CREST

PILOT: Command-line Interface Fuzzing via Path-Guided, Iterative Large Language Model Prompting
Command-line interface (CLI) fuzzing tests programs by mutating command-line options and input files to discover vulnerabilities. …
Cite arXiv
NecoFuzz: Effective Fuzzing of Nested Virtualization via Fuzz-Harness Virtual Machines
Nested virtualization is now widely supported by major cloud vendors, allowing users to leverage virtualization-based technologies in …
Cite DOI arXiv
SmartC2Rust: Iterative, Feedback-Driven C-to-Rust Translation via Large Language Models for Safety and Equivalence
Memory safety vulnerabilities remain prevalent in today’s software systems and one promising solution to mitigate them is to adopt …
Cite DOI arXiv
Sagitta: Facilitating Post-Fuzzing Root Cause Analysis via Data Flow Differencing
Fuzzing is an effective technique to discover software vulnerabilities by automatically generating large volumes of inputs that may …
Cite Slides DOI
BadAML: Exploiting Legacy Firmware Interfaces to Compromise Confidential Virtual Machines
Confidential virtual machines (CVMs) are an emerging form of trusted execution environment that enable existing operating systems (OSs) …
Cite Slides DOI
Hardware Authenticator Binding: A Secure Alternative to Passkeys
Fast Identity Online 2 (FIDO2) uses public-key authentication to address the weaknesses of password-based methods. FIDO2 assumes that …
DOI
Hardware Authenticator Binding: A Secure Alternative to Passkeys
vRM: Verifying Reference Monitors via Exhaustive Access Pattern Generation
Application sandboxes restrict program behavior to prevent system-wide damage. Within such sandboxes, reference monitors control which …
Slides DOI
vRM: Verifying Reference Monitors via Exhaustive Access Pattern Generation
Toward Hardware-Assisted Kernel-Bypass Data Movement and Transfer
Modern datacenters spend a significant amount of CPU time on simple but frequent data movement operations such as memory copying, …
Poster Abstract
AML Injection Attacks on Confidential VMs
機密仮想マシン(Confidential VM)は、信頼できないクラウド上でホストされた仮想マシン(VM)において、クラウド利用者が自らの機密データを安全に処理できる新技術です。AMD SEV や Intel TDX に代表される CPU ハードウェアを信頼の基点とした …
Slide Video
AML Injection Attacks on Confidential VMs
Toward A Secure and Highly Available Credit Card Payment Scheme with Trusted Execution Environments
キャッシュレス決済への世界的な移行が加速しており、クレジットカードはその利便性から依然として人気が高い。しかし、現在のクレジットカード決済システムには、認証プロセス中にカードデータがプレーンテキストで送信されるためのセキュリティリスク、リレーセンターの障害によるシステム …
Abstract