📄 Our paper accepted at ACSAC 2025
Sagitta: Facilitating Post-Fuzzing Root Cause Analysis via Data Flow Differencing
A paper by Katsunori Aoki, a fifth-year Ph.D. student in the Shinagawa Laboratory, has been accepted at the Annual Computer Security Applications Conference (ACSAC 2025), which will be held in December 2025 in Honolulu, Hawai, USA.
This paper presents a method to assist post-fuzzing root cause analysis by comparing a crashing input with its non-crashing parent. Sagitta highlights causal chains from input bytes to crash sites through data-flow differencing based on dynamic taint analysis and lightweight control dependence tracking, allowing analysts to identify the root cause efficiently.
The evaluation on real-world bugs in large software systems such as libpng, LibTIFF, OpenSSL, and Poppler shows that Sagitta reduces millions of executed instructions to compact causal paths and correctly identifies the causes of crashes, including out-of-bounds access, type confusion, and null dereference errors.
ACSAC is one of the leading international conferences in security and is ranked A in the CORE Conference Rankings.