpecFuzz: Bringing Spectre-type vulnerabilities to the surface
- 2020 - Zeror: Speed Up Fuzzing with Coverage-sensitive Tracing and Scheduling
- 2020 - MUZZ: Thread-aware Grey-box Fuzzing for Effective Bug Hunting in Multithreaded Programs
- 2020 - Evolutionary Grammar-Based Fuzzing
- 2020 - AFLpro: Direction sensitive fuzzing
- 2020 - CSI-Fuzz: Full-speed Edge Tracing Using Coverage Sensitive Instrumentation
- 2020 - Scalable Greybox Fuzzing for Effective Vulnerability Management DISS
- 2020 - HotFuzz Discovering Algorithmic Denial-of-Service Vulnerabilities through Guided Micro-Fuzzing
- 2020 - Fuzzing Binaries for Memory Safety Errors with QASan
- 2020 - Suzzer: A Vulnerability-Guided Fuzzer Based on Deep Learning
- 2020 - IJON: Exploring Deep State Spaces via Fuzzing
- 2020 - Binary-level Directed Fuzzing for Use-After-Free Vulnerabilities
- 2020 - PANGOLIN: Incremental Hybrid Fuzzing with Polyhedral Path Abstraction
- 2020 - UEFI Firmware Fuzzing with Simics Virtual Platform
- 2020 - Typestate-Guided Fuzzer for Discovering Use-after-Free Vulnerabilities
- 2020 - FuzzGuard: Filtering out Unreachable Inputs in Directed Grey-box Fuzzing through Deep Learning
- 2020 - HyDiff: Hybrid Differential Software Analysis
- 2019 - Engineering a Better Fuzzer with SynergicallyIntegrated Optimizations
- 2019 - Superion: Grammar-Aware Greybox Fuzzing
- 2019 - ProFuzzer: On-the-fly Input Type Probing for Better Zero-day Vulnerability Discovery
- 2019 - Grimoire: Synthesizing Structure while Fuzzing
- 2019 - Ptrix: Efficient Hardware-Assisted Fuzzing for COTS Binary
- 2019 - SAVIOR: Towards Bug-Driven Hybrid Testing
- 2019 - FUDGE: Fuzz Driver Generation at Scale
- 2019 - NAUTILUS: Fishing for Deep Bugs with Grammars
- 2019 - Send Hardest Problems My Way: Probabilistic Path Prioritization for Hybrid Fuzzing
- 2019 - EnFuzz: Ensemble Fuzzing with Seed Synchronization among Diverse Fuzzers
- 2018 - Fuzz Testing in Practice: Obstacles and Solutions
- 2018 - PAFL: Extend Fuzzing Optimizations of Single Mode to Industrial Parallel Mode
- 2018 - PTfuzz: Guided Fuzzing with Processor Trace Feedback
- 2018 - Angora: Efficient Fuzzing by Principled Search
- 2018 - FairFuzz: A Targeted Mutation Strategy for Increasing Greybox Fuzz Testing Coverage
- 2018 - NEUZZ: Efficient Fuzzing with Neural Program Smoothing
- 2018 - CollAFL: path Sensitive Fuzzing
- 2018 - Full-speed Fuzzing: Reducing Fuzzing Overhead through Coverage-guided Tracing
- 2018 - QSYM: A Practical Concolic Execution Engine Tailored for Hybrid Fuzzing
- 2018 - Coverage-based Greybox Fuzzing as Markov Chain
- 2018 - MoonShine: Optimizing OS Fuzzer Seed Selection with Trace Distillation
- 2018 - Singularity: Pattern Fuzzing for Worst Case Complexity
- 2018 - Smart Greybox Fuzzing
- 2018 - Hawkeye: Towards a Desired Directed Grey-box Fuzzer
- 2018 - PerfFuzz: Automatically Generating Pathological Inputs
- 2018 - FairFuzz: A Targeted Mutation Strategy for Increasing Greybox Fuzz Testing Coverage
- 2018 - Enhancing Memory Error Detection forLarge-Scale Applications and Fuzz Testing
- 2018 - T-Fuzz: fuzzing by program transformation
- 2017 - Evaluating and improving fault localization
- 2017 - IMF: Inferred Model-based Fuzzer
- 2017 - Synthesizing Program Input Grammars
- 2017 - Stateful Fuzzing of Wireless Device Drivers in an Emulated Environment
- 2017 - Steelix: Program-State Based Binary Fuzzing
- 2017 - Designing New Operating Primitives to ImproveFuzzing Performance
- 2017 - VUzzer: Application-aware Evolutionary Fuzzing
- 2017 - DIFUZE: Interface Aware Fuzzing for Kernel Drivers
- 2017 - Instruction Punning: Lightweight Instrumentation for x86-64
- 2017 - Designing New Operating Primitives to Improve Fuzzing Performance
- 2014 - A Large-Scale Analysis of the Security of Embedded Firmwares
- 2013 - Scheduling Black-box Mutational Fuzzing
- 2013 - Dowsing for Overflows: A Guided Fuzzer to Find Buffer Boundary Violations
- 2013 - RPFuzzer: A Framework for Discovering Router Protocols Vulnerabilities Based on Fuzzing
- 2011 - Offset-Aware Mutation based Fuzzing for Buffer Overflow Vulnerabilities: Few Preliminary Results
- 2010 - TaintScope: A Checksum-Aware Directed Fuzzing Tool for Automatic Software Vulnerability Detection
- 2009 - Taint-based Directed Whitebox Fuzzing
- 2009 - Dynamic Test Generation To Find Integer Bugs in x86 Binary Linux Programs
- 2008 - Grammar-based Whitebox Fuzzing
- 2008 - Vulnerability Analysis for X86 Executables Using Genetic Algorithm and Fuzzing
- 2008 - Fuzzing Wi-Fi Drivers to Locate Security Vulnerabilities
- 2008 - KLEE: Unassisted and Automatic Generation of High-Coverage Tests for Complex Systems Programs
- 2008 - Automated Whitebox Fuzz Testing
- 2005 - DART: Directed Automated Random Testing(https://www.computer.org/csdl/proceedings-article/icse/2025/056900a508/215aWTZ8XRe)
- 1994 - Dominators, Super Blocks, and Program Coverage
Harnessing
- 2023 - AFGen: Whole-Function Fuzzing for Applications and Libraries
- 2023 - NaNofuzz: A Usable Tool for Automatic Test Generation
AI/LLM
- 2024 - Fixing Security Vulnerabilities with AI in OSS-Fuzz
- 2024 - ChatHTTPFuzz: Large Language Model-Assisted IoT HTTP Fuzzing
- 2024 - Harnessing Large Language Models for Seed Generation in Greybox Fuzzing
- 2024 - Magneto: A Step-Wise Approach to Exploit Vulnerabilities in Dependent Libraries via LLM-Empowered Directed Fuzzing
- 2024 - Fuzzing BusyBox: Leveraging LLM and Crash Reuse for Embedded Bug Unearthing
- 2024 - My Fuzzers Won’t Build: An Empirical Study of Fuzzing Build Failures
- 2024 - ECG: Augmenting Embedded Operating System Fuzzing via LLM-based Corpus Generation
- 2024 - FUZZCODER: Byte-level Fuzzing Test via Large Language Mode
- 2024 - ProphetFuzz: Fully Automated Prediction and Fuzzing of High-Risk Option Combinations with Only Documentation via Large Language Model
- 2024 - Is “AI” Useful for Fuzzing? (Keynote)
- 2024 - Initial Seeds Generation Using LLM for IoT Device Fuzzing
- 2024 - Your Fix Is My Exploit: Enabling Comprehensive DL Library API Fuzzing with Large Language Models
- 2024 - WhiteFox: White-Box Compiler Fuzzing Empowered by Large Language Models
- 2024 - The Mutators Reloaded: Fuzzing Compilers with Large Language Model Generated Mutation Operators
- 2024 - A Coverage-Guided Fuzzing Method for Automatic Software Vulnerability Detection Using Reinforcement Learning-Enabled Multi-Level Input Mutation
- 2024 - LLAMAFUZZ: Large Language Model Enhanced Greybox Fuzzing
- 2024 - Survey on Large Language Model (LLM) Security and Privacy: The Good, the Bad, and the Ugly
- 2024 - Generative AI and Large Language Models for Cyber Security: All Insights You Need
- 2024 - Large Language Model guided Protocol Fuzzing
- 2024 - When Fuzzing Meets LLMs: Challenges and Opportunities
- 2024 - Fuzz4All: Universal Fuzzing with Large Language Models
- 2024 - Large Language Models for Cyber Security: A Systematic Literature Review
- 2024 - LLM4Vuln: A Unified Evaluation Framework for Decoupling and Enhancing LLMs’ Vulnerability Reasoning
- 2024 - Fuzzing BusyBox: Leveraging LLM and Crash Reuse for Embedded Bug Unearthing
- 2024 - Prompt Fuzzing for Fuzz Driver Generation
- 2023 - HOW FAR HAVE WE GONE IN VULNERABILITY DETECTION USING LARGE LANGUAGE MODELS
- 2023 - KernelGPT: Enhanced Kernel Fuzzing via Large Language Models
- 2023 - Exploring the Limits of ChatGPT in Software Security Applications
- 2023 - LLM-Based Code Generation Method for Golang Compiler Testing
- 2023 - Large Language Model guided Protocol Fuzzing
- 2023 - AI-assisted Vulnerability Analysis And Classification Framework for UDS on CAN-bus Fuzzer
- 2023 - GPTFUZZER: Red Teaming Large Language Models with Auto-Generated Jailbreak Prompts
- 2023 - FUZZLLM: A NOVEL AND UNIVERSAL FUZZING FRAMEWORK FOR PROACTIVELY DISCOVERING JAILBREAK VULNERABILITIES IN LARGE LANGUAGE MODELS
- 2023 - Universal Fuzzing via Large Language Models
- 2023 - Understanding Large Language Model Based Fuzz Driver Generation
- 2023 - Large Language Models for Fuzzing Parsers
- 2023 - Large Language Models Are Zero-Shot Fuzzers: Fuzzing Deep-Learning Libraries via Large Language Models
- 2023 - Augmenting Greybox Fuzzing with Generative AI
- 2023 - Understanding Programs by Exploiting (Fuzzing) Test Cases
IoT fuzzing
- 2024 - Parallel Fuzzing of IoT Messaging Protocols through Collaborative Packet Generation
- 2024 - TWFuzz: Fuzzing Embedded Systems with Three Wires
- 2024 - IoTFuzzSentry: Hunting Bugs In The IoT Wilderness In Operational Phase Using Payload Fuzzing
- 2024 - TAIFuzz: taint analysis instrumentation-based firmware fuzzing system
- 2024 - RIoTFuzzer: Companion App Assisted Remote Fuzzing for Detecting Vulnerabilities in IoT Devices
- 2024 - FIRMRCA: Towards Post-Fuzzing Analysis on ARM Embedded Firmware with Efficient Event-based Fault Localization
- 2024 - MSLFuzzer: black-box fuzzing of SOHO router devices via message segment list inference
- 2024 - MULTIFUZZ: A Multi-Stream Fuzzer For Testing Monolithic Firmware
- 2023 - KVFL: Key-Value-Based Persistent Fuzzing for IoT Web Servers
- 2023 - Firmulti Fuzzer: Discovering Multi-process Vulnerabilities in IoT Devices with Full System Emulation and VMI
- 2023 - Fuzzability Testing Framework for Incomplete Firmware Binary
- 2023 - Fuzzing Embedded Systems Using Debug Interfaces
- 2023 - Icicle: A Re-Designed Emulator for Grey-Box Firmware Fuzzing
- 2022 - FirmSolo: Enabling dynamic analysis of binary Linux-based IoT kernel modules
- 2022 - FuzzDocs: An Automated Security Evaluation Framework for IoT
- 2022 - AflIot: Fuzzing on linux-based IoT device with binary-level instrumentation
- 2022 - Tardis: Coverage-Guided Embedded Operating System Fuzzing
- 2022 - Efficient greybox fuzzing of applications in Linux-based IoT devices via enhanced user-mode emulation
- 2022 - Trampoline Over the Air: Breaking in IoT Devices Through MQTT Brokers
- 2022 - PDFuzzerGen: Policy-Driven Black-Box Fuzzer Generation for Smart Devices
- 2022 - RW-Fuzzer: A Fuzzing Method for Vulnerability Mining on Router Web Interface
- 2022 - IoTInfer: Automated Blackbox Fuzz Testing of IoT Network Protocols Guided by Finite State Machine Inference
- 2022 - Debugger-driven Embedded Fuzzing
- 2022 - Game of Hide-and-Seek: Exposing Hidden Interfaces in Embedded Web Applications of IoT Devices
- 2022 - 𝜇AFL: Non-intrusive Feedback-driven Fuzzing for Microcontroller Firmware
- 2022 - FirVer: Concolic Testing for Systematic Validation of Firmware Binaries
- 2022 - Fuzzware: Using Precise MMIO Modeling for Effective Firmware Fuzzing
- 2021 - CPscan: Detecting Bugs Caused by Code Pruning in IoT Kernels
- 2021 - An Efficient Feedback-enhanced Fuzzing Scheme for Linux-based IoT Firmwares
- 2021 - A Fuzzing Method for Embedded Software
- 2021 - Large-scale Firmware Vulnerability Analysis Based on Code Similarity
- 2021 - Towards Fast and Scalable Firmware Fuzzing with Dual-Level Peripheral Modeling
- 2021 - Riding the IoT Wave with VFuzz: Discovering Security Flaws in Smart Home
- 2021 - Zero WFuzzer: Target-Oriented Fuzzing for Web Interface of Embedded Devices
- 2021 - StFuzzer: Contribution-Aware Coverage-Guided Fuzzing for Smart Devices
- 2021 - Rtkaller: State-aware Task Generation for RTOS Fuzzing
- 2021 - IFIZZ: Deep-State and Efficient Fault-Scenario Generation to Test IoT Firmware
- 2021 - Automatic Vulnerability Detection in Embedded Devices and Firmware: Survey and Layered Taxonomies
- 2021 - Fuzzing the Internet of Things: A Review on the Techniques and Challenges for Efficient Vulnerability Discovery in Embedded Systems
- 2021 - FIRM-COV: High-Coverage Greybox Fuzzing for IoT Firmware via Optimized Process Emulation
- 2020 - Verification of Embedded Software Binaries using Virtual Prototypes
- 2020 - μSBS: Static Binary Sanitization of Bare-metal Embedded Devices forFault Observability
- 2020 - Device-agnostic Firmware Execution is Possible: A Concolic Execution Approach for Peripheral Emulation
- 2020 - Vulnerability Detection in SIoT Applications: A Fuzzing Method on their Binaries
- 2020 - FirmAE: Towards Large-Scale Emulation of IoT Firmware forDynamic Analysis
- 2020 - FIRMNANO: Toward IoT Firmware Fuzzing Through Augmented Virtual Execution
- 2020 - ARM-AFL: Coverage-Guided Fuzzing Framework for ARM-Based IoT Devices
- 2020 - Bug detection in embedded environments by fuzzing and symbolic execution
- 2020 - FirmXRay: Detecting Bluetooth Link Layer Vulnerabilities From Bare-Metal Firmware
- 2020 - EM-Fuzz: Augmented Firmware Fuzzing via Memory Checking
- 2020 - Verification of Embedded Binaries using Coverage-guided Fuzzing with System C-based Virtual Prototypes
- 2020 - DICE: Automatic Emulation of DMA Input Channels for Dynamic Firmware Analysis
- 2020 - Fw‐fuzz: A code coverage‐guided fuzzing framework for network protocols on firmware
- 2020 - Taint-Driven Firmware Fuzzing of Embedded Systems
- 2020 - A Dynamic Instrumentation Technology for IoT Devices
- 2020 - Vulcan: a state-aware fuzzing tool for wear OS ecosystem
- 2020 - A Novel Concolic Execution Approach on Embedded Device
- 2020 - HFuzz: Towards automatic fuzzing testing of NB-IoT core network protocols implementations
- 2020 - FIRMCORN: Vulnerability-Oriented Fuzzing of IoT Firmware via Optimized Virtual Execution
- 2018 - IoTFuzzer: Discovering Memory Corruptions in IoT Through App-based Fuzzing
- 2017 - Towards Automated Dynamic Analysis for Linux-based Embedded Firmware
- 2016 - Scalable Graph-based Bug Search for Firmware Images
- 2015 - SURROGATES: Enabling Near-Real-Time Dynamic Analyses of Embedded Systems
- 2015 - Firmalice - Automatic Detection of Authentication Bypass Vulnerabilities in Binary Firmware
- 2014 - A Large-Scale Analysis of the Security of Embedded Firmwares
- 2013 - RPFuzzer: A Framework for Discovering Router Protocols Vulnerabilities Based on Fuzzing
Firmware Emulation
- 2024 - SyncEmu: Enabling Dynamic Analysis of Stateful Trusted Applications
- 2022 - What You See is Not What You Get: Revealing Hidden Memory Mapping for Peripheral Modeling
- 2022 - What Your Firmware Tells You Is Not How You Should Emulate It: A Specification-Guided Approach for Firmware Emulation (Extended Version)
- 2022 - BEERR: Bench of Embedded system Experiments for Reproducible Research
- 2022 - FIRMWIRE: Transparent Dynamic Analysis for Cellular Baseband Firmware
- 2022 - An Automated Approach to Re-Hosting Embedded Firmware Through Removing Hardware Dependencies
- 2021 - FIRMGUIDE: Boosting the Capability of Rehosting Embedded Linux Kernels through Model-Guided Kernel Execution
- 2021 - Automatic Firmware Emulation through Invalidity-guided Knowledge Inference(Extended Version)
- 2021 - Firmware Re-hosting Through Static Binary-level Porting
- 2021 - Jetset: Targeted Firmware Rehosting for Embedded Systems
- 2021 - Automatic Firmware Emulation through Invalidity-guided Knowledge Inference
Network fuzzing
-
2024 - Stateful protocol fuzzing with statemap-based reverse state selection
-
2024 - No Peer, no Cry: Network Application Fuzzing via Fault Injection
-
2024 - Stateful protocol fuzzing with statemap-based reverse state selection
-
2024 - Gudifu: Guided Differential Fuzzing for HTTP Request Parsing Discrepancies
-
2024 - Netfuzzlib: Adding First-Class Fuzzing Support to Network Protocol Implementations
-
2023 - NSFuzz: Towards Eficient and State-Aware Network Service Fuzzing - RCR Report
-
2023 - INTENDER: Fuzzing Intent-Based Networking with Intent-State Transition Guidance
-
2023 - NSFuzz: Towards Eficient and State-Aware Network Service Fuzzing
-
2022 - FitM: Binary-Only Coverage-Guided Fuzzing for Stateful Network Protocols
-
2022 - WThreadAFL:Deterministic Greybox Fuzzing for Multi-threadNetwork Servers
-
2022 - Registered Report: NSFuzz: Towards Efficient and State-Aware Network Service Fuzzing
-
2022 - SnapFuzz: An Efficient Fuzzing Framework for Network Applications
-
2022 - REST API Fuzzing by Coverage Level Guided Blackbox Testing
-
2022 - SNPSFuzzer: A Fast Greybox Fuzzer for Stateful Network Protocols using Snapshots
-
2022 - WAFL: Binary-Only WebAssembly Fuzzing with Fast Snapshots
-
2021 - RapidFuzz: Accelerating Fuzzing via Generative Adversarial Networks
-
2021 - StateAFL: Greybox Fuzzing for Stateful Network Servers
-
2020 - Finding Security Vulnerabilities in Network Protocol Implementations
Kernel fuzzing
-
2024 - OZZ: Identifying Kernel Out-of-Order Concurrency Bugs with In-Vivo Memory Access Reordering
-
2024 - SyzLego: Enhancing Kernel Directed Greybox Fuzzing via Dependency Inference and Scheduling
-
2024 - A Little Goes a Long Way: Tuning Configuration Selection for Continuous Kernel Fuzzing
-
2024 - CountDown: Refcount-guided Fuzzing for Exposing Temporal Memory Errors in Linux Kernel
-
2024 - Approaches to determining the attack surface for fuzzing the Linux kernel
-
2024 - SyzGen++: Dependency Inference for Augmenting Kernel Driver Fuzzing
-
2024 - SyzRetrospector: A Large-Scale Retrospective Study of Syzbot
-
2024 - SyzRisk: A Change-Pattern-Based Continuous Kernel Regression Fuzzer
-
2024 - MOCK: Optimizing Kernel Fuzzing Mutation with Context-aware Dependency
-
2023 - KextFuzz: A Practical Fuzzer for macOS Kernel EXTensions on Apple Silicon
-
2023 - KextFuzz: Fuzzing macOS Kernel EXTensions on Apple Silicon via Exploiting Mitigations
-
2023 - BoKASAN: Binary-only Kernel Address Sanitizer for Effective Kernel Fuzzing
-
2023 - DDRace: Finding Concurrency UAF Vulnerabilities in Linux Drivers with Directed Fuzzing
-
2023 - Towards Unveiling Exploitation Potential With Multiple Error Behaviors for Kernel Bugs
-
2023 - No Grammar, No Problem: Towards Fuzzing the Linux Kernel without System-Call Descriptions
-
2022 - PrIntFuzz: fuzzing Linux drivers via automated virtual device simulation
-
2022 - KSG: Augmenting Kernel Fuzzing with System Call Specification Generation
-
2022 - Demystifying the Dependency Challenge in Kernel Fuzzing
-
2021 - Evaluating Code Coverage for Kernel Fuzzers via Function Call Graph
-
2021 - ACHyb: a hybrid analysis approach to detect kernel access control vulnerabilities
-
2021 - SyzVegas: Beating Kernel Fuzzing Odds with Reinforcement Learning
-
2021 - NTFUZZ: Enabling Type-Aware Kernel Fuzzing on Windows with Static Binary Analysis
-
2020 - A Hybrid Interface Recovery Method for Android Kernels Fuzzing
-
2020 - FINDING RACE CONDITIONS IN KERNELS:FROM FUZZING TO SYMBOLIC EXECUTION - THESIS
-
2020 - Agamotto: Accelerating Kernel Driver Fuzzing with Lightweight Virtual Machine Checkpoints
-
2020 - X-AFL: a kernel fuzzer combining passive and active fuzzing
-
2020 - Identification of Kernel Memory Corruption Using Kernel Memory Secret Observation Mechanism
-
2020 - USBFuzz: A Framework for Fuzzing USB Drivers by Device Emulation
-
2019 - Fuzzing File Systems via Two-Dimensional Input Space Exploration
-
2019 - Unicorefuzz: On the Viability of Emulation for Kernel space Fuzzing
-
2017 - Stateful Fuzzing of Wireless Device Drivers in an Emulated Environment
-
2008 - Fuzzing Wi-Fi Drivers to Locate Security Vulnerabilities
Format specific fuzzing
- 2025 - DUMPLING: Fine-grained Differential JavaScript Engine Fuzzing
- 2024 - SQLPass: A Semantic Effective Fuzzing Method for DBMS
- 2024 - Atlas: Automating Cross-Language Fuzzing on Android Closed-Source Libraries
- 2024 - Tacoma: Enhanced Browser Fuzzing with Fine-Grained Semantic Alignment
- 2024 - Applying Fuzz Driver Generation to Native C/C++ Libraries of OEM Android Framework: Obstacles and Solutions
- 2024 - CrossFire: Fuzzing macOS Cross-XPU Memory on Apple Silicon
- 2024 - BArcherFuzzer: An Android System Services Fuzzier via Transaction Dependencies of BpBinder
- 2024 - BRF: Fuzzing the eBPF Runtime
- 2024 - Monarch: A Fuzzing Framework for Distributed File Systems
- 2023 - Android Fuzzing: Balancing User-Inputs and Intents
- 2023 - ItyFuzz: Snapshot-Based Fuzzer for Smart Contract
- 2023 - BRF: eBPF Runtime Fuzzer
- 2023 - MorFuzz: Fuzzing Processor via Runtime Instruction Morphing enhanced Synchronizable Co-simulation
- 2023 - EFCF: High Performance Smart Contract Fuzzing for Exploit Generation
- 2023 - ODDFUZZ: Discovering Java Deserialization Vulnerabilities via Structure-Aware Directed Greybox Fuzzing
- 2023 - VIDEZZO: Dependency-aware Virtual Device Fuzzing
- 2023 - HyPFuzz: Formal-Assisted Processor Fuzzing
- 2023 - FUZZILLI: Fuzzing for JavaScript JIT Compiler Vulnerabilities
- 2022 - SFuzz: Slice-based Fuzzing for Real-Time Operating Systems
- 2022 - LFUZZ: Exploiting Locality for File-system Fuzzing
- 2022 - MUNDOFUZZ: Hypervisor Fuzzing with Statistical Coverage Testing and Grammar Inference
- 2022 - DTLS-Fuzzer: A DTLS Protocol State Fuzzer
- 2022 - FuzzUSB: Hybrid Stateful Fuzzing of USB Gadget Stacks
- 2022 - TheHuzz: Instruction Fuzzing of Processors Using Golden-Reference Models for Finding Software-Exploitable Vulnerabilities
- 2021 - V-Shuttle: Scalable and Semantics-Aware Hypervisor Virtual Device Fuzzing
- 2021 - FormatFuzzer: Effective Fuzzing of Binary File Formats
- 2020 - NYX: Greybox Hypervisor Fuzzing using Fast Snapshots and Affine Types
- 2020 - Tree2tree Structural Language Modeling for Compiler Fuzzing
- 2020 - Detecting Critical Bugs in SMT Solvers Using Blackbox Mutational Fuzzing
- 2020 - JS Engine - Montage: A Neural Network Language Model-Guided JavaScript Engine Fuzzer
- 2020 - JS Engine - Fuzzing JavaScript Engines with Aspect-preserving Mutation
- 2020 - CUDA Compiler - CUDAsmith: A Fuzzer for CUDA Compilers
- 2020 - Smart Contracts - sFuzz: An Efficient Adaptive Fuzzer for Solidity Smart Contracts
- 2019 - Compiler Fuzzing: How Much Does It Matter?
- 2019 - Smart Contracts - Harvey: A Greybox Fuzzer for Smart Contracts
- 2017 - XML - Skyfire: Data-Driven Seed Generation for Fuzzing
Exploitation
- 2024 - Revealing the exploitability of heap overflow through PoC analysis
- 2024 - Take a Step Further: Understanding Page Spray in Linux Kernel Exploitation
- 2024 - K-LEAK: Towards Automating the Generation of Multi-Step Infoleak Exploits against the Linux Kernel
- 2023 - Enhanced Memory Corruption Detection in C/C++ Programs
- 2023 - Automated Exploitable Heap Layout Generation for Heap Overflows Through Manipulation Distance-Guided Fuzzing
- 2023 - The Most Dangerous Codec in the World: Finding and Exploiting Vulnerabilities in H.264 Decoders
- 2023 - Detecting Exploit Primitives Automatically for Heap Vulnerabilities on Binary Programs
- 2022 - RiscyROP: Automated Return-Oriented Programming Attacks on RISC-V and ARM64
- 2022 - Automatic Permission Check Analysis for Linux Kernel
- 2022 - OS-Aware Vulnerability Prioritization via Differential Severity Analysis
- 2022 - Arbiter: Bridging the Static and Dynamic Divide in Vulnerability Discovery on Binary Programs
- 2022 - KASPER: Scanning for Generalized Transient Execution Gadgets in the Linux Kernel
- 2022 - MaMaDroid 2.0 - The Holes of control flow graphs
- 2022 -ShadowHeap: Memory Safety through Efficient Heap Metadata Validation
- 2022 - MACH2: System for Root Cause Analysis of Kernel Vulnerabilities [THESIS]
- 2021 - Automated Bug Hunting With Data-Driven Symbolic Root Cause Analysis
- 2021 - MAJORCA: Multi-Architecture JOP and ROP Chain Assembler
- 2021 - A Novel Method for the Automatic Generation of JOP Chain Exploits
- 2021 - V0Finder: Discovering the Correct Origin of Publicly Reported Software Vulnerabilities
- 2021 - Identifying Valuable Pointers in Heap Data
- 2021 - OCTOPOCS: Automatic Verification of Propagated Vulnerable Code Using Reformed Proofs of Concept
- 2021 - Characterizing Vulnerabilities in a Major Linux Distribution
- 2021 - MAZE: Towards Automated Heap Feng Shui
- 2021 - Vulnerability Detection in C/C++ Source Code With Graph Representation Learning
- 2021 - mallotROPism: a metamorphic engine for malicious software variation development
- 2020 - Automatic Techniques to Systematically Discover New Heap Exploitation Primitives
- 2020 - Shadow-Heap: Preventing Heap-based Memory Corruptions by Metadata Validation
- 2020 - Practical Fine-Grained Binary Code Randomization
- 2020 - Tiny-CFA: Minimalistic Control-Flow Attestation UsingVerified Proofs of Execution
- 2020 - Greybox Automatic Exploit Generation for Heap Overflows in Language Interpreters - PHD THESIS
- 2020 - ABCFI: Fast and Lightweight Fine-Grained Hardware-Assisted Control-Flow Integrity
- 2020 - HeapExpo: Pinpointing Promoted Pointers to Prevent Use-After-Free Vulnerabilities
- 2020 - Localizing Patch Points From One Exploit
- 2020 - Speculative Dereferencing of Registers: Reviving Foreshadow
- 2020 - HAEPG: An Automatic Multi-hop Exploitation Generation Framework
- 2020 - Exploiting More Binaries by Using Planning to Assemble ROP Exploiting More Binaries by Using Planning to Assemble ROP Attacks Attacks
- 2020 - ROPminer: Learning-Based Static Detection of ROP Chain Considering Linkability of ROP Gadgets
- 2020 - KOOBE: Towards Facilitating Exploit Generation of Kernel Out-Of-Bounds Write Vulnerabilities
- 2020 - Preventing Return Oriented Programming Attacks By Preventing Return Instruction Pointer Overwrites
- 2020 - KASLR: Break It, Fix It, Repeat
- 2020 - ShadowGuard : Optimizing the Policy and Mechanism of Shadow Stack Instrumentation using Binary Static Analysis
- 2020 - VulHunter: An Automated Vulnerability Detection System Based on Deep Learning and Bytecode
- 2020 - Analysis and Evaluation of ROPInjector
- 2020 - API Misuse Detection in C Programs: Practice on SSL APIs
- 2020 - KOOBE: Towards Facilitating Exploit Generation of Kernel Out-Of-Bounds Write Vulnerabilities
- 2020 - Egalito: Layout-Agnostic Binary Recompilation
- 2020 - Verifying Software Vulnerabilities in IoT Cryptographic Protocols
- 2020 - μRAI: Securing Embedded Systems with Return Address Integrity
- 2020 - Preventing Return Oriented Programming Attacks By Preventing Return Instruction Pointer Overwrites
- 2019 - Kernel Protection Against Just-In-Time Code Reuse
- 2019 - Kernel Exploitation Via Uninitialized Stack
- 2019 - KEPLER: Facilitating Control-flow Hijacking Primitive Evaluation for Linux Kernel Vulnerabilities
- 2019 - SLAKE: Facilitating Slab Manipulation for Exploiting Vulnerabilities in the Linux Kernel
- 2018 - HeapHopper: Bringing Bounded Model Checkingto Heap Implementation Security
- 2018 - K-Miner: Uncovering Memory Corruption in Linux
- 2017 - HAIT: Heap Analyzer with Input Tracing
- 2017 - DROP THE ROP: Fine-grained Control-flow Integrity for the Linux Kernel
- 2017 - kR^X: Comprehensive Kernel Protection against Just-In-Time Code Reuse
- 2017 - Unleashing Use-Before-Initialization Vulnerabilities in the Linux Kernel Using Targeted Stack Spraying
- 2017 - Towards Automated Dynamic Analysis for Linux-based Embedded Firmware
- 2016 - Scalable Graph-based Bug Search for Firmware Images
- 2015 - Cross-Architecture Bug Search in Binary Executables
- 2015 - SURROGATES: Enabling Near-Real-Time Dynamic Analyses of Embedded Systems
- 2015 - From Collision To Exploitation: Unleashing Use-After-Free Vulnerabilities in Linux Kernel
- 2015 - PIE: Parser Identification in Embedded Systems
- 2014 - ret2dir: Rethinking Kernel Isolation
- 2014 - Make It Work, Make It Right, Make It Fast: Building a Platform-Neutral Whole-System Dynamic Binary Analysis Platform
- 2012 - Anatomy of a Remote Kernel Exploit
- 2012 - A Heap of Trouble: Breaking the LinuxKernel SLOB Allocator
- 2011 - Linux kernel vulnerabilities: state-of-the-art defenses and open problems
- 2011 - Protecting the Core: Kernel Exploitation Mitigations
- 2015 - From Collision To Exploitation: Unleashing Use-After-Free Vulnerabilities in Linux Kernel
- 2014 - ret2dir: Rethinking Kernel Isolation
- 2012 - Anatomy of a Remote Kernel Exploit
- 2012 - A Heap of Trouble: Breaking the Linux Kernel SLOB Allocator
- 2011 - Linux kernel vulnerabilities: state-of-the-art defenses and open problems
- 2011 - Protecting the Core: Kernel Exploitation Mitigations
Static Binary Analysis
- 2024 - Effectiveness of ChatGPT for Static Analysis: How Far Are We?Effectiveness of ChatGPT for Static Analysis: How Far Are We?
- 2024 - Bin2Summary: Beyond Function Name Prediction in Stripped Binaries with Functionality-Specific Code Embeddings
- 2021 - ICALLEE: Recovering Call Graphs for Binaries
- 2021 - EnBinDiff: Identifying Data-only Patches for Binaries
- 2021 - VIVA: Binary Level Vulnerability Identification via Partial Signature
- 2021 - Overview of the advantages and disadvantages of static code analysis tools
- 2021 - Multi-Level Cross-Architecture Binary Code Similarity Metric
- 2020 - VulDetector: Detecting Vulnerabilities using Weighted Feature Graph Comparison
- 2020 - DEEPBINDIFF: Learning Program-Wide Code Representations for Binary Diffing
- 2020 - BinDeep: A Deep Learning Approach to Binary Code Similarity Detection
- 2020 - Revisiting Binary Code Similarity Analysis using Interpretable Feature Engineering and Lessons Learned
- 2020 - iDEA: Static Analysis on the Security of Apple Kernel Drivers
- 2020 - HART: Hardware-Assisted Kernel Module Tracing on Arm
- 2020 - AN APPROACH TO COMPARING CONTROL FLOW GRAPHS BASED ON BASIC BLOCK MATCHING
- 2020 - How Far We Have Come: Testing Decompilation Correctness of C Decompilers
- 2020 - Dynamic Binary Lifting and Recompilation DISS
- 2020 - Similarity Based Binary Backdoor Detection via Attributed Control Flow Graph
- 2020 - IoTSIT: A Static Instrumentation Tool for IoT Devices
- 2019 - Code Similarity Detection using AST and Textual Information
- 2018 - CodEX: Source Code Plagiarism DetectionBased on Abstract Syntax Trees
- 2017 - rev.ng: a unified binary analysis framework to recover CFGs and function boundaries
- 2017 - Angr: The Next Generation of Binary Analysis
- 2016 - Binary code is not easy
- 2015 - Cross-Architecture Bug Search in Binary Executables
- 2014 - A platform for secure static binary instrumentation
- 2013 - MIL: A language to build program analysis tools through static binary instrumentation
- 2013 - Binary Code Analysis
- 2013 - A compiler-level intermediate representation based binary analysis and rewriting system
- 2013 - Protocol reverse engineering through dynamic and static binary analysis
- 2013 - BinaryPig: Scalable Static Binary Analysis Over Hadoop
- 2011 - BAP: A Binary Analysis Platform
- 2009 - Syntax tree fingerprinting for source code similarity detection
- 2008 - BitBlaze: A New Approach to Computer Security via Binary Analysis
- 2005 - Practical analysis of stripped binary code
- 2004 - Detecting kernel-level rootkits through binary analysis
Misc
- 2024 - Tyche: Making Sense of Property-Based Testing Effectiveness
- 2024 - ARVO: Atlas of Reproducible Vulnerabilities for Open Source Software
- 2024 - LeanBin: Harnessing Lifting and Recompilation to Debloat Binaries
- 2024 - Operation Mango: Scalable Discovery of Taint-Style Vulnerabilities in Binary Firmware Services
- 2024 - A Binary-level Thread Sanitizer or Why Sanitizing on the Binary Level is Hard
- 2023 - MTSan: A Feasible and Practical Memory Sanitizer for Fuzzing COTS Binaries
- 2023 - ARMore: Pushing Love Back Into Binaries
- 2023 - gMutant: A gCov based Mutation Testing Analyser
- 2022 - Auto Off-Target: Enabling Thorough and Scalable Testing for Complex Software Systems
- 2022 - GRIN: Make Rewriting More Precise
- 2022 - CFINSIGHT: A Comprehensive Metric for CFI Policies
- 2022 - Odin: On-Demand Instrumentation with On-the-Fly Recompilation
- 2022 - Debloating Address Sanitizer
- 2021 - FMViz: Visualizing Tests Generated by AFL at the Byte-level
- 2021 - Raising MIPS Binaries to LLVM IR
- 2021 - yzGen: Automated Generation of Syscall Specification of Closed-Source macOS Drivers
- 2021 - Igor: Crash Deduplication Through Root-Cause Clustering
- 2021 - UAFSan: an object-identifier-based dynamic approach for detecting use-after-free vulnerabilities
- 2021 - SyML: Guiding Symbolic Execution Toward Vulnerable States Through Pattern Learning
- 2021 - LLSC: A Parallel Symbolic Execution Compiler for LLVM IR
- 2021 - FuzzSplore: Visualizing Feedback-Driven Fuzzing Techniques
- 2020 - Memory Error Detection Based on Dynamic Binary Translation
- 2020 - Sydr: Cutting Edge Dynamic Symbolic Execution
- 2020 - DrPin: A dynamic binary instumentator for multiple processor architectures
- 2020 - MVP: Detecting Vulnerabilities using Patch-Enhanced Vulnerability Signatures
- 2020 - Collecting Vulnerable Source Code from Open-Source Repositories for Dataset Generation
- 2020 - LEOPARD: Identifying Vulnerable Code for Vulnerability Assessment through Program Metrics
- 2020 - Dynamic Program Analysis Tools in GCC and CLANG Compilers
- 2020 - On Using k-means Clustering for Test Suite Reduction
- 2020 - Optimizing the Parameters of an Evolutionary Algorithm for Fuzzing and Test Data Generation
- 2020 - Inputs from Hell: Learning Input Distributions for Grammar-Based Test Generation
- 2020 - IdSan: An identity-based memory sanitizer for fuzzing binaries
- 2020 - An experimental study oncombining automated andstochastic test data generation - MASTER THESIS
- 2020 - FuzzGen: Automatic Fuzzer Generation
- 2020 - Fuzzing: On the Exponential Cost of Vulnerability Discovery
- 2020 - Poster: Debugging Inputs
- 2020 - API Misuse Detection in C Programs: Practice on SSL APIs
- 2020 - Egalito: Layout-Agnostic Binary Recompilation
- 2020 - Verifying Software Vulnerabilities in IoT Cryptographic Protocols
- 2020 - μRAI: Securing Embedded Systems with Return Address Integrity
- 2020 - Fast Bit-Vector Satisfiability
- 2020 - MARDU: Efficient and Scalable Code Re-randomization
- 2020 - Towards formal verification of IoT protocols: A Review
- 2020 - Automating the fuzzing triage process
- 2020 - COMPARING AFL SCALABILITY IN VIRTUAL-AND NATIVE ENVIRONMENT
- 2020 - SYMBION: Interleaving Symbolic with Concrete Execution
- 2020 - Not All Coverage Measurements Are Equal: Fuzzing by Coverage Accounting for Input Prioritization
- 2019 - Toward the Analysis of Embedded Firmware through Automated Re-hosting
- 2019 - FUZZIFICATION: Anti-Fuzzing Techniques
- 2018 - VulinOSS: A Dataset of Security Vulnerabilities in Open-source Systems
- 2018 - HDDr: A Recursive Variantof the Hierarchical Delta Debugging Algorithm
- 2017 - Coarse Hierarchical Delta Debugging
- 2017 - VUDDY: A Scalable Approach for Vulnerable CodeClone Discovery
- 2017 - Postmortem Program Analysis with Hardware-Enhanced Post-Crash Artifacts
- 2017 - Synthesizing Program Input Grammars
- 2017 - Designing New Operating Primitives to Improve Fuzzing Performance
- 2017 - Instruction Punning: Lightweight Instrumentation for x86-64
- 2016 - Modernizing Hierarchical Delta Debugging
- 2016 - VulPecker: An Automated Vulnerability Detection SystemBased on Code Similarity Analysis
- 2016 - CREDAL: Towards Locating a Memory Corruption Vulnerability with Your Core Dump
- 2016 - RETracer: Triaging Crashes by Reverse Execution fromPartial Memory Dumps
- 2015 - PIE: Parser Identification in Embedded Systems
- 2010 - Iterative Delta Debugging
- 2009 - Dynamic Test Generation To Find Integer Bugs in x86 Binary Linux Programs
- 2006 - HDD: Hierarchical Delta Debugging
Surveys, SoKs, and Studies
- 2024 - An Empirical Examination of Fuzzer Mutator Performance
- 2024 - An Empirical Study on the Distance Metric in Guiding Directed Grey-box Fuzzing
- 2024 - Exploring the Adoption of Fuzz Testing in Open-Source Software: A Case Study of the Go Community
- 2024 - Is Stateful Fuzzing Really Challenging?
- 2024 - Fuzzing Frameworks for Server-side Web Applications: A Survey
- 2024 - SoK: Where to Fuzz? Assessing Target Selection Methods in Directed Fuzzing
- 2024 - A Survey of Protocol Fuzzing
- 2024 - Large Language Models Based Fuzzing Techniques: A Survey
- 2024 - Fuzzing: Progress, Challenges, and Perspectives
- 2023 - A systematic review of fuzzing
- 2023 - An Empirical Study on AST-level mutation-based fuzzing techniques for JavaScript Engines
- 2023 - Software Bug Detection: Challenges and Synergies
- 2023 - Demystify the Fuzzing Methods: A Comprehensive Survey
- 2023 - The Human Side of Fuzzing: Challenges Faced by Developers During Fuzzing Activities
- 2023 - ASanity: On Bug Shadowing by Early ASan Exits
- 2023 - A Case Study on Fuzzing Satellite Firmware
- 2023 - Fuzzing the Latest NTFS in Linux with Papora: An Empirical Study
- 2023 - Fuzzing REST APIs for Bugs: An Empirical Analysis
- 2023 - Automated Binary Analysis: A Survey
- 2023 - Fuzzers for stateful systems: Survey and Research Directions
- 2022 - Detecting Vulnerability on IoT Device Firmware: A Survey
- 2022 - Fuzzing of Embedded Systems: A Survey
- 2022 - Embedded Fuzzing: a Review of Challenges, Tools, and Solutions
- 2022 - An empirical study of vulnerability discovery methods over the past ten years
- 2022 - Fuzzing vulnerability discovery techniques: Survey, challenges and future directions
- 2022 - Fuzzing: A Survey for Roadmap
- 2022 - How Long Do Vulnerabilities Live in the Code? A Large-Scale Empirical Measurement Study on FOSS Vulnerability Lifetimes
- 2021 - Protocol Reverse-Engineering Methods and Tools: A Survey
- 2021 - Exploratory Review of Hybrid Fuzzing for Automated Vulnerability Detection
- 2021 - A Systematic Review of Network Protocol Fuzzing Techniques
- 2021 - Vulnerability Detection is Just the Beginning
- 2021 - Evaluating Synthetic Bugs
- 2020 - A Practical, Principled Measure of Fuzzer Appeal:A Preliminary Study
- 2020 - A Systemic Review of Kernel Fuzzing
- 2020 - A Survey of Hybrid Fuzzing based on Symbolic Execution
- 2020 - A Study on Using Code Coverage Information Extracted from Binary to Guide Fuzzing
- 2020 - Study of Security Flaws in the Linux Kernel by Fuzzing
- 2020 - Dynamic vulnerability detection approaches and tools: State of the Art
- 2020 - Fuzzing: Challenges and Reflections
- 2020 - The Relevance of Classic Fuzz Testing: Have We Solved This One?
- 2020 - A Practical, Principled Measure of Fuzzer Appeal:A Preliminary Study
- 2020 - SoK: All You Ever Wanted to Know About x86/x64 Binary Disassembly But Were Afraid to Ask
- 2020 - A Quantitative Comparison of Coverage-Based Greybox Fuzzers
- 2020 - A Survey of Security Vulnerability Analysis, Discovery, Detection, and Mitigation on IoT Devices
- 2020 - A systematic review of fuzzing based on machine learning techniques
- 2019 - A Survey of Binary Code Similarity
- 2019 - The Art, Science, and Engineering of Fuzzing: A Survey
- 2012 - Regression testing minimization, selection and prioritization: a survey