📄 Paper accepted to ACSAC 2025

Sagitta: Facilitating Post-Fuzzing Root Cause Analysis via Data Flow Differencing

Oct 4, 2025 Publication

A paper authored by Katsunori Aoki (5th-year Ph.D. student) from the Shinagawa Laboratory has been accepted to the Annual Computer Security Applications Conference (ACSAC 2025), which will be held in Honolulu in December 2025.

The paper proposes Sagitta, a technique that assists post-fuzzing root cause analysis by generating differential data-flow graphs between crashing and non-crashing inputs. Sagitta employs dynamic taint analysis and lightweight control-dependence tracking to produce data-flow differences, allowing it to extract causal chains from input bytes to crash points and efficiently identify root causes.

Through evaluations on real-world bugs in large-scale software such as libpng, LibTIFF, OpenSSL, and Poppler, Sagitta successfully compressed executions involving millions of instructions into concise causal paths and accurately identified crash causes such as out-of-bounds accesses, type confusions, and null dereferences.

ACSAC is a leading international conference in computer security and is ranked A in the CORE Conference Rankings. The acceptance rate of ACSAC 2025 was 18.8% (84/446).

Katsunori Aoki, Takahiro Shinagawa (2025). Sagitta: Facilitating Post-Fuzzing Root Cause Analysis via Data Flow Differencing. ACSAC 2025.

Project

ACSAC Information
Program Analysis Security
Shinagawa Laboratory
Administartor

Shinagawa Laboratory, The University of Tokyo