Improving guide-based vulnerability detection with hybrid symbolic execution
作者: Yongji Ouyang , Shuai Zeng , Chao Yang , Qingxian Wang
DOI: 10.1109/ICSAI.2014.7009438
关键词:
摘要: Symbolic Execution is a key and useful technology in current refinement software test, but there still exists some problems such as space explosion. In order to mitigate this problem improve the ability for detecting vulnerabilities, paper presents improving guide-based vulnerability detection with hybrid symbolic execution, which aims test suspicious objects. This method conducts path traversal execution model, alternates between dynamic static verify whether it through summarizing characteristics of vulnerabilities generating constraint expression. Experimental result shows that can successfully detect errors 56 seconds, exceeds any other modern mainstream tools including CUTE, KLEE, S2E Cloud9. Compared alleviates Besides, papaer verifies OpenSSL commonly used software.
sci-hub.se 参考文章(15)
David Brumley, Ivan Jager, Thanassis Avgerinos, Edward J. Schwartz, BAP: a binary analysis platform computer aided verification. pp. 463- 469 ,(2011) , 10.1007/978-3-642-22110-1_37
Richard J. Enbody, Jared D. DeMott, Revolutionizing the Field of Grey-box Attack Surface Testing with Evolutionary Fuzzing ,(2007)
Leonardo de Moura, Nikolaj Bjørner, Z3: an efficient SMT solver tools and algorithms for construction and analysis of systems. pp. 337- 340 ,(2008) , 10.1007/978-3-540-78800-3_24
Matthias Neugschwandtner, Asia Slowinska, Istvan Haller, Herbert Bos, Dowsing for overflows: a guided fuzzer to find buffer boundary violations usenix security symposium. pp. 49- 64 ,(2013)
Koushik Sen, Gul Agha, CUTE and jCUTE: Concolic Unit Testing and Explicit Path Model-Checking Tools Computer Aided Verification. pp. 419- 423 ,(2006) , 10.1007/11817963_38
Cristian Cadar, Daniel Dunbar, Dawson Engler, KLEE: unassisted and automatic generation of high-coverage tests for complex systems programs operating systems design and implementation. pp. 209- 224 ,(2008) , 10.5555/1855741.1855756
Tielei Wang, Tao Wei, Guofei Gu, Wei Zou, TaintScope: A Checksum-Aware Directed Fuzzing Tool for Automatic Software Vulnerability Detection ieee symposium on security and privacy. pp. 497- 512 ,(2010) , 10.1109/SP.2010.37
Patrice Godefroid, Michael Y. Levin, David Molnar, SAGE Communications of the ACM. ,vol. 55, pp. 40- 44 ,(2012) , 10.1145/2093548.2093564
Cristina Cifuentes, Christian Hoermann, Nathan Keynes, Lian Li, Simon Long, Erica Mealy, Michael Mounteney, Bernhard Scholz, BegBunch Proceedings of the 2nd International Workshop on Defects in Large Software Systems Held in conjunction with the ACM SIGSOFT International Symposium on Software Testing and Analysis (ISSTA 2009) - DEFECTS '09. pp. 16- 20 ,(2009) , 10.1145/1555860.1555866
Liviu Ciortea, Cristian Zamfir, Stefan Bucur, Vitaly Chipounov, George Candea, Cloud9: a software testing service Operating Systems Review. ,vol. 43, pp. 5- 10 ,(2010) , 10.1145/1713254.1713257