Andrea Fioraldi

BIO

Andrea Fioraldi is currently a Ph.D. student in the Software and Systems Security group of EURECOM under the supervision of Prof. Davide Balzarotti. He is working on new methodologies to improve the effectiveness of security vulnerability discovery techniques such as Fuzz Testing in the scope of the DARPA Chess project.

In 2020, Andrea obtained his MSc degree in Engineering in Computer Science from Sapienza, University of Rome. His thesis was developed during his internship at EURECOM with the supervision of Prof. Balzarotti and its title is “Program State Abstraction for Feedback-driven Fuzz Testing using Likely Invariants”. In 2018, Andrea obtained his BSc degree in Computer and Control Engineering from Sapienza, University of Rome. His thesis is entitled “Symbolic Execution and Debugging Synchronization”.

Andrea is an active player in CyberSecurity competitions (Capture the Flag). He won the Italian CyberChallenge in 2017 in the category of Malware Analysis, he was also part of the first Italian team participating at the ENISA’s European CyberSecurity Challenge. With his team mHACKeroni, he also participated several times to top international competitions among the best hacker teams in the world, such as DEFCON CTF and CCC CTF, with great results.

Andrea is known in the security community for his contributions in the field of Fuzz Testing, specifically (but not limited to) as a maintainer of one of the most advanced and used publicly available fuzzers, AFL++.


PUBLICATIONS

WEIZZ: Automatic Grey-box Fuzzing for Structured Binary Formats
Fioraldi Andrea and D'Elia Daniele Cono and Coppa Emilio
in Proceedings of the 29th ACM SIGSOFT International Symposiumon Software Testing and Analysis
PDF BibTex
AFL++: Combining incremental steps of fuzzing research
Andrea Fioraldi, Dominik Maier, Heiko Eissfeldt, Marc Heuse
in 14th USENIX Workshop on Offensive Technologies (WOOT 20)
PDF BibTex Slides
Fuzzing binaries for memory safety errors with QASan
Andrea Fioraldi, Daniele Cono D'Elia, Leonardo Querzoni
in 2020 IEEE Secure Development Conference (SecDev)
PDF BibTex
The Use of Likely Invariants as Feedback for Fuzzers
Andrea Fioraldi, Daniele Cono D'Elia, Davide Balzarotti
in 30th USENIX Security Symposium (USENIX Security 21)
PDF BibTex
Registered Report: Dissecting American Fuzzy Lop - A FuzzBench Evaluation
Andrea Fioraldi, Alessandro Mantovani, Dominik Maier, Davide Balzarotti
in the 1st International Fuzzing Workshop (FUZZING 2022)
PDF (Report) BibTex
Fuzzing with Data Dependency Information
Alessandro Mantovani, Andrea Fioraldi and Davide Balzarotti
EuroSP 2022, Genoa, Italy
PDF BibTex
LibAFL: A Framework to Build Modular and Reusable Fuzzers
Andrea Fioraldi and Dominik Maier and Dongjia Zhang and Davide Balzarotti
Proceedings of the 29th ACM conference on Computer and communications security (CCS) , Los Angeles, U.S.A.
PDF BibTex
Dissecting American Fuzzy Lop -- A FuzzBench Evaluation
Andrea Fioraldi and Alessandro Mantovani and Dominik Maier and Davide Balzarotti
ACM Trans. Softw. Eng. Methodol.
PDF BibTex
AFLrustrust: A LibAFL-based AFL++ prototype
Andrea Fioraldi and Dominik Maier and Dongjia Zhang and Addison Crump
The 16th Intl. Workshop on Search-Based and Fuzz Testing, Fuzzing Competition
PDF
LibAFL_libfuzzer: Libfuzzer on Top of LibAFL
Addison Crump and Andrea Fioraldi and Dominik Maier and Dongjia Zhang
The 16th Intl. Workshop on Search-Based and Fuzz Testing, Fuzzing Competition
PDF
CrabSandwich: Fuzzing Rust with Rust (Registered Report)
Addison Crump and Dongjia Zhang and Syeda Mahnur Asif and Dominik Maier and Andrea Fioraldi and Thorsten Holz and Davide Balzarotti
Proceedings of the 2nd International Fuzzing Workshop (FUZZING) 2023
PDF (Report) BibTex
Predictive Context-sensitive Fuzzing
Pietro Borrello, Andrea Fioraldi, Daniele Cono D’Elia, Davide Balzarotti, Leonardo Querzoni and Cristiano Giuffrida
NDSS 2024, Network and Distributed System Security (NDSS) Symposium, San Diego, CA, USA
PDF BibTex
LibAFL QEMU: A Library for Fuzzing-oriented Emulation
Romain Malmain, Andrea Fioraldi, Aurélien Francillon
BAR 2024, Workshop on Binary Analysis Research (colocated with NDSS Symposium), San Diego (USA)
PDF BibTex

TALKS

Fuzzers like LEGO
Fioraldi Andrea and Dominik Maier
Remote Chaos Experience (CCC), December 2020
Slides Video
LibAFL: The Advanced Fuzzing Library
Fioraldi Andrea and Dominik Maier
FUZZCON EUROPE, October 2021
Slides
Modern Fuzzing Research & Engineering
Fioraldi Andrea
Summer School: Graz Security Week 2022, September 2022
Slides
Unraveling the Challenges of Modern Fuzzing
Fioraldi Andrea
Summer School: Cyber in Sophia Antipolis 2023, July 2023
Slides
Fuzz Everything, Everywhere, All at Once
Dominik Maier, Dongjia Zhang, Andrea Fioraldi, Addison Crump and Marc Heuse
37C3 (CCC), December 2023
Slides Video

SERVICES


CONTACT


EURECOM
Campus SophiaTech,
450 Route des Chappes, 06410 Biot FRANCE
Office: 370