{"status":"ok","message-type":"work","message-version":"1.0.0","message":{"indexed":{"date-parts":[[2026,4,11]],"date-time":"2026-04-11T02:12:05Z","timestamp":1775873525136,"version":"3.50.1"},"publisher-location":"New York, NY, USA","reference-count":49,"publisher":"ACM","license":[{"start":{"date-parts":[[2025,12,9]],"date-time":"2025-12-09T00:00:00Z","timestamp":1765238400000},"content-version":"vor","delay-in-days":372,"URL":"http:\/\/www.acm.org\/publications\/policies\/copyright_policy#Background"}],"funder":[{"name":"Advanced Research Projects Agency for Health","award":["SP4701-23-C-0074"],"award-info":[{"award-number":["SP4701-23-C-0074"]}]},{"DOI":"10.13039\/501100006374","name":"Defense Advanced Research Projects Agency","doi-asserted-by":"publisher","award":["D22AP00145-00,N6600122C4026"],"award-info":[{"award-number":["D22AP00145-00,N6600122C4026"]}],"id":[{"id":"10.13039\/501100006374","id-type":"DOI","asserted-by":"publisher"}]},{"DOI":"10.13039\/501100006374","name":"National Science Foundation","doi-asserted-by":"publisher","award":["2232915,2247954"],"award-info":[{"award-number":["2232915,2247954"]}],"id":[{"id":"10.13039\/501100006374","id-type":"DOI","asserted-by":"publisher"}]},{"name":"Department of Defense"}],"content-domain":{"domain":["dl.acm.org"],"crossmark-restriction":true},"short-container-title":[],"published-print":{"date-parts":[[2024,12,2]]},"DOI":"10.1145\/3658644.3690278","type":"proceedings-article","created":{"date-parts":[[2024,12,9]],"date-time":"2024-12-09T12:19:20Z","timestamp":1733746760000},"page":"3719-3733","update-policy":"https:\/\/doi.org\/10.1145\/crossmark-policy","source":"Crossref","is-referenced-by-count":4,"title":["Fuzz to the Future: Uncovering Occluded Future Vulnerabilities via Robust Fuzzing"],"prefix":"10.1145","author":[{"ORCID":"https:\/\/orcid.org\/0009-0008-4367-0502","authenticated-orcid":false,"given":"Arvind S","family":"Raj","sequence":"first","affiliation":[{"name":"Arizona State University, Tempe, Arizona, USA"}],"role":[{"role":"author","vocabulary":"crossref"}]},{"ORCID":"https:\/\/orcid.org\/0009-0006-5439-5548","authenticated-orcid":false,"given":"Wil","family":"Gibbs","sequence":"additional","affiliation":[{"name":"Arizona State University, Tempe, Arizona, USA"}],"role":[{"role":"author","vocabulary":"crossref"}]},{"ORCID":"https:\/\/orcid.org\/0000-0002-2454-5449","authenticated-orcid":false,"given":"Fangzhou","family":"Dong","sequence":"additional","affiliation":[{"name":"Arizona State University, Tempe, Arizona, USA"}],"role":[{"role":"author","vocabulary":"crossref"}]},{"ORCID":"https:\/\/orcid.org\/0009-0002-7741-2794","authenticated-orcid":false,"given":"Jayakrishna Menon","family":"Vadayath","sequence":"additional","affiliation":[{"name":"Arizona State University, Tempe, Arizona, USA"}],"role":[{"role":"author","vocabulary":"crossref"}]},{"ORCID":"https:\/\/orcid.org\/0009-0009-0822-0386","authenticated-orcid":false,"given":"Michael","family":"Tompkins","sequence":"additional","affiliation":[{"name":"Arizona State University, Tempe, Arizona, USA"}],"role":[{"role":"author","vocabulary":"crossref"}]},{"ORCID":"https:\/\/orcid.org\/0009-0000-5394-9760","authenticated-orcid":false,"given":"Steven","family":"Wirsz","sequence":"additional","affiliation":[{"name":"Arizona State University, Tempe, Arizona, USA"}],"role":[{"role":"author","vocabulary":"crossref"}]},{"ORCID":"https:\/\/orcid.org\/0009-0007-9014-8998","authenticated-orcid":false,"given":"Yibo","family":"Liu","sequence":"additional","affiliation":[{"name":"Arizona State University, Tempe, Arizona, USA"}],"role":[{"role":"author","vocabulary":"crossref"}]},{"ORCID":"https:\/\/orcid.org\/0000-0002-2146-888X","authenticated-orcid":false,"given":"Zhenghao","family":"Hu","sequence":"additional","affiliation":[{"name":"New York University, New York City, New York, USA"}],"role":[{"role":"author","vocabulary":"crossref"}]},{"ORCID":"https:\/\/orcid.org\/0009-0005-3002-2686","authenticated-orcid":false,"given":"Chang","family":"Zhu","sequence":"additional","affiliation":[{"name":"Arizona State University, Tempe, Arizona, USA"}],"role":[{"role":"author","vocabulary":"crossref"}]},{"ORCID":"https:\/\/orcid.org\/0009-0000-4643-6190","authenticated-orcid":false,"given":"Gokulkrishna Praveen","family":"Menon","sequence":"additional","affiliation":[{"name":"Arizona State University, Tempe, Arizona, USA"}],"role":[{"role":"author","vocabulary":"crossref"}]},{"ORCID":"https:\/\/orcid.org\/0000-0002-8867-4282","authenticated-orcid":false,"given":"Brendan","family":"Dolan-Gavitt","sequence":"additional","affiliation":[{"name":"New York University, New York City, New York, USA"}],"role":[{"role":"author","vocabulary":"crossref"}]},{"ORCID":"https:\/\/orcid.org\/0000-0003-2634-3901","authenticated-orcid":false,"given":"Adam","family":"Doup\u00e9","sequence":"additional","affiliation":[{"name":"Arizona State University, Tempe, Arizona, USA"}],"role":[{"role":"author","vocabulary":"crossref"}]},{"ORCID":"https:\/\/orcid.org\/0000-0003-1524-2566","authenticated-orcid":false,"given":"Ruoyu","family":"Wang","sequence":"additional","affiliation":[{"name":"Arizona State University, Tempe, Arizona, USA"}],"role":[{"role":"author","vocabulary":"crossref"}]},{"ORCID":"https:\/\/orcid.org\/0000-0001-8832-1789","authenticated-orcid":false,"given":"Yan","family":"Shoshitaishvili","sequence":"additional","affiliation":[{"name":"Arizona State University, Tempe, Arizona, USA"}],"role":[{"role":"author","vocabulary":"crossref"}]},{"ORCID":"https:\/\/orcid.org\/0000-0001-6424-0001","authenticated-orcid":false,"given":"Tiffany","family":"Bao","sequence":"additional","affiliation":[{"name":"Arizona State University, Tempe, Arizona, USA"}],"role":[{"role":"author","vocabulary":"crossref"}]}],"member":"320","published-online":{"date-parts":[[2024,12,9]]},"reference":[{"key":"e_1_3_2_1_1_1","unstructured":"2014. binutils #17531 fix. Commit ID 058037d3a16 changeset."},{"key":"e_1_3_2_1_2_1","unstructured":"2014. binutils issue #17531. https:\/\/sourceware.org\/bugzilla\/show_ bug.cgi?id=17531#c57."},{"key":"e_1_3_2_1_3_1","unstructured":"2016. binutils issue #20439. https:\/\/sourceware.org\/bugzilla\/show_ bug.cgi?id=20439."},{"key":"e_1_3_2_1_4_1","unstructured":"angr team. 2015. Phuzzer. https:\/\/github.com\/angr\/phuzzer\/."},{"key":"e_1_3_2_1_5_1","unstructured":"angr team. 2016. Patcherex. https:\/\/github.com\/angr\/patcherex\/."},{"key":"e_1_3_2_1_6_1","volume-title":"REDQUEEN: Fuzzing with Input-to-State Correspondence. In 26th Annual Network and Distributed System Security Symposium, NDSS 2019","author":"Aschermann Cornelius","year":"2019","unstructured":"Cornelius Aschermann, Sergej Schumilo, Tim Blazytko, Robert Gawlik, and Thorsten Holz. 2019. REDQUEEN: Fuzzing with Input-to-State Correspondence. In 26th Annual Network and Distributed System Security Symposium, NDSS 2019, San Diego, California, USA, February 24--27, 2019. The Internet Society. https:\/\/www.ndss-symposium.org\/ndsspaper\/ redqueen-fuzzing-with-input-to-state-correspondence\/"},{"key":"e_1_3_2_1_7_1","unstructured":"Zuk Avraham. 2015. Experts Found a Unicorn in the Heart of Android. https:\/\/www.zimperium.com\/blog\/experts-found-a-unicorn-inthe- heart-of-android\/."},{"key":"e_1_3_2_1_8_1","doi-asserted-by":"publisher","DOI":"10.1109\/ICST.2012.182"},{"key":"e_1_3_2_1_9_1","doi-asserted-by":"publisher","DOI":"10.1109\/SP.2018.00046"},{"key":"e_1_3_2_1_10_1","unstructured":"Code Intelligence Christian Holler. 2022. Dos and Don'ts when Introducing New Fuzzing Tools. https:\/\/www.code-intelligence.com\/blog\/ implementing-fuzzing-tools"},{"key":"e_1_3_2_1_11_1","unstructured":"Xpdf Community. 2024. Xpdf Fuzzing Harness Issue. https:\/\/github. com\/google\/oss-fuzz\/issues\/11711"},{"key":"e_1_3_2_1_12_1","unstructured":"AFL developers. 2019. AFL instrumenting how to. https:\/\/aflplus. plus\/docs\/fuzzing_in_depth\/."},{"key":"e_1_3_2_1_13_1","doi-asserted-by":"publisher","DOI":"10.1109\/SP"},{"key":"e_1_3_2_1_14_1","volume-title":"Stagefright: Scary Code in the Heart of Android.","author":"Drake Joshua","year":"2015","unstructured":"Joshua Drake. 2015. Stagefright: Scary Code in the Heart of Android. (2015). Slideshow presented at Blackhat USA 2015."},{"key":"e_1_3_2_1_15_1","volume-title":"Stagefright: An Android Exploitation Case Study","author":"Drake Joshua J.","year":"2016","unstructured":"Joshua J. Drake. 2016. Stagefright: An Android Exploitation Case Study. USENIX Association."},{"key":"e_1_3_2_1_16_1","volume-title":"Flayer: Exposing Application Internals. In First USENIX Workshop on Offensive Technologies, WOOT '07","author":"Drewry Will","year":"2007","unstructured":"Will Drewry and Tavis Ormandy. 2007. Flayer: Exposing Application Internals. In First USENIX Workshop on Offensive Technologies, WOOT '07, Boston, MA, USA, August 6, 2007. USENIX Association. https:\/\/www.usenix.org\/conference\/woot-07\/flayer-exposingapplication- internals"},{"key":"e_1_3_2_1_17_1","volume-title":"Ashutosh Verma, Fernanda Madeiral, Douglas Wikstr\u00f6m, and Martin Monperrus.","author":"Etemadi Khashayar","year":"2022","unstructured":"Khashayar Etemadi, Nicolas Harrand, Simon Larsen, Haris Adzemovic, Henry Luong Phu, Ashutosh Verma, Fernanda Madeiral, Douglas Wikstr\u00f6m, and Martin Monperrus. 2022. Sorald: Automatic patch suggestions for sonarqube static analysis violations. IEEE Transactions on Dependable and Secure Computing (2022)."},{"key":"e_1_3_2_1_18_1","volume-title":"Heiko Ei\u00dffeldt, and Marc Heuse.","author":"Fioraldi Andrea","year":"2020","unstructured":"Andrea Fioraldi, Dominik Christian Maier, Heiko Ei\u00dffeldt, and Marc Heuse. 2020. AFL: Combining Incremental Steps of Fuzzing Research. In 14th USENIX Workshop on Offensive Technologies, WOOT 2020, August 11, 2020. USENIX Association. https:\/\/www.usenix.org\/ conference\/woot20\/presentation\/fioraldi"},{"key":"e_1_3_2_1_19_1","doi-asserted-by":"publisher","DOI":"10.1145\/3524842.3528452"},{"key":"e_1_3_2_1_20_1","doi-asserted-by":"publisher","DOI":"10.1145\/3540250.3549098"},{"key":"e_1_3_2_1_21_1","unstructured":"Gallopsled. 2013. pwntools. http:\/\/pwntools.com\/."},{"key":"e_1_3_2_1_22_1","doi-asserted-by":"publisher","DOI":"10.1109\/ICSE.2009.5070546"},{"key":"e_1_3_2_1_23_1","volume-title":"Proceedings of the 22th USENIX Security Symposium","author":"Haller Istv\u00e1n","year":"2013","unstructured":"Istv\u00e1n Haller, Asia Slowinska, Matthias Neugschwandtner, and Herbert Bos. 2013. Dowsing for Overflows: A Guided Fuzzer to Find Buffer Boundary Violations. In Proceedings of the 22th USENIX Security Symposium,Washington, DC, USA, August 14--16, 2013. USENIX Association. https:\/\/www.usenix.org\/conference\/usenixsecurity13\/technicalsessions\/ papers\/haller"},{"key":"e_1_3_2_1_24_1","unstructured":"haproxy community. 2023. haproxy Fuzzing Harness Issue. https:\/\/github.com\/haproxy\/haproxy\/issues\/2178#issuecomment- 1584464122"},{"key":"e_1_3_2_1_25_1","doi-asserted-by":"publisher","DOI":"10.1145\/3428334"},{"key":"e_1_3_2_1_26_1","unstructured":"Marc Heuse. 2020. AFL LTO mode instrumentation. https:\/\/github.com\/AFLplusplus\/AFLplusplus\/blob\/stable\/ instrumentation\/README.lto.md."},{"key":"e_1_3_2_1_27_1","doi-asserted-by":"publisher","DOI":"10.1145\/3548606.3560575"},{"key":"e_1_3_2_1_28_1","doi-asserted-by":"publisher","DOI":"10.1007\/978-3-030-58811-3_62"},{"key":"e_1_3_2_1_29_1","doi-asserted-by":"publisher","DOI":"10.1145\/3243734.3243804"},{"key":"e_1_3_2_1_30_1","volume-title":"UNIFUZZ: A Holistic and Pragmatic Metrics-Driven Platform for Evaluating Fuzzers. In 30th USENIX Security Symposium, USENIX Security 2021","author":"Li Yuwei","year":"2021","unstructured":"Yuwei Li, Shouling Ji, Yuan Chen, Sizhuang Liang, Wei-Han Lee, Yueyao Chen, Chenyang Lyu, Chunming Wu, Raheem Beyah, Peng Cheng, Kangjie Lu, and Ting Wang. 2021. UNIFUZZ: A Holistic and Pragmatic Metrics-Driven Platform for Evaluating Fuzzers. In 30th USENIX Security Symposium, USENIX Security 2021, August 11- 13, 2021. USENIX Association. https:\/\/www.usenix.org\/conference\/ usenixsecurity21\/presentation\/li-yuwei"},{"key":"e_1_3_2_1_31_1","doi-asserted-by":"publisher","DOI":"10.1145\/3106237.3106253"},{"key":"e_1_3_2_1_32_1","doi-asserted-by":"publisher","DOI":"10.1145\/2837614.2837617"},{"key":"e_1_3_2_1_33_1","doi-asserted-by":"publisher","DOI":"10.1145\/2884781.2884807"},{"key":"e_1_3_2_1_34_1","doi-asserted-by":"publisher","DOI":"10.1145\/96267.96279"},{"key":"e_1_3_2_1_35_1","doi-asserted-by":"publisher","DOI":"10.1109\/ICCQ51190.2021.9392984"},{"key":"e_1_3_2_1_36_1","unstructured":"NIST. [n. d.]. National Vulnerability Database. https:\/\/nvd.nist.gov\/."},{"key":"e_1_3_2_1_37_1","volume-title":"X-Force: Force-Executing Binary Programs for Security Applications. In 23rd USENIX Security Symposium (USENIX Security . USENIX Association","author":"Peng Fei","year":"2014","unstructured":"Fei Peng, Zhui Deng, Xiangyu Zhang, Dongyan Xu, Zhiqiang Lin, and Zhendong Su. 2014. X-Force: Force-Executing Binary Programs for Security Applications. In 23rd USENIX Security Symposium (USENIX Security . USENIX Association, San Diego, CA. https:\/\/www.usenix.org\/ conference\/usenixsecurity14\/technical-sessions\/presentation\/peng"},{"key":"e_1_3_2_1_38_1","doi-asserted-by":"publisher","DOI":"10.1109\/SP.2018.00056"},{"key":"e_1_3_2_1_39_1","unstructured":"Pernosco. 2014. Record and Replay Framework. https:\/\/github.com\/rrdebugger\/ rr."},{"key":"e_1_3_2_1_40_1","volume-title":"VUzzer: Applicationaware Evolutionary Fuzzing. In 24th Annual Network and Distributed System Security Symposium, NDSS 2017","author":"Rawat Sanjay","year":"2017","unstructured":"Sanjay Rawat, Vivek Jain, Ashish Kumar, Lucian Cojocar, Cristiano Giuffrida, and Herbert Bos. 2017. VUzzer: Applicationaware Evolutionary Fuzzing. In 24th Annual Network and Distributed System Security Symposium, NDSS 2017, San Diego, California, USA, February 26 - March 1, 2017. The Internet Society. https:\/\/www.ndss-symposium.org\/ndss2017\/ndss-2017- programme\/vuzzer-application-aware-evolutionary-fuzzing\/"},{"key":"e_1_3_2_1_41_1","volume-title":"26th USENIX Security Symposium, USENIX Security 2017","author":"Serebryany Kostya","year":"2017","unstructured":"Kostya Serebryany. 2017. OSS-Fuzz - Google's Continuous Fuzzing Service for Open Source Software. In 26th USENIX Security Symposium, USENIX Security 2017, Vancouver, BC, Canada, August 16- 18, 2017. USENIX Association. https:\/\/www.usenix.org\/conference\/ usenixsecurity17\/technical-sessions\/presentation\/serebryany"},{"key":"e_1_3_2_1_42_1","volume-title":"Proceedings of the Network and Distributed System Security Symposium, NDSS 2005","author":"Smirnov Alexey","year":"2005","unstructured":"Alexey Smirnov and Tzi-cker Chiueh. 2005. DIRA: Automatic Detection, Identification and Repair of Control-Hijacking Attacks. In Proceedings of the Network and Distributed System Security Symposium, NDSS 2005, San Diego, California, USA. The Internet Society. https:\/\/www.ndss-symposium.org\/ndss2005\/dira-automaticdetection- identification-and-repair-control-hijacking-attacks\/"},{"key":"e_1_3_2_1_43_1","doi-asserted-by":"publisher","DOI":"10.1145\/3180155.3180250"},{"key":"e_1_3_2_1_44_1","volume-title":"Ramblr: Making Reassembly Great Again. In 24th Annual Network and Distributed System Security Symposium, NDSS 2017","author":"Wang Ruoyu","year":"2017","unstructured":"Ruoyu Wang, Yan Shoshitaishvili, Antonio Bianchi, Aravind Machiry, John Grosen, Paul Grosen, Christopher Kruegel, and Giovanni Vigna. 2017. Ramblr: Making Reassembly Great Again. In 24th Annual Network and Distributed System Security Symposium, NDSS 2017, San Diego, California, USA, February 26 - March 1, 2017. The Internet Society. https:\/\/www.ndss-symposium.org\/ndss2017\/ndss-2017- programme\/ramblr-making-reassembly-great-again\/"},{"key":"e_1_3_2_1_45_1","doi-asserted-by":"publisher","DOI":"10.1109\/SP.2010.37"},{"key":"e_1_3_2_1_46_1","doi-asserted-by":"publisher","DOI":"10.1016\/j.cose.2020.101751"},{"key":"e_1_3_2_1_47_1","doi-asserted-by":"publisher","DOI":"10.1145\/1102120.1102151"},{"key":"e_1_3_2_1_48_1","volume-title":"ARCUS: Symbolic Root Cause Analysis of Exploits in Production Systems. In 30th USENIX Security Symposium (USENIX Security 21)","author":"Yagemann Carter","year":"2021","unstructured":"Carter Yagemann, Matthew Pruett, Simon P. Chung, Kennon Bittick, Brendan Saltaformaggio, and Wenke Lee. 2021. ARCUS: Symbolic Root Cause Analysis of Exploits in Production Systems. In 30th USENIX Security Symposium (USENIX Security 21). USENIX Association. https:\/\/www.usenix.org\/conference\/usenixsecurity21\/presentation\/yagemann"},{"key":"e_1_3_2_1_49_1","doi-asserted-by":"publisher","DOI":"10.1145\/3597503.3639222"}],"event":{"name":"CCS '24: ACM SIGSAC Conference on Computer and Communications Security","location":"Salt Lake City UT USA","acronym":"CCS '24","sponsor":["SIGSAC ACM Special Interest Group on Security, Audit, and Control"]},"container-title":["Proceedings of the 2024 on ACM SIGSAC Conference on Computer and Communications Security"],"original-title":[],"link":[{"URL":"https:\/\/dl.acm.org\/doi\/10.1145\/3658644.3690278","content-type":"unspecified","content-version":"vor","intended-application":"text-mining"},{"URL":"https:\/\/dl.acm.org\/doi\/pdf\/10.1145\/3658644.3690278","content-type":"application\/pdf","content-version":"vor","intended-application":"syndication"},{"URL":"https:\/\/dl.acm.org\/doi\/pdf\/10.1145\/3658644.3690278","content-type":"unspecified","content-version":"vor","intended-application":"similarity-checking"}],"deposited":{"date-parts":[[2025,8,22]],"date-time":"2025-08-22T06:20:22Z","timestamp":1755843622000},"score":1,"resource":{"primary":{"URL":"https:\/\/dl.acm.org\/doi\/10.1145\/3658644.3690278"}},"subtitle":[],"short-title":[],"issued":{"date-parts":[[2024,12,2]]},"references-count":49,"alternative-id":["10.1145\/3658644.3690278","10.1145\/3658644"],"URL":"https:\/\/doi.org\/10.1145\/3658644.3690278","relation":{},"subject":[],"published":{"date-parts":[[2024,12,2]]},"assertion":[{"value":"2024-12-09","order":3,"name":"published","label":"Published","group":{"name":"publication_history","label":"Publication History"}}]}}