{"status":"ok","message-type":"work","message-version":"1.0.0","message":{"indexed":{"date-parts":[[2026,3,10]],"date-time":"2026-03-10T14:54:22Z","timestamp":1773154462755,"version":"3.50.1"},"publisher-location":"New York, NY, USA","reference-count":58,"publisher":"ACM","license":[{"start":{"date-parts":[[2024,9,30]],"date-time":"2024-09-30T00:00:00Z","timestamp":1727654400000},"content-version":"vor","delay-in-days":0,"URL":"https:\/\/creativecommons.org\/licenses\/by-nc-nd\/4.0\/"}],"funder":[{"name":"Natural Science Foundation of Hunan Province of China","award":["2023RC3021"],"award-info":[{"award-number":["2023RC3021"]}]},{"name":"National Natural Science Foundation China","award":["62306328"],"award-info":[{"award-number":["62306328"]}]},{"name":"National Natural Science Foundation China","award":["62272472"],"award-info":[{"award-number":["62272472"]}]},{"name":"National Natural Science Foundation China","award":["62372218"],"award-info":[{"award-number":["62372218"]}]}],"content-domain":{"domain":["dl.acm.org"],"crossmark-restriction":true},"short-container-title":[],"published-print":{"date-parts":[[2024,9,30]]},"DOI":"10.1145\/3678890.3678933","type":"proceedings-article","created":{"date-parts":[[2024,9,29]],"date-time":"2024-09-29T22:23:36Z","timestamp":1727648616000},"page":"450-464","update-policy":"https:\/\/doi.org\/10.1145\/crossmark-policy","source":"Crossref","is-referenced-by-count":2,"title":["Efficiently Rebuilding Coverage in Hardware-Assisted Greybox Fuzzing"],"prefix":"10.1145","author":[{"ORCID":"https:\/\/orcid.org\/0000-0002-7276-8735","authenticated-orcid":false,"given":"Tai","family":"Yue","sequence":"first","affiliation":[{"name":"Academy of Military Science, China; Department of Computer Science and Engineering, Southern\u00a0University\u00a0of\u00a0Science\u00a0and\u00a0Technology, China and National University of Defense Technology, China"}]},{"ORCID":"https:\/\/orcid.org\/0009-0007-6524-4347","authenticated-orcid":false,"given":"Yibo","family":"Jin","sequence":"additional","affiliation":[{"name":"Department of Computer Science and Engineering, Southern University of Science and Technology, China"}]},{"ORCID":"https:\/\/orcid.org\/0000-0003-3365-2526","authenticated-orcid":false,"given":"Fengwei","family":"Zhang","sequence":"additional","affiliation":[{"name":"Department of Computer Science and Engineering, Southern University of Science and Technology, China"}]},{"ORCID":"https:\/\/orcid.org\/0000-0001-7763-1079","authenticated-orcid":false,"given":"Zhenyu","family":"Ning","sequence":"additional","affiliation":[{"name":"Hunan University, China"}]},{"ORCID":"https:\/\/orcid.org\/0000-0003-3408-4153","authenticated-orcid":false,"given":"Pengfei","family":"Wang","sequence":"additional","affiliation":[{"name":"National University of Defense Technology, China"}]},{"ORCID":"https:\/\/orcid.org\/0000-0002-0075-5003","authenticated-orcid":false,"given":"Xu","family":"Zhou","sequence":"additional","affiliation":[{"name":"National University of Defense Technology, China"}]},{"ORCID":"https:\/\/orcid.org\/0000-0003-2284-7897","authenticated-orcid":false,"given":"Kai","family":"Lu","sequence":"additional","affiliation":[{"name":"National University of Defense Technology, China"}]}],"member":"320","published-online":{"date-parts":[[2024,9,30]]},"reference":[{"key":"e_1_3_2_1_1_1","unstructured":"2018. Stability problem in PTFuzz. https:\/\/github.com\/hunter-ht-2018\/ptfuzzer\/issues\/2."},{"key":"e_1_3_2_1_2_1","unstructured":"Yuichi\u00a0Sugiyama Akira\u00a0Moroo. 2021. ARMored CoreSight: Towards Efficient Binary-only Fuzzing. https:\/\/ricercasecurity.blogspot.com\/2021\/11\/armored-coresight-towards-efficient.html."},{"key":"e_1_3_2_1_3_1","unstructured":"Yuichi\u00a0Sugiyama Akira\u00a0Moroo. 2021. CoreSight-decoder. https:\/\/github.com\/RICSecLab\/coresight-decoder."},{"key":"e_1_3_2_1_4_1","unstructured":"Arm. 2011. CoreSight Trace Memory Controller Technical Reference Manual. https:\/\/developer.arm.com\/documentation\/ddi0461\/b\/?lang=en."},{"key":"e_1_3_2_1_5_1","unstructured":"Arm. 2016. ARM CoreSight SoC-400 Technical Reference Manual. https:\/\/developer.arm.com\/documentation\/100536\/latest\/."},{"key":"e_1_3_2_1_6_1","unstructured":"Arm. 2016. Juno r2 Development Platform SoC. https:\/\/developer.arm.com\/documentation\/100114\/0200."},{"key":"e_1_3_2_1_7_1","unstructured":"Arm. 2021. Embedded Trace Macrocell Architecture Specification ETMv4.0 to ETM4.6. https:\/\/developer.arm.com\/documentation\/ihi0064\/latest\/."},{"key":"e_1_3_2_1_8_1","volume-title":"REDQUEEN: Fuzzing with Input-to-State Correspondence.. In NDSS, Vol.\u00a019. 1\u201315.","author":"Aschermann Cornelius","year":"2019","unstructured":"Cornelius Aschermann, Sergej Schumilo, Tim Blazytko, Robert Gawlik, and Thorsten Holz. 2019. REDQUEEN: Fuzzing with Input-to-State Correspondence.. In NDSS, Vol.\u00a019. 1\u201315."},{"key":"e_1_3_2_1_9_1","unstructured":"Fabrice Bellard. 2005. QEMU a fast and portable dynamic translator.. In USENIX annual technical conference FREENIX Track Vol.\u00a041. Califor-nia USA 10\u20135555."},{"key":"e_1_3_2_1_10_1","unstructured":"Andrea Biondo. 2018. Improving AFL\u2019s QEMU mode performance. https:\/\/abiondo.me\/2018\/09\/21\/improving-afl-qemu-mode\/."},{"key":"e_1_3_2_1_11_1","doi-asserted-by":"publisher","DOI":"10.1109\/TSE.2017.2785841"},{"key":"e_1_3_2_1_12_1","volume-title":"29th USENIX Security Symposium (USENIX Security 20)","author":"Chen Hongxu","year":"2020","unstructured":"Hongxu Chen, Shengjian Guo, Yinxing Xue, Yulei Sui, Cen Zhang, Yuekang Li, Haijun Wang, and Yang Liu. 2020. { MUZZ} : Thread-aware grey-box fuzzing for effective bug hunting in multithreaded programs. In 29th USENIX Security Symposium (USENIX Security 20). 2325\u20132342."},{"key":"e_1_3_2_1_13_1","doi-asserted-by":"publisher","DOI":"10.1109\/SP.2018.00046"},{"key":"e_1_3_2_1_14_1","doi-asserted-by":"publisher","DOI":"10.1145\/3321705.3329828"},{"key":"e_1_3_2_1_15_1","doi-asserted-by":"publisher","DOI":"10.1109\/SP40000.2020.00009"},{"key":"e_1_3_2_1_16_1","doi-asserted-by":"publisher","DOI":"10.1145\/3460120.3484573"},{"key":"e_1_3_2_1_17_1","unstructured":"Eelco Dolstra. 2004. Patchelf. https:\/\/github.com\/NixOS\/patchelf."},{"key":"e_1_3_2_1_18_1","doi-asserted-by":"publisher","DOI":"10.1007\/978-3-030-58951-6_16"},{"key":"e_1_3_2_1_19_1","doi-asserted-by":"publisher","DOI":"10.1145\/3385412.3385972"},{"key":"e_1_3_2_1_20_1","volume-title":"14th { USENIX} Workshop on Offensive Technologies ({ WOOT} 20).","author":"Fioraldi Andrea","unstructured":"Andrea Fioraldi, Dominik Maier, Heiko Ei\u00dffeldt, and Marc Heuse. 2020. AFL++: Combining incremental steps of fuzzing research. In 14th { USENIX} Workshop on Offensive Technologies ({ WOOT} 20)."},{"key":"e_1_3_2_1_21_1","volume-title":"29th USENIX Security Symposium (USENIX Security 20)","author":"Flores-Montoya Antonio","year":"2020","unstructured":"Antonio Flores-Montoya and Eric Schulte. 2020. Datalog disassembly. In 29th USENIX Security Symposium (USENIX Security 20). 1075\u20131092."},{"key":"e_1_3_2_1_22_1","volume-title":"29th USENIX Security Symposium (USENIX Security 20)","author":"Gan Shuitao","year":"2020","unstructured":"Shuitao Gan, Chao Zhang, Peng Chen, Bodong Zhao, Xiaojun Qin, Dong Wu, and Zuoning Chen. 2020. { GREYONE} : Data flow sensitive fuzzing. In 29th USENIX Security Symposium (USENIX Security 20). 2577\u20132594."},{"key":"e_1_3_2_1_23_1","doi-asserted-by":"publisher","DOI":"10.1109\/SP.2018.00040"},{"key":"e_1_3_2_1_24_1","doi-asserted-by":"publisher","DOI":"10.1145\/3460120.3484748"},{"key":"e_1_3_2_1_25_1","unstructured":"Marc Heuse. 2018. AFL-Dyninst. https:\/\/github.com\/vanhauser-thc\/afl-dyninst."},{"key":"e_1_3_2_1_26_1","unstructured":"CC HWANG. [n. d.]. ptm2human. https:\/\/github.com\/hwangcc23\/ptm2human."},{"key":"e_1_3_2_1_27_1","doi-asserted-by":"publisher","DOI":"10.1145\/3503222.3507736"},{"key":"e_1_3_2_1_28_1","doi-asserted-by":"publisher","DOI":"10.14722\/ndss.2021.24334"},{"key":"e_1_3_2_1_29_1","volume-title":"Intel processor trace on linux. Tracing Summit 2015","author":"Kleen Andi","year":"2015","unstructured":"Andi Kleen and Beeman Strong. 2015. Intel processor trace on linux. Tracing Summit 2015 (2015)."},{"key":"e_1_3_2_1_30_1","doi-asserted-by":"publisher","DOI":"10.1145\/3243734.3243804"},{"key":"e_1_3_2_1_31_1","volume-title":"\u03bc AFL: Non-intrusive Feedback-driven Fuzzing for Microcontroller Firmware. arXiv preprint arXiv:2202.03013","author":"Li Wenqiang","year":"2022","unstructured":"Wenqiang Li, Jiameng Shi, Fengjun Li, Jingqiang Lin, Wei Wang, and Le Guan. 2022. \u03bc AFL: Non-intrusive Feedback-driven Fuzzing for Microcontroller Firmware. arXiv preprint arXiv:2202.03013 (2022)."},{"key":"e_1_3_2_1_32_1","doi-asserted-by":"publisher","DOI":"10.1109\/TR.2018.2834476"},{"key":"e_1_3_2_1_33_1","doi-asserted-by":"publisher","DOI":"10.1109\/SANER.2018.8330260"},{"key":"e_1_3_2_1_34_1","doi-asserted-by":"publisher","DOI":"10.1145\/1065010.1065034"},{"key":"e_1_3_2_1_35_1","volume-title":"28th { USENIX} Security Symposium ({ USENIX} Security 19). 1949\u20131966.","author":"Lyu Chenyang","unstructured":"Chenyang Lyu, Shouling Ji, Chao Zhang, Yuwei Li, Wei-Han Lee, Yu Song, and Raheem Beyah. 2019. { MOPT} : Optimized mutation scheduling for fuzzers. In 28th { USENIX} Security Symposium ({ USENIX} Security 19). 1949\u20131966."},{"key":"e_1_3_2_1_36_1","volume-title":"Proceedings of the CanSecWest","author":"Miller Charlie","year":"2008","unstructured":"Charlie Miller. 2008. Fuzz by number: More data about fuzzing than you ever wanted to know. Proceedings of the CanSecWest (2008)."},{"key":"e_1_3_2_1_37_1","volume-title":"30th USENIX Security Symposium (USENIX Security 21)","author":"Nagy Stefan","year":"2021","unstructured":"Stefan Nagy, Anh Nguyen-Tuong, Jason\u00a0D Hiser, Jack\u00a0W Davidson, and Matthew Hicks. 2021. Breaking through binaries: Compiler-quality instrumentation for better binary-only fuzzing. In 30th USENIX Security Symposium (USENIX Security 21). 1683\u20131700."},{"key":"e_1_3_2_1_38_1","doi-asserted-by":"publisher","DOI":"10.1109\/SP.2019.00061"},{"key":"e_1_3_2_1_39_1","unstructured":"nyx fuzz. 2023. libxdc. https:\/\/github.com\/nyx-fuzz\/libxdc."},{"key":"e_1_3_2_1_40_1","doi-asserted-by":"crossref","unstructured":"Sanjay Rawat Vivek Jain Ashish Kumar Lucian Cojocar Cristiano Giuffrida and Herbert Bos. 2017. VUzzer: Application-aware Evolutionary Fuzzing.. In NDSS Vol.\u00a017. 1\u201314.","DOI":"10.14722\/ndss.2017.23404"},{"key":"e_1_3_2_1_41_1","volume-title":"30th USENIX Security Symposium (USENIX Security 21)","author":"Schumilo Sergej","year":"2021","unstructured":"Sergej Schumilo, Cornelius Aschermann, Ali Abbasi, Simon W\u00f6rner, and Thorsten Holz. 2021. Nyx: Greybox hypervisor fuzzing using fast snapshots and affine types. In 30th USENIX Security Symposium (USENIX Security 21). 2597\u20132614."},{"key":"e_1_3_2_1_42_1","volume-title":"26th { USENIX} Security Symposium ({ USENIX} Security 17). 167\u2013182.","author":"Schumilo Sergej","unstructured":"Sergej Schumilo, Cornelius Aschermann, Robert Gawlik, Sebastian Schinzel, and Thorsten Holz. 2017. kafl: Hardware-assisted feedback fuzzing for { OS} kernels. In 26th { USENIX} Security Symposium ({ USENIX} Security 17). 167\u2013182."},{"key":"e_1_3_2_1_43_1","unstructured":"Kostya Serebryany. 2017. { OSS-Fuzz} -Google\u2019s continuous fuzzing service for open source software. (2017)."},{"key":"e_1_3_2_1_44_1","volume-title":"CROWBAR: Natively Fuzzing Trusted Applications Using ARM CoreSight. Journal of Hardware and Systems Security","author":"Shan Haoqi","year":"2023","unstructured":"Haoqi Shan, Moyao Huang, Yujia Liu, Sravani Nissankararao, Yier Jin, Shuo Wang, and Dean Sullivan. 2023. CROWBAR: Natively Fuzzing Trusted Applications Using ARM CoreSight. Journal of Hardware and Systems Security (2023), 1\u201311."},{"key":"e_1_3_2_1_45_1","volume-title":"LightEMU: Hardware Assisted Fuzzing of Trusted Applications. arXiv preprint arXiv:2311.09532","author":"Shan Haoqi","year":"2023","unstructured":"Haoqi Shan, Sravani Nissankararao, Yujia Liu, Moyao Huang, Shuo Wang, Yier Jin, and Dean Sullivan. 2023. LightEMU: Hardware Assisted Fuzzing of Trusted Applications. arXiv preprint arXiv:2311.09532 (2023)."},{"key":"e_1_3_2_1_46_1","doi-asserted-by":"publisher","DOI":"10.1049\/joe.2016.0127"},{"key":"e_1_3_2_1_47_1","doi-asserted-by":"publisher","DOI":"10.1145\/3377811.3380386"},{"key":"e_1_3_2_1_48_1","volume-title":"22nd International Symposium on Research in Attacks, Intrusions and Defenses ({ RAID}","author":"Wang Jinghan","year":"2019","unstructured":"Jinghan Wang, Yue Duan, Wei Song, Heng Yin, and Chengyu Song. 2019. Be sensitive and collaborative: Analyzing impact of coverage metrics in greybox fuzzing. In 22nd International Symposium on Research in Attacks, Intrusions and Defenses ({ RAID} 2019). 1\u201315."},{"key":"e_1_3_2_1_49_1","volume-title":"SyzTrust: State-aware Fuzzing on Trusted OS Designed for IoT Devices. arXiv preprint arXiv:2309.14742","author":"Wang Qinying","year":"2023","unstructured":"Qinying Wang, Boyu Chang, Shouling Ji, Yuan Tian, Xuhong Zhang, Binbin Zhao, Gaoning Pan, Chenyang Lyu, Mathias Payer, Wenhai Wang, 2023. SyzTrust: State-aware Fuzzing on Trusted OS Designed for IoT Devices. arXiv preprint arXiv:2309.14742 (2023)."},{"key":"e_1_3_2_1_50_1","doi-asserted-by":"publisher","DOI":"10.1145\/3510003.3510174"},{"key":"e_1_3_2_1_51_1","doi-asserted-by":"publisher","DOI":"10.1109\/ACCESS.2019.2936235"},{"key":"e_1_3_2_1_52_1","volume-title":"Ecofuzz: Adaptive energy-saving greybox fuzzing as a variant of the adversarial multi-armed bandit. In 29th { USENIX} Security Symposium ({ USENIX} Security 20). 2307\u20132324.","author":"Yue Tai","year":"2020","unstructured":"Tai Yue, Pengfei Wang, Yong Tang, Enze Wang, Bo Yu, Kai Lu, and Xu Zhou. 2020. Ecofuzz: Adaptive energy-saving greybox fuzzing as a variant of the adversarial multi-armed bandit. In 29th { USENIX} Security Symposium ({ USENIX} Security 20). 2307\u20132324."},{"key":"e_1_3_2_1_53_1","unstructured":"Michal Zalewski. 2014. Fuzzing random programs without execve(). https:\/\/lcamtuf.blogspot.com\/2014\/10\/fuzzing-binaries-without-execve.html."},{"key":"e_1_3_2_1_54_1","unstructured":"Michal Zalewski. 2017. American fuzzy lop."},{"key":"e_1_3_2_1_55_1","doi-asserted-by":"publisher","DOI":"10.1109\/MDAT.2020.3002145"},{"key":"e_1_3_2_1_56_1","doi-asserted-by":"publisher","DOI":"10.1109\/ACCESS.2018.2851237"},{"key":"e_1_3_2_1_57_1","doi-asserted-by":"publisher","DOI":"10.1109\/SP40001.2021.00109"},{"key":"e_1_3_2_1_58_1","doi-asserted-by":"publisher","DOI":"10.1145\/3453483.3454096"}],"event":{"name":"RAID '24: The 27th International Symposium on Research in Attacks, Intrusions and Defenses","location":"Padua Italy","acronym":"RAID '24"},"container-title":["The 27th International Symposium on Research in Attacks, Intrusions and Defenses"],"original-title":[],"link":[{"URL":"https:\/\/dl.acm.org\/doi\/10.1145\/3678890.3678933","content-type":"unspecified","content-version":"vor","intended-application":"text-mining"},{"URL":"https:\/\/dl.acm.org\/doi\/pdf\/10.1145\/3678890.3678933","content-type":"unspecified","content-version":"vor","intended-application":"similarity-checking"}],"deposited":{"date-parts":[[2025,6,19]],"date-time":"2025-06-19T01:18:00Z","timestamp":1750295880000},"score":1,"resource":{"primary":{"URL":"https:\/\/dl.acm.org\/doi\/10.1145\/3678890.3678933"}},"subtitle":[],"short-title":[],"issued":{"date-parts":[[2024,9,30]]},"references-count":58,"alternative-id":["10.1145\/3678890.3678933","10.1145\/3678890"],"URL":"https:\/\/doi.org\/10.1145\/3678890.3678933","relation":{},"subject":[],"published":{"date-parts":[[2024,9,30]]},"assertion":[{"value":"2024-09-30","order":3,"name":"published","label":"Published","group":{"name":"publication_history","label":"Publication History"}}]}}