From 78e1c152c52e9d3266006a11b81d9d1a69348d90 Mon Sep 17 00:00:00 2001
From: Kelly Kaoudis <kelly.kaoudis@trailofbits.com>
Date: Wed, 21 Aug 2024 16:41:10 -0400
Subject: [PATCH] adds currently known publications and public use cases to the
 README

---
 README.md | 18 ++++++++++++++++++
 1 file changed, 18 insertions(+)

diff --git a/README.md b/README.md
index 988acd9d..53732ff7 100644
--- a/README.md
+++ b/README.md
@@ -324,6 +324,24 @@ source file. This is most common when instrumenting compression and
 cryptographic algorithms that have large block sizes. There are a number of
 mitigations for this behavior currently being researched and developed.
 
+## Publications and Current Use Cases
+Here are some of the publicly available things we've done with PolyTracker. If you know of anything else you'd like to see listed here, please let us know!
+
+- The [Format Analysis Workbench](https://github.com/galoisinc/faw) integrates several key PolyTracker features, namely grammar extraction and blind spot detection.
+- Harmon, Carson, Bradford Larsen, and Evan A. Sultanik. "[Toward automated grammar extraction via semantic labeling of parser implementations.](https://bradfordlarsen.com/files/publications/semantic-labeling-langsec-2020.pdf)" 
+2020 IEEE Security and Privacy Workshops (SPW). IEEE, 2020.
+We used PolyTracker traces to automatically extract grammars from instrumented programs.
+- Brodin, Henrik, Marek Surovič, and Evan Sultanik. "[Blind spots: Identifying exploitable program inputs.](https://langsec.org/spw23/papers/Brodin_LangSec23.pdf)"
+2023 IEEE Security and Privacy Workshops (SPW). IEEE, 2023.
+- Henrik used PolyTracker's blind spots (`mapping` and `cavities` more precisely) trace analysis functionality to pinpoint a CVE and [wrote about it on the Trail of Bits blog](https://blog.trailofbits.com/2023/03/30/acropalypse-polytracker-blind-spots/).
+We then added a focus on provenance relationships between information flow tracking (taint) labels, and used these relationships to find unused input bytes, or "blind spots".
+- Kaoudis, Kelly, Henrik Brodin, and Evan Sultanik. "[Automatically Detecting Variability Bugs Through Hybrid Control and Data Flow Analysis.](https://langsec.org/spw23/papers/Kaoudis_LangSec23.pdf)" 
+2023 IEEE Security and Privacy Workshops (SPW). IEEE, 2023. 
+We started building a new kind of differential trace analysis that focuses on helping debug unexpected behavior in programs and compare the effects of bugs across program versions.
+- Evan Sultanik, Marek Surovič, Henrik Brodin, Kelly Kaoudis, Facundo Tuesca, Carson Harmon, Lisa Overall, Joseph Sweeney, and Bradford Larsen.
+"PolyTracker: Whole-Input Dynamic Information Flow Tracing." In Proceedings of the 33rd ACM SIGSOFT International Symposium on Software Testing and Analysis (ISSTA). 
+We brought PolyTracker to ISSTA and talked about the novelty we introduce with the Tainted Directed Acyclic Graph (TDAG) trace format there.
+
 ## License and Acknowledgements
 
 This research was developed by [Trail of Bits](https://www.trailofbits.com/)