{"status":"ok","message-type":"work","message-version":"1.0.0","message":{"indexed":{"date-parts":[[2025,6,14]],"date-time":"2025-06-14T04:08:10Z","timestamp":1749874090832,"version":"3.41.0"},"publisher-location":"Singapore","reference-count":30,"publisher":"Springer Nature Singapore","isbn-type":[{"value":"9789819655656","type":"print"},{"value":"9789819655663","type":"electronic"}],"license":[{"start":{"date-parts":[[2025,1,1]],"date-time":"2025-01-01T00:00:00Z","timestamp":1735689600000},"content-version":"tdm","delay-in-days":0,"URL":"https:\/\/www.springernature.com\/gp\/researchers\/text-and-data-mining"},{"start":{"date-parts":[[2025,1,1]],"date-time":"2025-01-01T00:00:00Z","timestamp":1735689600000},"content-version":"vor","delay-in-days":0,"URL":"https:\/\/www.springernature.com\/gp\/researchers\/text-and-data-mining"}],"content-domain":{"domain":["link.springer.com"],"crossmark-restriction":false},"short-container-title":[],"published-print":{"date-parts":[[2025]]},"DOI":"10.1007\/978-981-96-5566-3_10","type":"book-chapter","created":{"date-parts":[[2025,6,13]],"date-time":"2025-06-13T20:23:07Z","timestamp":1749846187000},"page":"181-205","update-policy":"https:\/\/doi.org\/10.1007\/springer_crossmark_policy","source":"Crossref","is-referenced-by-count":0,"title":["Enhancing Differential Fuzzing of\u00a0Cryptographic Libraries with\u00a0Sustainable Hybrid Fuzzing and\u00a0Crypto-Specific Mutation"],"prefix":"10.1007","author":[{"ORCID":"https:\/\/orcid.org\/0009-0005-8922-6667","authenticated-orcid":false,"given":"Jeewoo","family":"Jung","sequence":"first","affiliation":[]},{"ORCID":"https:\/\/orcid.org\/0000-0002-5513-0836","authenticated-orcid":false,"given":"Taekyoung","family":"Kwon","sequence":"additional","affiliation":[]}],"member":"297","published-online":{"date-parts":[[2025,6,14]]},"reference":[{"key":"10_CR1","unstructured":"The Heartbleed Bug. https:\/\/heartbleed.com. Accessed 22 Sept 2024"},{"key":"10_CR2","unstructured":"Netcraft\u2019s April 2014 Web Server Survey. https:\/\/www.netcraft.com\/blog\/april-2014-web-server-survey. Accessed 22 Sept 2024"},{"key":"10_CR3","unstructured":"How Heartbleed could\u2019ve been found. https:\/\/blog.hboeck.de\/archives\/868-How-Heartbleed-couldve-been-found.html. Accessed 22 Sept 2024"},{"key":"10_CR4","unstructured":"Blessing, J., Specter, M.A., Weitzner, D.J.: You really shouldn\u2019t roll your own crypto: an empirical study of vulnerabilities in cryptographic libraries. arXiv preprint arXiv:2107.04940 (2021)"},{"key":"10_CR5","unstructured":"Fioraldi, A., Maier, D., Ei\u00dffeldt, H., Heuse, M.: AFL++: combining incremental steps of fuzzing research. In: 14th USENIX Workshop on Offensive Technologies (WOOT 20) (2020)"},{"key":"10_CR6","doi-asserted-by":"crossref","unstructured":"Zhou, Y., Ma, F., Chen, Y., Ren, M., Jiang, Y.: CLFuzz: vulnerability detection of cryptographic algorithm implementation via semantic-aware fuzzing. ACM Trans. Softw. Eng. Methodol. 1\u201328 (2023)","DOI":"10.1145\/3628160"},{"key":"10_CR7","unstructured":"Cryptofuzz. https:\/\/github.com\/guidovranken\/cryptofuzz. Accessed 22 Sept 2024"},{"key":"10_CR8","doi-asserted-by":"crossref","unstructured":"Rahaman, S., et al.: Cryptoguard: high precision detection of cryptographic vulnerabilities in massive-sized java projects. In: Proceedings of the 2019 ACM SIGSAC Conference on Computer and Communications Security, pp. 2455\u20132472 (2019)","DOI":"10.1145\/3319535.3345659"},{"key":"10_CR9","unstructured":"Wycheproof. https:\/\/github.com\/google\/wycheproof. Accessed 22 Sept 2024"},{"key":"10_CR10","doi-asserted-by":"crossref","unstructured":"Hur, J., Song, S., Kwon, D., Baek, E., Kim, J., Lee, B.: DifuzzRTL: differential fuzz testing to find CPU bugs. In: 2021 IEEE Symposium on Security and Privacy (SP), pp. 1286\u20131303 (2021)","DOI":"10.1109\/SP40001.2021.00103"},{"key":"10_CR11","unstructured":"Aumasson, J.P., Romailler, Y.: Automated testing of crypto software using differential fuzzing. In: Black Hat USA (2017)"},{"key":"10_CR12","doi-asserted-by":"crossref","unstructured":"Jin, H., An, D., Kwon, T.: Differential testing of cryptographic libraries with hybrid fuzzing. In: International Conference on Information Security and Cryptology, pp. 124\u2013144 (2022)","DOI":"10.1007\/978-3-031-29371-9_7"},{"key":"10_CR13","doi-asserted-by":"crossref","unstructured":"Cho, M., Kim, S., Kwon, T.: Intriguer: field-level constraint solving for hybrid fuzzing. In: Proceedings of the 2019 ACM SIGSAC Conference on Computer and Communications Security, pp. 515\u2013530 (2019)","DOI":"10.1145\/3319535.3354249"},{"key":"10_CR14","doi-asserted-by":"crossref","unstructured":"Bernhard, L., Scharnowski, T., Schloegel, M., Blazytko, T., Holz, T.: JIT-picking: differential fuzzing of JavaScript engines. In: Proceedings of the 2022 ACM SIGSAC Conference on Computer and Communications Security, pp. 351\u2013364 (2022)","DOI":"10.1145\/3548606.3560624"},{"key":"10_CR15","unstructured":"Libfuzzer. https:\/\/llvm.org\/docs\/LibFuzzer.html. Accessed 22 Sept 2024"},{"key":"10_CR16","unstructured":"American fuzzy lop. https:\/\/github.com\/google\/AFL. Accessed 22 Sept 2024"},{"key":"10_CR17","unstructured":"Yun, I., Lee, S., Xu, M., Jang, Y., Kim, T.: QSYM: a practical concolic execution engine tailored for hybrid fuzzing. In: 27th USENIX Security Symposium (USENIX Security 18), pp. 745\u2013761 (2018)"},{"key":"10_CR18","doi-asserted-by":"crossref","unstructured":"Choi, J., Jang, J., Han, C., Cha, S.K.: Grey-box concolic testing on binary code. In: 2019 IEEE\/ACM 41st International Conference on Software Engineering (ICSE), pp. 736\u2013747 (2019)","DOI":"10.1109\/ICSE.2019.00082"},{"key":"10_CR19","doi-asserted-by":"crossref","unstructured":"Zhao, L., Cao, P., Duan, Y., Yin, H., Xuan, J.: Probabilistic path prioritization for hybrid fuzzing. IEEE Trans. Dependable Secure Comput. 1955\u20131973 (2020)","DOI":"10.1109\/TDSC.2020.3042259"},{"key":"10_CR20","unstructured":"Chen, Y., Ahmadi, M., Wang, B., Lu, L.: MEUZZ: smart seed scheduling for hybrid fuzzing. In: 23rd International Symposium on Research in Attacks, Intrusions and Defenses (RAID 2020), pp. 77\u201392 (2020)"},{"key":"10_CR21","doi-asserted-by":"crossref","unstructured":"Jiang, L., Yuan, H., Wu, M., Zhang, L., Zhang, Y.: Evaluating and improving hybrid fuzzing. In: 2023 IEEE\/ACM 45th International Conference on Software Engineering, pp. 410\u2013422 (2023)","DOI":"10.1109\/ICSE48619.2023.00045"},{"key":"10_CR22","doi-asserted-by":"crossref","unstructured":"Chen, P., Chen, H.: Angora: efficient fuzzing by principled search. In: 2018 IEEE Symposium on Security and Privacy (SP), pp. 711\u2013725 (2018)","DOI":"10.1109\/SP.2018.00046"},{"key":"10_CR23","doi-asserted-by":"crossref","unstructured":"Huang, H., Yao, P., Wu, R., Shi, Q., Zhang, C.: Pangolin: Incremental hybrid fuzzing with polyhedral path abstraction. In: 2020 IEEE Symposium on Security and Privacy (SP), pp. 1613\u20131627 (2020)","DOI":"10.1109\/SP40000.2020.00063"},{"key":"10_CR24","unstructured":"B\u00f6hme, M., Pham, V. T., Roychoudhury, A.: Pangolin: incremental hybrid fuzzing with polyhedral path abstraction. In: Proceedings of the 2016 ACM SIGSAC Conference on Computer and Communications Security, pp. 1032\u20131043 (2016)"},{"key":"10_CR25","unstructured":"Lyu, C., Ji, S., Zhang, C., Li, Y., Lee, W.H., Song, Y., Beyah, R.: MOPT: optimized mutation scheduling for fuzzers. In: 28th USENIX Security Symposium (USENIX Security 19), pp. 1949\u20131966 (2019)"},{"key":"10_CR26","doi-asserted-by":"crossref","unstructured":"Aschermann, C., Schumilo, S., Blazytko, T., Gawlik, R., Holz, T. , Beyah, R.: REDQUEEN: fuzzing with input-to-state correspondence. In: NDSS, pp. 1\u201315 (2019)","DOI":"10.14722\/ndss.2019.23371"},{"key":"10_CR27","unstructured":"OpenSSL 1-day Bug: HMAC use-after-free after copying CTX. https:\/\/bugs.chromium.org\/p\/oss-fuzz\/issues\/detail?id=42271. Accessed 22 Sept 2024"},{"key":"10_CR28","unstructured":"OpenSSL 1-day Bug: BN_mod_exp2_mont NULL pointer dereference if modulus is 0. https:\/\/github.com\/openssl\/openssl\/issues\/17648. Accessed 22 Sept 2024"},{"key":"10_CR29","unstructured":"AFL++\u2019s power schedules based on AFLfast. https:\/\/aflplus.plus\/docs\/power_schedules. Accessed 22 Sept 2024"},{"key":"10_CR30","doi-asserted-by":"crossref","unstructured":"Klees, G., Ruef, A., Cooper, B., Wei, S., Hicks, M.: Evaluating fuzz testing. In: Proceedings of the 2018 ACM SIGSAC Conference on Computer and Communications Security, pp. 2123\u20132138 (2018)","DOI":"10.1145\/3243734.3243804"}],"container-title":["Lecture Notes in Computer Science","Information Security and Cryptology \u2013 ICISC 2024"],"original-title":[],"language":"en","link":[{"URL":"https:\/\/link.springer.com\/content\/pdf\/10.1007\/978-981-96-5566-3_10","content-type":"unspecified","content-version":"vor","intended-application":"similarity-checking"}],"deposited":{"date-parts":[[2025,6,13]],"date-time":"2025-06-13T20:23:14Z","timestamp":1749846194000},"score":1,"resource":{"primary":{"URL":"https:\/\/link.springer.com\/10.1007\/978-981-96-5566-3_10"}},"subtitle":[],"short-title":[],"issued":{"date-parts":[[2025]]},"ISBN":["9789819655656","9789819655663"],"references-count":30,"URL":"https:\/\/doi.org\/10.1007\/978-981-96-5566-3_10","relation":{},"ISSN":["0302-9743","1611-3349"],"issn-type":[{"value":"0302-9743","type":"print"},{"value":"1611-3349","type":"electronic"}],"subject":[],"published":{"date-parts":[[2025]]},"assertion":[{"value":"14 June 2025","order":1,"name":"first_online","label":"First Online","group":{"name":"ChapterHistory","label":"Chapter History"}},{"value":"ICISC","order":1,"name":"conference_acronym","label":"Conference Acronym","group":{"name":"ConferenceInfo","label":"Conference Information"}},{"value":"International Conference on Information Security and Cryptology","order":2,"name":"conference_name","label":"Conference Name","group":{"name":"ConferenceInfo","label":"Conference Information"}},{"value":"Seoul","order":3,"name":"conference_city","label":"Conference City","group":{"name":"ConferenceInfo","label":"Conference Information"}},{"value":"Korea (Republic of)","order":4,"name":"conference_country","label":"Conference Country","group":{"name":"ConferenceInfo","label":"Conference Information"}},{"value":"2024","order":5,"name":"conference_year","label":"Conference Year","group":{"name":"ConferenceInfo","label":"Conference Information"}},{"value":"20 November 2024","order":7,"name":"conference_start_date","label":"Conference Start Date","group":{"name":"ConferenceInfo","label":"Conference Information"}},{"value":"22 November 2024","order":8,"name":"conference_end_date","label":"Conference End Date","group":{"name":"ConferenceInfo","label":"Conference Information"}},{"value":"27","order":9,"name":"conference_number","label":"Conference Number","group":{"name":"ConferenceInfo","label":"Conference Information"}},{"value":"icisc2024","order":10,"name":"conference_id","label":"Conference ID","group":{"name":"ConferenceInfo","label":"Conference Information"}},{"value":"http:\/\/www.icisc.org\/","order":11,"name":"conference_url","label":"Conference URL","group":{"name":"ConferenceInfo","label":"Conference Information"}}]}}