Code Sanitization for Vulnerability Pruning and Exploitation Mitigation

Informazioni relative al progetto

CodeSan

ID dell’accordo di sovvenzione: 850868

Sito web del progetto

DOI

10.3030/850868

Progetto chiuso

Data della firma CE 23 Settembre 2019

Data di avvio 1 Marzo 2020

Data di completamento 28 Febbraio 2026

Finanziato da

EXCELLENT SCIENCE - European Research Council (ERC)

Costo totale

€ 1 499 970,00

Contributo UE

€ 1 499 970,00

1 499 970,00

Coordinato da

ECOLE POLYTECHNIQUE FEDERALE DE LAUSANNE
Switzerland

CORDIS fornisce collegamenti ai risultati finali pubblici e alle pubblicazioni dei progetti ORIZZONTE.

I link ai risultati e alle pubblicazioni dei progetti del 7° PQ, così come i link ad alcuni tipi di risultati specifici come dataset e software, sono recuperati dinamicamente da .OpenAIRE .

Risultati finali

Data Management Plan

To create and submit a Data Management Plan

Pubblicazioni

Seed selection for successful fuzzing

Autori: Adrian Herrera, Hendra Gunadi, Shane Magrath, Michael Norrish, Mathias Payer, Antony L. Hosking
Pubblicato in: Proceedings of the 30th ACM SIGSOFT International Symposium on Software Testing and Analysis, 2021, Pagina/e 230-243, ISBN 9781450384599
Editore: ACM
DOI: 10.1145/3460319.3464795

Principal Kernel Analysis: A Tractable Methodology to Simulate Scaled GPU Workloads

Autori: Cesar Avalos Baddouh, Mahmoud Khairy, Roland N. Green, Mathias Payer, and Timothy G. Rogers.
Pubblicato in: International Symposium on Microarchitecture, 2021
Editore: ACM
DOI: 10.1145/3466752.3480100

SyzRisk: A Change-Pattern-Based Continuous Kernel Regression Fuzzer

Autori: Gwangmu Lee, Duo Xu, Solmaz Salimi, Byoungyoung Lee, Mathias Payer
Pubblicato in: Proceedings of the 19th ACM Asia Conference on Computer and Communications Security, Numero 38, 2024, Pagina/e 1480-1494
Editore: ACM
DOI: 10.1145/3634737.3637642

Midas: Systematic Kernel TOCTTOU Protection

Autori: Atri Bhattacharyya, Uros Tesic, Mathias Payer
Pubblicato in: 2022
Editore: Usenix

BLURtooth: Exploiting Cross-Transport Key Derivation in Bluetooth Classic and Bluetooth Low Energy

Autori: Daniele Antonioli, Nils Tippenhauer, Kasper Rasmussen, and Mathias Payer
Pubblicato in: AsiaCCS - Asia Computer and Communication Security, 2022
Editore: ACM
DOI: 10.1145/3488932.3523258

ProFactory: Improving IoT Security via Formalized Protocol Customization

Autori: Fei Wang, Jianliang Wu, Yuhong Nan, Yousra Aafer, Xiangyu Zhang, Dongyan Xu, Mathias Payer
Pubblicato in: Security Symposium, 2022
Editore: Usenix

Too Quiet in the Library: An Empirical Study of Security Updates in Android Apps' Native Code

Autori: Sumaya Almanee, Arda Unal, Mathias Payer, Joshua Garcia
Pubblicato in: 2021 IEEE/ACM 43rd International Conference on Software Engineering (ICSE), 2021, Pagina/e 1347-1359, ISBN 978-1-6654-0296-5
Editore: IEEE/ACM
DOI: 10.1109/icse43902.2021.00122

FuZZan: Efficient Sanitizer Metadata Design for Fuzzing

Autori: Yuseok Jeon, WookHyun Han, Nathan Burow, Mathias Payer
Pubblicato in: 2020
Editore: Usenix

Exploiting Android's Hardened Memory Allocator

Autori: Philipp Mao, Elias Valentin Boschung, Marcel Busch, and Mathias Payer
Pubblicato in: Usenix Conference on Offensive Technologies, 2024
Editore: Usenix

TEEzz: Fuzzing Trusted Applications on COTS Android Devices

Autori: Marcel Busch, Mathias Payer, Aravind Machiry, Christopher Kruegel, Giovanni Vigna, Chad Spensky
Pubblicato in: IEEE Symposium on Security and Privacy, 2023
Editore: IEEE

HALucinator: Firmware Re-hosting Through Abstraction Layer Emulation

Autori: Abraham A. Clements, Eric Gustafson, Tobias Scharnowski, David Fritz, Christopher Kruegel, Giovanni Vigna, Saurabh Bagchi, Mathias Payer
Pubblicato in: 2020
Editore: Usenix

Fuzzing JavaScript Engines with a Graph-based IR

Autori: Haoran Xu, Zhiyuan Jiang, Yongjun Wang, Shuhui Fan, Shenglin Xu, Peidai Xie, Shaojing Fu, Mathias Payer
Pubblicato in: Proceedings of the 2024 on ACM SIGSAC Conference on Computer and Communications Security, 2025, Pagina/e 3734-3748
Editore: ACM
DOI: 10.1145/3658644.3690336

Silent Bugs Matter: A Study of Compiler-Introduced Security Bugs

Autori: ianhao Xu, Kangjie Lu, Zhengjie Du, Zhu Ding, Linke Li, Qiushi Wu, Mathias Payer, and Bing Mao
Pubblicato in: Usenix Security, 2023
Editore: Usenix

SoK: Challenges and Paths Toward Memory Safety for eBPF

Autori: Kaiming Huang, Mathias Payer, Zhiyun Qian, Jack Sampson, Gang Tan, Trent Jaeger
Pubblicato in: 2025 IEEE Symposium on Security and Privacy (SP), 2025, Pagina/e 848-866
Editore: IEEE
DOI: 10.1109/sp61157.2025.00134

PACMem: Enforcing Spatial and Temporal Memory Safety via ARM Pointer Authentication

Autori: Yuan Li, Wende Tan, Zhizheng Lv, Songtao Yang, Mathias Payer, Ying Liu, Chao Zhang
Pubblicato in: ACM CCS, 2022
Editore: CCS
DOI: 10.1145/3548606.3560598

Single-Address-Space FaaS with Jord

Autori: Yuanlong Li, Atri Bhattacharyya, Madhur Kumar, Abhishek Bhattacharjee, Yoav Etsion, Babak Falsafi, Sanidhya Kashyap, Mathias Payer
Pubblicato in: Proceedings of the 52nd Annual International Symposium on Computer Architecture, 2025, Pagina/e 694-707
Editore: ACM
DOI: 10.1145/3695053.3731108

Spill the TeA: An Empirical Study of Trusted Application Rollback Prevention on Android

Autori: Marcel Busch, Philipp Mao, and Mathias Payer
Pubblicato in: Usenix Security, 2024
Editore: Usenix

Everything is Good for Something: Counterexample-Guided Directed Fuzzing via Likely Invariant Inference

Autori: Heqing Huang, Anshunkang Zhou, Mathias Payer, Charles Zhang
Pubblicato in: 2024 IEEE Symposium on Security and Privacy (SP), Numero 8, 2024, Pagina/e 1956-1973
Editore: IEEE
DOI: 10.1109/sp54263.2024.00142

HyperPill: Fuzzing for Hypervisor-bugs by leveraging the Hardware Virtualization Interface

Autori: Alexander Bulekov, Qiang Liu, Manuel Egele, and Mathias Payer
Pubblicato in: Usenix Security, 2024
Editore: Usenix

Top of the Heap: Efficient Memory Error Protection of Safe Heap Objects

Autori: Kaiming Huang, Mathias Payer, Zhiyun Qian, Jack Sampson, Gang Tan, Trent Jaeger
Pubblicato in: Proceedings of the 2024 on ACM SIGSAC Conference on Computer and Communications Security, 2025, Pagina/e 1330-1344
Editore: ACM
DOI: 10.1145/3658644.3690310

eBPF Misbehavior Detection: Fuzzing with a Specification-Based Oracle

Autori: Tao Lyu, Kumar Kartikeya Dwivedi, Thomas Bourgeat, Mathias Payer, Meng Xu, Sanidhya Kashyap
Pubblicato in: Proceedings of the ACM SIGOPS 31st Symposium on Operating Systems Principles, 2025, Pagina/e 701-718
Editore: ACM
DOI: 10.1145/3731569.3764797

DUMPLING: Fine-grained Differential JavaScript Engine Fuzzing

Autori: Liam Wachter, Julian Gremminger, Christian Wressnegger, Mathias Payer, Flavio Toffalini
Pubblicato in: Proceedings 2025 Network and Distributed System Security Symposium, 2025
Editore: Internet Society
DOI: 10.14722/ndss.2025.241411

Evocatio: Conjuring Bug Capabilities from a Single PoC

Autori: Zhiyuan Jiang, Shuitao Gan, Adrian Herrera, Flavio Toffalini, Lucio Romerio, Chaojing Tang, Manuel Egele, Chao Zhang, Mathias Payer
Pubblicato in: ACM CCS, 2022
Editore: ACM
DOI: 10.1145/3548606.3560575

BreakMi: Reversing, Exploiting and Fixing Xiaomi Fitness Tracking Ecosystem

Autori: Marco Casagrande, Eleonora Losiouk, Mauro Conti, Mathias Payer, Daniele Antonioli
Pubblicato in: IACR Transactions on Cryptographic Hardware and Embedded Systems, 2022
Editore: IACR

GlobalConfusion: TrustZone Trusted Application 0-Days by Design

Autori: Marcel Busch, Philipp Mao, and Mathias Payer
Pubblicato in: Usenix Security, 2024
Editore: Usenix

WarpAttack: Bypassing CFI through Compiler-Introduced Double-Fetches

Autori: Jianhao Xu, Luca Di Bartolomeo, Flavio Toffalini, Bing Mao, Mathias Payer
Pubblicato in: IEEE Symposium on Security and Privacy, 2023
Editore: IEEE
DOI: 10.1109/sp46215.2023.00176

type++: Prohibiting Type Confusion with Inline Type Information

Autori: Nicolas Badoux, Flavio Toffalini, Yuseok Jeon, Mathias Payer
Pubblicato in: Proceedings 2025 Network and Distributed System Security Symposium, 2025
Editore: Internet Society
DOI: 10.14722/ndss.2025.230053

Designing a Provenance Analysis for SGX Enclaves

Autori: Flavio Toffalini, Mathias Payer, Jianying Zhou, and Lorenzo Cavallaro
Pubblicato in: Annual Computer Security Applications Conference, 2022
Editore: ACM
DOI: 10.1145/3564625.3567994

μSCOPE: A Methodology for Analyzing Least-Privilege Compartmentalization in Large Software Artifacts

Autori: Nick Roessler; Lucas Atayde; Imani Palmer; Derrick McKee; Jai Pandey; Vasileios P. Kemerlis; Mathias Payer; Adam Bates; Jonathan M. Smith; André DeHon; Nathan Dautenhahn
Pubblicato in: RAID, Numero 1, 2021
Editore: ACM
DOI: 10.1145/3471621.3471839

GLeeFuzz: Fuzzing WebGL Through Error-Message-Guided Mutation

Autori: Hui Peng, Zhihao Yao, Ardalan Amiri Sani, Dave (Jing) Tian, Mathias Payer
Pubblicato in: Usenix Security, 2023
Editore: Usenix

Gramatron: effective grammar-aware fuzzing

Autori: Prashast Srivastava, Mathias Payer
Pubblicato in: Proceedings of the 30th ACM SIGSOFT International Symposium on Software Testing and Analysis, 2021, Pagina/e 244-256, ISBN 9781450384599
Editore: ACM
DOI: 10.1145/3460319.3464814

Monarch: A Fuzzing Framework for Distributed File Systems

Autori: Tao Lyu, Liyi Zhang, Zhiyao Feng, Yueyang Pan, Yujie Ren, Meng Xu, Mathias Payer, Sanidhya Kashyap
Pubblicato in: ATC'24: Usenix Annual Technical Conference, 2024
Editore: Usenix

Igor: Crash Deduplication Through root-Cause Clustering

Autori: Zhiyuan Jiang, Xiyue Jiang, Ahmad Hazimeh, Chaojing Tang, Chao Zhang, and Mathias Payer
Pubblicato in: 2021
Editore: ACM
DOI: 10.1145/3460120.3485364

Code Specialization through Dynamic Feature Observation

Autori: Priyam Biswas, Nathan Burow, Mathias Payer
Pubblicato in: Proceedings of the Eleventh ACM Conference on Data and Application Security and Privacy, 2021, Pagina/e 257-268, ISBN 9781450381437
Editore: ACM
DOI: 10.1145/3422337.3447844

ViDeZZo: Dependency-aware Virtual Device Fuzzing

Autori: Qiang Liu, Flavio Toffalini, Yajin Zhou, Mathias Payer
Pubblicato in: IEEE International Symposium on Security and Privacy, 2023, 2023
Editore: IEEE
DOI: 10.1109/sp46215.2023.00136

Tango: Extracting Higher-Order Feedback through State Inference

Autori: Ahmad Hazimeh, Duo Xu, Qiang Liu, Yan Wang, Mathias Payer
Pubblicato in: The 27th International Symposium on Research in Attacks, Intrusions and Defenses, 2025, Pagina/e 403-418
Editore: ACM
DOI: 10.1145/3678890.3678908

The Taming of the Stack: Isolating Stack Data from Memory Errors

Autori: Kaiming Huang, Yongzhe Huang, Mathias Payer, Zhiyun Qian, Jack Sampson, Gang Tan, Trent Jaeger
Pubblicato in: Network and Distributed Systems Symposium, 2022
Editore: Internet Society
DOI: 10.14722/ndss.2022.23060

QMSan: Efficiently Detecting Uninitialized Memory Errors During Fuzzing

Autori: Matteo Marini, Daniele Cono D'Elia, Mathias Payer, Leonardo Querzoni
Pubblicato in: Proceedings 2025 Network and Distributed System Security Symposium, 2025
Editore: Internet Society
DOI: 10.14722/ndss.2025.241133

ARMore: Pushing Love Back Into Binaries

Autori: Luca Di Bartolomeo, Hossein Moghaddas, and Mathias Payer
Pubblicato in: Usenix Security, 2023
Editore: Usenix

SURGEON: Performant, Flexible and Accurate Re-Hosting via Transplantation

Autori: Florian Hofhammer, Marcel Busch, Qinying Wang, Manuel Egele, Mathias Payer
Pubblicato in: Workshop on Binary Analysis Research, 2024
Editore: ISOC
DOI: 10.14722/bar.2024.23011

USBFuzz: A Framework for Fuzzing USB Drivers by Device Emulation

Autori: Hui Peng, Mathias Payer
Pubblicato in: 2020
Editore: Usenix

LIGHTBLUE: Automatic Profile-Aware Debloating of Bluetooth

Autori: Jianliang Wu, Ruoyu Wu, Daniele Antonioli, Mathias Payer, Nils Ole Tippenhauer, Dongyan Xu, Dave (Jing) Tian, Antonio Bianchi
Pubblicato in: 2021
Editore: Usenix

Preventing Kernel Hacks with HAKCs

Autori: Derrick McKee, Yianni Giannaris, Carolina Ortega Perez, Howard Shrobe, Mathias Payer, Hamed Okhravi, Nathan Burow
Pubblicato in: Network and Distributed Systems Symposium, 2022
Editore: Internet Society
DOI: 10.14722/ndss.2022.24026

SyzTrust: State-aware Fuzzing on Trusted OS Designed for IoT Devices

Autori: Qinying Wang, Boyu Chang, Shouling Ji, Yuan Tian, Xuhong Zhang, Binbin Zhao, Gaoning Pan, Chenyang Lyu, Mathias Payer, Wenhai Wang, Raheem Beyah
Pubblicato in: 2024 IEEE Symposium on Security and Privacy (SP), 2024, Pagina/e 2310-2387
Editore: IEEE
DOI: 10.1109/sp54263.2024.00070

On the Insecurity of Vehicles Against Protocol-Level Bluetooth Threats

Autori: Daniele Antonioli, Mathias Payer
Pubblicato in: Workshop On Offensive Technologies, 2022
Editore: IEEE

Minerva: Browser API Fuzzing with Dynamic Mod-Ref Analysis

Autori: Chijin Zhou, Quan Zhang, Mingzhe Wang, Lihua Guo, Jie Liang, Zhe Liu, Mathias Payer, Yu Jiang
Pubblicato in: FSE Foundations of Software Engineering, 2022
Editore: ACM

One Fuzz Doesn't Fit All: Optimizing Directed Fuzzing via Target-tailored Program State Restriction

Autori: Prashast Srivastava, Stefan Nagy, Matthew Hicks, Antonio Bianchi, and Mathias Payer
Pubblicato in: Annual Computer Security Applications Conference, 2022
Editore: ACM
DOI: 10.1145/3564625.3564643

Magma

Autori: Ahmad Hazimeh, Adrian Herrera, Mathias Payer
Pubblicato in: Proceedings of the ACM on Measurement and Analysis of Computing Systems, Numero 4/3, 2020, Pagina/e 1-29, ISSN 2476-1249
Editore: ACM
DOI: 10.1145/3428334

Liberating Libraries through Automated Fuzz Driver Generation: Striking a Balance without Consumer Code

Autori: Flavio Toffalini, Nicolas Badoux, Zurab Tsinadze, Mathias Payer
Pubblicato in: Proceedings of the ACM on Software Engineering, Numero 2, 2025, Pagina/e 2123-2145, ISSN 2994-970X
Editore: Association for Computing Machinery (ACM)
DOI: 10.1145/3729365

<scp>DatAFLow</scp> : Toward a Data-Flow-Guided Fuzzer

Autori: Adrian Herrera, Mathias Payer, Antony L. Hosking
Pubblicato in: ACM Transactions on Software Engineering and Methodology, Numero 32, 2023, Pagina/e 1-31, ISSN 1049-331X
Editore: Association for Computing Machinary, Inc.
DOI: 10.1145/3587156

MendelFuzz: The Return of the Deterministic Stage

Autori: Han Zheng, Flavio Toffalini, Marcel Böhme, Mathias Payer
Pubblicato in: Proceedings of the ACM on Software Engineering, Numero 2, 2025, Pagina/e 44-64, ISSN 2994-970X
Editore: Association for Computing Machinery (ACM)
DOI: 10.1145/3715713

Sourcerer: Channeling the void

Autori: Nicolas Badoux, Flavio Toffalini, Mathias Payer
Pubblicato in: Lecture Notes in Computer Science, Detection of Intrusions and Malware, and Vulnerability Assessment, 2025, Pagina/e 75-95
Editore: Springer Nature Switzerland
DOI: 10.1007/978-3-031-97620-9_5

È in corso la ricerca di dati su OpenAIRE...

Risultati finali

Pubblicazioni

Condividi questa pagina Condividi questa pagina sui social network

Scarica Scarica il contenuto della pagina