Stefan Nagy

Stefan Nagy

Assistant Professor
Kahlert School of Computing
University of Utah
Salt Lake City, Utah



About Me

I'm an Assistant Professor in the Kahlert School of Computing at the University of Utah. I earned my Ph.D. in Computer Science from Virginia Tech in 2022 and my Bachelor's from The University of Illinois in 2016.

Broadly, I am interested in security, software, and systems. Some areas I work in include software testing, binary analysis, vulnerability triage, and bug repair. I am especially interested in making efficient and effective quality assurance possible for opaque and otherwise challenging software and systems.

News & Updates

  • 06/2023: Our paper on target-embedded Windows fuzzing snapshotting is accepted to USENIX'23!
  • 05/2023: Our paper on profile-guided system optimizations for fuzzing is accepted to CCS'23!
  • 02/2023: My guest article for ACM Queue magazine The Fun in Fuzzing is now available!
  • 09/2022: Our paper on directed fuzzing optimization SieveFuzz is accepted to ACSAC'22.
  • 03/2022: I will join the Utah School of Computing as an Assistant Professor this coming summer.
  • 01/2022: Check out my guest blog on transparent and mutable disassembly for Trail of Bits.

Research Summary

Binary Analysis / Fuzzing: USENIX'23 CCS'21 USENIX'21 Oakland'19
Software Security / Fuzzing: CCS'23 ACSAC'22 ICSE'18
Security Ethics / Education: ISTAS'19 ICDF2C'15
Digital Forensics: SADFE'15 ICDF2C'15

Publications

2023

No Linux, No Problem: Fast and Correct Windows Binary Fuzzing via Target-embedded Snapshotting.
Leo Stone, Rishi Ranjan, Stefan Nagy, and Matthew Hicks.
USENIX Security Symposium (USENIX'23).


2023

Profile-guided System Optimizations for Accelerated Greybox Fuzzing.
Yunhang Zhang, Chengbin Pang, Stefan Nagy, Xun Chen, and Jun Xu.
ACM Conference on Computer and Communications Security (CCS'23).


2023

The Fun in Fuzzing: The Debugging Technique Comes into Its Own.
Stefan Nagy, Peter Alvaro.
ACM Queue Magazine.


2022

One Fuzz Doesn’t Fit All: Optimizing Directed Fuzzing via Target-tailored Program State Restriction.
Prashast Srivastava, Stefan Nagy, Matthew Hicks, Antonio Bianchi, and Mathias Payer.
Annual Computer Security Applications Conference (ACSAC'22).

code


2022

Practical Feedback and Instrumentation Enhancements for Performant Security Testing of Closed-source Executables.
Virginia Polytechnic Institute and State University (Ph.D. Thesis).


2021

Same Coverage, Less Bloat: Accelerating Binary-only Fuzzing with Coverage-preserving Coverage-guided Tracing.
Stefan Nagy, Anh Nguyen-Tuong, Jason Hiser, Jack Davidson, and Matthew Hicks.
ACM Conference on Computer and Communications Security (CCS'21).

video slides code


2021

Breaking Through Binaries: Compiler-quality Instrumentation for Better Binary-only Fuzzing.
Stefan Nagy, Anh Nguyen-Tuong, Jason Hiser, Jack Davidson, and Matthew Hicks.
USENIX Security Symposium (USENIX'21).

video slides code


2019

A Case Study on a Sustainable Framework for Ethically Aware Predictive Modeling.
Thomas Lux, Stefan Nagy, Mohammed Almanaa, Sirui Yao, Reid Bixler.
IEEE International Symposium on Technology and Society (ISTAS'19).

video


2019

Full-speed Fuzzing: Reducing Fuzzing Overhead through Coverage-guided Tracing.
Stefan Nagy, Matthew Hicks.
IEEE Symposium on Security and Privacy (Oakland'19).

video slides code


2018

Secure Coding Practices in Java: Challenges and Vulnerabilities.
Na Meng, Stefan Nagy, Danfeng Yao, Wenjie Zhuang, Gustavo Argoty.
International Conference on Software Engineering (ICSE'18).

news1 news2 news3


2015

Digital Forensics Education: A Multidisciplinary Curriculum Model.
Imani Palmer, Elaine Wood, Stefan Nagy, Gabriela Garcia, Masooda Bashir, Roy Campbell.
International Conference on Digital Forensics & Cyber Crime (ICDF2C'15).


2015

Schedule-Based Side-Channel Attack in Fixed-Priority Real-time Systems.
Chien-Ying Chen, Amiremad Ghassami, Stefan Nagy, Man-Ki Yoon, Sibin Mohan, Negar Kiyavash, Rakesh B Bobba, Rodolfo Pellizzoni.
Illinois Digital Environment for Access to Learning and Scholarship.


2015

An Empirical Study on Current Models for Reasoning about Digital Evidence.
Stefan Nagy, Imani Palmer, Sathya Sundaramurthy, Xinming Ou, Roy Campbell.
Intl. Conf. on Systematic Approaches to Digital Forensic Engineering (SADFE'15).

Open-source Software

Dr. Disassembler: A platform for transparent and mutable binary disassembly. GitHub
HeXcite (CCS'21): High-Efficiency eXpanded Coverage for Improved Testing of Executables. GitHub
ZAFL (USENIX'21): A compiler-quality binary fuzzing instrumenter. GitLab
UnTracer-AFL (Oakland'19): Fast fuzzing through Coverage-guided Tracing. GitHub
FoRTE-FuzzBench (Oakland'19): An open-source fuzzing benchmark. GitHub
AFL-FID (Oakland'19): A suite of tools for fixed-corpus fuzzing experiments. GitHub
AFL-Dyninst: An improved fork of AFL-Dyninst for binary fuzzing. GitHub

Teaching

CS 4440: Introduction to Computer Security [Spring 2023, Fall 2023] Website
CS 5963 / 6963: Applied Software Security Testing [Fall 2022] Website

Contact Information

Merrill Engineering (MEB) 3446
50 Central Campus Drive
Salt Lake City, UT 84112
snagy@cs.utah.edu
+1 801-581-8224