Tech-ASan: Two-Stage Check for Address Sanitizer

Address Sanitizer ASan is a sharp weapon for detecting memory safety violations, including temporal and spatial errors hidden in C/C++ programs during execution. However, ASan incurs significant runtime overhead, which limits its efficiency in testing large software. The overhead mainly comes fro...

ZTaint-Havoc: from Havoc Mode to Zero-Execution Fuzzing-Driven Taint Inference

Fuzzing is a widely used technique for discovering software vulnerabilities, but identifying hot bytes that influence program behavior remains challenging. Traditional taint analysis can track such bytes white-box, but suffers from scalability issue. Fuzzing-Driven Taint Inference FTI offers a...

ARIANNA: an Automatic Design Flow for Fabric Customization and EFPGA Redaction

In the modern global Integrated Circuit IC supply chain, protecting intellectual property IP is a complex challenge, and balancing IP loss risk and added cost for theft countermeasures is hard to achieve. Using embedded configurable logic allows designers to completely hide the functionality of...

CVE-2024-47679

In the Linux kernel, the following vulnerability has been resolved: vfs: fix race between eviceinodes and findinode Hi, all Recently I noticed a bug1 in btrfs, after digged it into and I believe it'a race in vfs. Let's assume there's a inode ie ino 261 with icount 1 is called by iput, and there's...

Secure Your Business with Qualys’ New Cloud Agent Deployment using Qualys Scanner

The significance of cybersecurity in today’s world cannot be understated. Businesses are constantly exposed to evolving threats that challenge their infrastructure. Organizations deploy various security solutions to combat these risks, including agents installed on their servers, endpoints, and...