Malathy Nagalakshmi

Lara J. Martin, Malathy Nagalakshmi

High-tech Augmentative and Alternative Communication (AAC) has been rapidly advancing in recent years due to the increased use of large language models (LLMs) like ChatGPT, but many of these techniques are integrated without the inclusion of the users' perspectives. Autistic adults have been particularly neglected in the design of AAC tools. We conducted in-depth interviews with 12 autistic adults to find the pain points of current AAC and determine what technological advances they might find helpful. We found 8 different categories of themes from our interviews: input flexibility, output flexibility, selecting or adapting AAC, contexts for AAC use, benefits, access as an adult, stumbling blocks for continued use, and control of communication. In this paper, we go through these categories in depth -- comparing each to prior work -- and then highlight novel findings to suggest possible research directions.

Raveendra Kumar Medicherla, Malathy Nagalakshmi, Tanya Sharma et al.

Buffer-overruns are a prevalent vulnerability in software libraries and applications. Fuzz testing is one of the effective techniques to detect vulnerabilities in general. Greybox fuzzers such as AFL automatically generate a sequence of test inputs for a given program using a fitness-guided search process. A recently proposed approach in the literature introduced a buffer-overrun specific fitness metric called "headroom", which tracks how close each generated test input comes to exposing the vulnerabilities. That approach showed good initial promise, but is somewhat imprecise and expensive due to its reliance on conservative points-to analysis. Inspired by the approach above, in this paper we propose a new ground-up approach for detecting buffer-overrun vulnerabilities. This approach uses an extended version of ASAN (Address Sanitizer) that runs in parallel with the fuzzer, and reports back to the fuzzer test inputs that happen to come closer to exposing buffer-overrun vulnerabilities. The ASAN-style instrumentation is precise as it has no dependence on points-to analysis. We describe in this paper our approach, as well as an implementation and evaluation of the approach.