Litcius/Paper detail

Evocatio

Zhiyuan Jiang, Shuitao Gan, Adrian Herrera, Flavio Toffalini, Lucio Romerio, Chaojing Tang, Manuel Egele, Chao Zhang, Mathias Payer

2022Proceedings of the 2022 ACM SIGSAC Conference on Computer and Communications Security19 citationsDOIOpen Access PDF

Abstract

The popularity of coverage-guided greybox fuzzers has led to a tsunami of security-critical bugs that developers must prioritize and fix. Knowing the capabilities a bug exposes (e.g., type of vulnerability, number of bytes read/written) enables prioritization of bug fixes. Unfortunately, understanding a bug's capabilities is a time consuming process, requiring (a) an understanding of the bug's root cause, (b) an understanding how an attacker may exploit the bug, and (c) the development of a patch mitigating these threats. This is a mostly-manual process that is qualitative and arbitrary, potentially leading to a misunderstanding of the bug's capabilities.

Topics & Concepts

Computer scienceExploitSecurity bugVulnerability (computing)Process (computing)Software bugSecure codingRoot causePopularityComputer securityPrioritizationByteSoftwareOperating systemSoftware security assuranceProcess managementInformation securityEngineeringReliability engineeringSecurity serviceSocial psychologyPsychologyAdvanced Malware Detection TechniquesSoftware Testing and Debugging TechniquesSoftware Engineering Research
Evocatio | Litcius