1 |
S. Embleton, S. Sparks, and R. Cunningham, "sidewinder: An evolutionary guidance system for malicious input crafting," in Proceedings of the Black Hat USA, 2006.
|
2 |
Valentin Jean Marie Manès, HyungSeok Han, Choongwoo Han, Sang Kil Cha, Manuel Egele, Edward J. Schwartz and Maverick Woo, "The Art, Science, and Engineering of Fuzzing:A Survey," IEEE Transactions on Software Engineering, pp. 1-21, Oct. 2019.
|
3 |
OpenSSL, "OpenSSL Cryptography and SSL/TLS Toolkit", https://www.openssl.org, Oct. 2020.
|
4 |
HeartBleed, "HeartBleed CVE-2014-01 60", https://heartbleed.com, Oct. 2020.
|
5 |
OpenSSL, "OpenSSL Vulnerabilities", https://www.openssl.org/news/vulnerabilities.html, Oct. 2020.
|
6 |
Github, "American Fuzzy Lop", https://github.com/google/afl, Oct. 2020.
|
7 |
Github, "LibFuzzer", http://llvm.org/docs/LibFuzzer.html, Oct. 2020
|
8 |
M. Aizatsky, K. Serebryany, O. Chang, A. Arya and M. Whittaker, "Announcing OSS-Fuzz: Continuous fuzzing for open source software," Google Testing Blog, 2016.
|
9 |
Sanjay Rawat, Vivek Jain, Ashish Kumar, Lucian Cojocar, Cristiano Giuffrida and Herbert Bos, "VUzzer: Application-aware Evolutionary Fuzzing," NDSS, Vol. 17, pp. 1-14, Feb. 2017.
|
10 |
Peng Chen and Hao Chen, "Angora: Efficient fuzzing by principled search," 2018 IEEE Symposium on Security and Privacy (SP), pp. 711-725, May. 2018
|
11 |
Github, "Honggfuzz", https://github.com/google/honggfuzz, Oct. 2020.
|
12 |
Github, "Wycheproof", https://github.com/google/wycheproof, Oct. 2020.
|
13 |
Muhammad Ali Gulzar, Yongkang Zhu and Xiaofeng Han, "Perception and Practices of Differential Testing," 2019 IEEE/ACM 41st International Conference on Software Engineering: Software Engineering in Practice (ICSE-SEIP), pp. 71-80, May. 2019.
|
14 |
Shirin Nilizadeh, Yannic Noller and Corina S. Pasareanu, "DifFuzz: Differential Fuzzing for Side-Channel Analysis," ICSE '19: Proceedings of the 41st International Conference on Software Engineering, pp. 176-187, May. 2019.
|
15 |
FSEC, "Threats and countermeasures for using open source SW", https://www.fsec.or.kr/user/bbs/fsec/42/312/bbsDataView/539.do, Oct. 2020.
|
16 |
Jean-Philippe Aumasson and Yolan Romailler, "Automated Testing of Crypto Software Using Differential Fuzzing," Blackhat USA 2017, Jul. 2017.
|
17 |
CryptoFuzz, "Differential fuzzing of cryptographic libraries", https://guidovranken.com/2019/05/14/differential-fuzzing-of-cryptographic-libraries/, Oct. 2020.
|
18 |
KISA, "KISA Seed Algorithm", https://seed.kisa.or.kr/kisa/index.do, Oct. 2020
|
19 |
KISA, "Software development security guide for e-government software developers and operators", https://www.kisa.or.kr/public/laws/laws3_View.jsp?mode=view&p_No=259&b_No=259&d_No=50, Oct. 2020.
|
20 |
KISA, "Development trend of security weakness analysis tool for public source code", https://www.kisa.or.kr/public/library/IS_View.jsp?mode=view&p_No=158&b_No=158&d_No=161, Oct. 2020.
|
21 |
Github, "MbedTLS", https://github.com/ARMmbed/mbedtls, Oct. 2020.
|
22 |
MITRE, "CVE-2015-7547", https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-7547, Oct. 2020.
|
23 |
Github, "Address Sanitzier", https://github.com/google/sanitizers/wiki/AddressSanitizer, Oct. 2020.
|
24 |
David J Day, Zhengxu Zhao and Minhua Ma, "Detecting Return-to-libc Buffer Overflow Attacks Using Network Intrusion Detection Systems," 2010 Fourth International Conference on Digital Society (IEEE), pp. 127-177, Mar. 2010.
|
25 |
Erik Buchanan, Ryan Roemer, Stefan Savage and Hovav Shacham, "Returnoriented Programming: Exploitation without Code Injection," in Proceedings of Black Hat USA 2008, Aug. 2008.
|
26 |
MITRE, "CVE-2016-0778", https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-0778, Oct. 2020.
|
27 |
Crispan Cowan, Calton Pu, Dave Maier, Jonathan Walpole, Peat Bakke, Steve Beattie, Aaron Grier, Perry Wagle, and Qian Zhang, "StackGuard: Automatic Adaptive Detection and Prevention of Buffer-Overflow Attacks," SSYM'98: Proceedings of the 7th conference on USENIX Security Symposium vol.7, pp. 1-16, Jan. 1998.
|
28 |
Jonathan Ganz and Sean Peisert, "ASLR: How Robust Is the Randomness?," 2017 IEEE Cybersecurity Development (SecDev), pp.34-41, Sep. 2017.
|
29 |
Alexande Sotirov, "Heap Feng Shui in JavaScript," in Proceedings of Black Hat Europe 2007, Jul. 2007.
|
30 |
MITRE, "CVE-2015-3079", https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-3079, Oct. 2020.
|
31 |
Valgrind, "Valgrind", https://valgrind.org, Oct. 2020.
|
32 |
MITRE, "CVE-2019-1543", https://www.openssl.org/news/secadv/20190306.txt, Oct. 2020.
|
33 |
MITRE, "CVE-2020-5183", https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-5183, Oct. 2020.
|