{"status":"ok","message-type":"work","message-version":"1.0.0","message":{"indexed":{"date-parts":[[2025,12,24]],"date-time":"2025-12-24T08:55:21Z","timestamp":1766566521621,"version":"3.48.0"},"publisher-location":"New York, NY, USA","reference-count":65,"publisher":"ACM","funder":[{"name":"CASA (EXC 2092)","award":["390781972"],"award-info":[{"award-number":["390781972"]}]},{"name":"CROSSING (SFB 1119)","award":["236615297"],"award-info":[{"award-number":["236615297"]}]}],"content-domain":{"domain":["dl.acm.org"],"crossmark-restriction":true},"short-container-title":[],"published-print":{"date-parts":[[2025,6,17]]},"DOI":"10.1145\/3756681.3756956","type":"proceedings-article","created":{"date-parts":[[2025,12,24]],"date-time":"2025-12-24T08:30:04Z","timestamp":1766565004000},"page":"488-499","update-policy":"https:\/\/doi.org\/10.1145\/crossmark-policy","source":"Crossref","is-referenced-by-count":0,"title":["Targeted Fuzzing for Unsafe Rust Code: Leveraging Selective Instrumentation"],"prefix":"10.1145","author":[{"ORCID":"https:\/\/orcid.org\/0009-0003-4249-2373","authenticated-orcid":false,"given":"David","family":"Paa\u00dfen","sequence":"first","affiliation":[{"name":"University of Duisburg-Essen, Essen, Germany"}]},{"ORCID":"https:\/\/orcid.org\/0009-0004-0685-6237","authenticated-orcid":false,"given":"Jens-Rene","family":"Giesen","sequence":"additional","affiliation":[{"name":"University of Duisburg-Essen, Essen, Germany"}]},{"ORCID":"https:\/\/orcid.org\/0000-0002-7322-2777","authenticated-orcid":false,"given":"Lucas","family":"Davi","sequence":"additional","affiliation":[{"name":"University of Duisburg-Essen, Essen, Germany"}]}],"member":"320","published-online":{"date-parts":[[2025,12,24]]},"reference":[{"key":"e_1_3_3_2_2_2","unstructured":"AFL++-Contributors. 2024. AFL++ Best Practices. https:\/\/github.com\/AFLplusplus\/AFLplusplus\/blob\/stable\/docs\/best_practices.md."},{"key":"e_1_3_3_2_3_2","unstructured":"Afl.rs-Contributors. 2016. afl.rs. https:\/\/github.com\/rust-fuzz\/afl.rs."},{"key":"e_1_3_3_2_4_2","unstructured":"Android-Contributors. 2022. Android Rust Introduction. https:\/\/source.android.com\/docs\/setup\/build\/rust\/building-rust-modules\/overview."},{"key":"e_1_3_3_2_5_2","unstructured":"Andrea Arcuri and Lionel Briand. 2014. A Hitchhiker\u2019s guide to statistical tests for assessing randomized algorithms in software engineering. Software Testing Verification and Reliability (2014)."},{"key":"e_1_3_3_2_6_2","doi-asserted-by":"publisher","DOI":"10.14722\/ndss.2019.23371"},{"key":"e_1_3_3_2_7_2","doi-asserted-by":"crossref","unstructured":"Vytautas Astrauskas Christoph Matheja Federico Poli Peter M\u00fcller and Alexander\u00a0J. Summers. 2020. How Do Programmers Use Unsafe Rust? ACM on Programming Languages (2020).","DOI":"10.1145\/3428204"},{"key":"e_1_3_3_2_8_2","unstructured":"The Rust\u00a0Fuzzing Authority. 2024. cargo fuzz - command line helpers for fuzzing. https:\/\/github.com\/rust-fuzz\/cargo-fuzz."},{"key":"e_1_3_3_2_9_2","unstructured":"The Rust\u00a0Fuzzing Authority. 2024. honggfuzz-rs - fuzzing Rust code with honggfuzz. https:\/\/github.com\/rust-fuzz\/honggfuzz-rs."},{"key":"e_1_3_3_2_10_2","unstructured":"The Rust\u00a0Fuzzing Authority. 2024. Trophy Case - Collection of bugs uncovered by fuzzing Rust code. https:\/\/github.com\/rust-fuzz\/trophy-case."},{"key":"e_1_3_3_2_11_2","doi-asserted-by":"publisher","DOI":"10.1145\/3477132.3483570"},{"key":"e_1_3_3_2_12_2","volume-title":"USENIX Security Symposium","author":"Bang Inyoung","year":"2023","unstructured":"Inyoung Bang, Martin Kayondo, HyunGon Moon, and Yunheung Paek. 2023. TRust: A Compilation Framework for In-process Isolation to Protect Safe Rust against Untrusted Code. In USENIX Security Symposium."},{"key":"e_1_3_3_2_13_2","doi-asserted-by":"publisher","DOI":"10.1145\/3368089.3409729"},{"key":"e_1_3_3_2_14_2","doi-asserted-by":"publisher","DOI":"10.1145\/3133956.3134020"},{"key":"e_1_3_3_2_15_2","doi-asserted-by":"publisher","DOI":"10.1145\/2976749.2978428"},{"key":"e_1_3_3_2_16_2","unstructured":"Microsoft Security\u00a0Response Center. 2019. We need a safer systems programming language. https:\/\/msrc.microsoft.com\/blog\/2019\/07\/we-need-a-safer-systems-programming-language\/."},{"key":"e_1_3_3_2_17_2","doi-asserted-by":"publisher","DOI":"10.1145\/3243734.3243849"},{"key":"e_1_3_3_2_18_2","volume-title":"USENIX Security Symposium","author":"Cho Kyuwon","year":"2024","unstructured":"Kyuwon Cho, Jongyoon Kim, Kha\u00a0Dinh Duy, Hajeong Lim, and Hojoon Lee. 2024. RustSan: Retrofitting AddressSanitizer for Efficient Sanitization of Rust. In USENIX Security Symposium."},{"key":"e_1_3_3_2_19_2","unstructured":"CISA NSA FBI ACSC CCCS NCSC and CERT NZ. 2023. The Case for Memory Safe Roadmaps. https:\/\/www.nsa.gov\/Press-Room\/Press-Releases-Statements\/Press-Release-View\/Article\/3608324\/us-and-international-partners-issue-recommendations-to-secure-software-products\/."},{"key":"e_1_3_3_2_20_2","unstructured":"Thomas Claburn. 2022. In Rust We Trust: Microsoft Azure CTO shuns C and C++. https:\/\/www.theregister.com\/2022\/09\/20\/rust_microsoft_c\/."},{"key":"e_1_3_3_2_21_2","unstructured":"Lin Clark. 2017. Inside a super fast CSS engine: Quantum CSS. https:\/\/hacks.mozilla.org\/2017\/08\/inside-a-super-fast-css-engine-quantum-css-aka-stylo\/."},{"key":"e_1_3_3_2_22_2","volume-title":"USENIX Security Symposium","author":"Cloosters Tobias","year":"2020","unstructured":"Tobias Cloosters, Michael Rodler, and Lucas Davi. 2020. TeeRex: Discovery and Exploitation of Memory Corruption Vulnerabilities in SGX Enclaves. In USENIX Security Symposium."},{"key":"e_1_3_3_2_23_2","volume-title":"USENIX Security Symposium","author":"Cloosters Tobias","year":"2022","unstructured":"Tobias Cloosters, Johannes Willbold, Thorsten Holz, and Lucas Davi. 2022. SGXFuzz: Efficiently Synthesizing Nested Structures for SGX Enclave Fuzzing. In USENIX Security Symposium."},{"key":"e_1_3_3_2_24_2","unstructured":"Kees Cook. 2022. Rust introduction for v6.1-rc1. https:\/\/lore.kernel.org\/lkml\/202210010816.1317F2C@keescook\/."},{"key":"e_1_3_3_2_25_2","doi-asserted-by":"publisher","DOI":"10.1145\/3605157.3605176"},{"key":"e_1_3_3_2_26_2","doi-asserted-by":"publisher","DOI":"10.1145\/3377811.3380413"},{"key":"e_1_3_3_2_27_2","unstructured":"Facebook. 2021. A brief history of Rust at Facebook. https:\/\/engineering.fb.com\/2021\/04\/29\/developer-tools\/rust\/."},{"key":"e_1_3_3_2_28_2","volume-title":"USENIX Workshop on Offensive Technologies (WOOT)","author":"Fioraldi Andrea","year":"2020","unstructured":"Andrea Fioraldi, Dominik Maier, Heiko Ei\u00dffeldt, and Marc Heuse. 2020. AFL++ : Combining Incremental Steps of Fuzzing Research. In USENIX Workshop on Offensive Technologies (WOOT)."},{"key":"e_1_3_3_2_29_2","doi-asserted-by":"publisher","DOI":"10.1145\/3548606.3560602"},{"key":"e_1_3_3_2_30_2","volume-title":"Symposium on Usable Privacy and Security (SOUPS)","author":"Fulton Kelsey\u00a0R.","year":"2021","unstructured":"Kelsey\u00a0R. Fulton, Anna Chan, Daniel Votipka, Michael Hicks, and Michelle\u00a0L. Mazurek. 2021. Benefits and Drawbacks of Adopting a Secure Programming Language: Rust as a Case Study. In Symposium on Usable Privacy and Security (SOUPS)."},{"key":"e_1_3_3_2_31_2","unstructured":"Andrew Galloni and Ingvar Stepanyan. 2019. A History of HTML Parsing at Cloudflare. https:\/\/blog.cloudflare.com\/html-parsing-1."},{"key":"e_1_3_3_2_32_2","volume-title":"Symposium on Network and Distributed System Security (NDSS)","author":"Godefroid Patrice","year":"2008","unstructured":"Patrice Godefroid, Michael\u00a0Y. Levin, and David\u00a0A. Molnar. 2008. Automated Whitebox Fuzz Testing. In Symposium on Network and Distributed System Security (NDSS)."},{"key":"e_1_3_3_2_33_2","unstructured":"Google. 2020. Chromium Memory Safety. https:\/\/www.chromium.org\/Home\/chromium-security\/memory-safety\/."},{"key":"e_1_3_3_2_34_2","unstructured":"Google. 2024. Honggfuzz - a security oriented software fuzzer. https:\/\/github.com\/google\/honggfuzz."},{"key":"e_1_3_3_2_35_2","doi-asserted-by":"crossref","unstructured":"Ahmad Hazimeh Adrian Herrera and Mathias Payer. 2020. Magma: A Ground-Truth Fuzzing Benchmark. ACM on Measurement and Analysis of Computing Systems 4 (2020).","DOI":"10.1145\/3428334"},{"key":"e_1_3_3_2_36_2","unstructured":"Sam Hocevar. 2006. zzuf. https:\/\/github.com\/samhocevar\/zzuf\/."},{"key":"e_1_3_3_2_37_2","unstructured":"Rishabh Jain and Daniel\u00a0Reiter Horn. 2020. Broccoli: Syncing faster by syncing less. https:\/\/dropbox.tech\/infrastructure\/-broccoli\u2013syncing-faster-by-syncing-less."},{"key":"e_1_3_3_2_38_2","doi-asserted-by":"publisher","DOI":"10.1109\/ASE51524.2021.9678813"},{"key":"e_1_3_3_2_39_2","doi-asserted-by":"publisher","DOI":"10.1145\/3373376.3378486"},{"key":"e_1_3_3_2_40_2","doi-asserted-by":"publisher","DOI":"10.1145\/3243734.3243804"},{"key":"e_1_3_3_2_41_2","doi-asserted-by":"publisher","DOI":"10.1145\/3144555.3144562"},{"key":"e_1_3_3_2_42_2","volume-title":"USENIX Security Symposium","author":"Li Yuwei","year":"2021","unstructured":"Yuwei Li, Shouling Ji, Yuan Chen, Sizhuang Liang, Wei-Han Lee, Yueyao Chen, Chenyang Lyu, Chunming Wu, Raheem Beyah, Peng Cheng, Kangjie Lu, and Ting Wang. 2021. UNIFUZZ: A Holistic and Pragmatic Metrics-Driven Platform for Evaluating Fuzzers. In USENIX Security Symposium."},{"key":"e_1_3_3_2_43_2","doi-asserted-by":"publisher","DOI":"10.1145\/3460120.3484541"},{"key":"e_1_3_3_2_44_2","volume-title":"International Conference on Software Engineering","author":"Liu Peiming","year":"2020","unstructured":"Peiming Liu, Gang Zhao, and Jeff Huang. 2020. Securing unsafe rust programs with XRust. In International Conference on Software Engineering."},{"key":"e_1_3_3_2_45_2","unstructured":"Valentin\u00a0J.M. Man\u00e8s HyungSeok Han Choongwoo Han Sang\u00a0Kil Cha Manuel Egele Edward\u00a0J. Schwartz and Maverick Woo. 2021. The Art Science and Engineering of Fuzzing: A Survey. IEEE Transactions on Software Engineering (2021)."},{"key":"e_1_3_3_2_46_2","doi-asserted-by":"publisher","DOI":"10.1109\/SP54263.2024.00258"},{"key":"e_1_3_3_2_47_2","unstructured":"ONCD. 2024. Back to the Building Blocks: A Path Toward Secure and Measurable Software. https:\/\/www.whitehouse.gov\/oncd\/briefing-room\/2024\/02\/26\/press-release-technical-report\/."},{"key":"e_1_3_3_2_48_2","volume-title":"European Symposium on Research in Computer Security (ESORICS)","author":"Paa\u00dfen David","year":"2021","unstructured":"David Paa\u00dfen, Sebastian Surminski, Michael Rodler, and Lucas Davi. 2021. My Fuzzer Beats Them All! Developing a Framework for Fair Evaluation and Comparison of Fuzzers. In European Symposium on Research in Computer Security (ESORICS)."},{"key":"e_1_3_3_2_49_2","unstructured":"LLVM Project. 2018. libFuzzer \u2013 a library for coverage-guided fuzz testing. https:\/\/llvm.org\/docs\/LibFuzzer.html."},{"key":"e_1_3_3_2_50_2","doi-asserted-by":"publisher","DOI":"10.1145\/3385412.3386036"},{"key":"e_1_3_3_2_51_2","doi-asserted-by":"publisher","DOI":"10.1145\/3485832.3485903"},{"key":"e_1_3_3_2_52_2","unstructured":"Oli Scherer and Ralf Jung. 2016. Miri: An interpreter for Rust\u2019s mid-level intermediate representation. https:\/\/github.com\/rust-lang\/miri."},{"key":"e_1_3_3_2_53_2","doi-asserted-by":"publisher","DOI":"10.1109\/SP54263.2024.00137"},{"key":"e_1_3_3_2_54_2","volume-title":"USENIX Security Symposium","author":"Schumilo Sergej","year":"2021","unstructured":"Sergej Schumilo, Cornelius Aschermann, Ali Abbasi, Simon W\u00f6r-ner, and Thorsten Holz. 2021. Nyx: Greybox Hypervisor Fuzzing using Fast Snapshots and Affine Types. In USENIX Security Symposium."},{"key":"e_1_3_3_2_55_2","doi-asserted-by":"publisher","DOI":"10.1109\/SP.2013.13"},{"key":"e_1_3_3_2_56_2","doi-asserted-by":"publisher","DOI":"10.1145\/3453483.3454084"},{"key":"e_1_3_3_2_57_2","unstructured":"Microsoft\u00a0Azure Team. 2023. Create a Go or Rust function in Azure using Visual Studio Code. https:\/\/learn.microsoft.com\/en-us\/azure\/azure-functions\/create-first-function-vs-code-other."},{"key":"e_1_3_3_2_58_2","doi-asserted-by":"publisher","DOI":"10.1145\/3319535.3363206"},{"key":"e_1_3_3_2_59_2","doi-asserted-by":"crossref","unstructured":"Andr\u00e1s Vargha and Harold\u00a0D. Delaney. 2000. A Critique and Improvement of the \"CL\" Common Language Effect Size Statistics of McGraw and Wong. Journal of Educational and Behavioral Statistics (2000).","DOI":"10.2307\/1165329"},{"key":"e_1_3_3_2_60_2","unstructured":"Melvin Wang. 2023. Open-source Rust driver development platform. https:\/\/techcommunity.microsoft.com\/t5\/surface-it-pro-blog\/open-source-rust-driver-development-platform\/ba-p\/3974222."},{"key":"e_1_3_3_2_61_2","doi-asserted-by":"crossref","unstructured":"Hui Xu Zhuangbin Chen Mingshen Sun Yangfan Zhou and Michael\u00a0R. Lyu. 2021. Memory-Safety Challenge Considered Solved? An In-Depth Study with All Rust CVEs. ACM Transactions on Software Engineering and Methodology (2021).","DOI":"10.1145\/3466642"},{"key":"e_1_3_3_2_62_2","doi-asserted-by":"publisher","DOI":"10.1145\/3597503.3639102"},{"key":"e_1_3_3_2_63_2","doi-asserted-by":"publisher","DOI":"10.1145\/3650212.3680348"},{"key":"e_1_3_3_2_64_2","unstructured":"Michal Zalewski. 2019. Technical Whitepaper for afl-fuzz. https:\/\/lcamtuf.coredump.cx\/afl\/technical_details.txt."},{"key":"e_1_3_3_2_65_2","doi-asserted-by":"publisher","DOI":"10.1145\/3460120.3484596"},{"key":"e_1_3_3_2_66_2","unstructured":"Xiaogang Zhu Sheng Wen Seyit Camtepe and Yang Xiang. 2022. Fuzzing: A Survey for Roadmap. Comput. Surveys (2022)."}],"event":{"name":"EASE '25: Evaluation and Assessment in Software Engineering","location":"Istanbul Turkiye","acronym":"EASE '25"},"container-title":["Proceedings of the 29th International Conference on Evaluation and Assessment in Software Engineering"],"original-title":[],"link":[{"URL":"https:\/\/dl.acm.org\/doi\/pdf\/10.1145\/3756681.3756956","content-type":"unspecified","content-version":"vor","intended-application":"similarity-checking"}],"deposited":{"date-parts":[[2025,12,24]],"date-time":"2025-12-24T08:44:01Z","timestamp":1766565841000},"score":1,"resource":{"primary":{"URL":"https:\/\/dl.acm.org\/doi\/10.1145\/3756681.3756956"}},"subtitle":[],"short-title":[],"issued":{"date-parts":[[2025,6,17]]},"references-count":65,"alternative-id":["10.1145\/3756681.3756956","10.1145\/3756681"],"URL":"https:\/\/doi.org\/10.1145\/3756681.3756956","relation":{},"subject":[],"published":{"date-parts":[[2025,6,17]]},"assertion":[{"value":"2025-12-24","order":3,"name":"published","label":"Published","group":{"name":"publication_history","label":"Publication History"}}]}}