Concolic Execute Fuzzing Based on Control-Flow Analysis
作者: Jingxi Li , Xin Xu , Lejian Liao , Lu Li
DOI: 10.1109/CIS.2015.99
关键词:
摘要: This paper proposes a method which utilizing taint analysis to reduce the unnecessary routine, concentrating on control-flow altering input using concolic (concrete and symbolic) execution procedure. A prototype, Concolic Fuzz is implemented based this method, built Pin platform at x86 binary level Z3 as SMT (Satisfiability Modulo Theories) solver. The results of experiments verify that our approach effective in increasing code coverage with remarkably lower resource time cost than standard fuzzing testing tools. scale range symbols are reduced, so computing consumption, especially when data highly structured complex file format.
computer.org
sci-hub.se 参考文章(14)
Nikolaj Bjørner, Anh-Dung Phan, Lars Fleckenstein, νZ - An Optimizing SMT Solver Tools and Algorithms for the Construction and Analysis of Systems. pp. 194- 199 ,(2015) , 10.1007/978-3-662-46681-0_14
Leonardo de Moura, Nikolaj Bjørner, Z3: an efficient SMT solver tools and algorithms for construction and analysis of systems. pp. 337- 340 ,(2008) , 10.1007/978-3-540-78800-3_24
Koushik Sen, Gul Agha, CUTE and jCUTE: Concolic Unit Testing and Explicit Path Model-Checking Tools Computer Aided Verification. pp. 419- 423 ,(2006) , 10.1007/11817963_38
Cristian Cadar, Daniel Dunbar, Dawson Engler, KLEE: unassisted and automatic generation of high-coverage tests for complex systems programs operating systems design and implementation. pp. 209- 224 ,(2008) , 10.5555/1855741.1855756
Tielei Wang, Tao Wei, Guofei Gu, Wei Zou, TaintScope: A Checksum-Aware Directed Fuzzing Tool for Automatic Software Vulnerability Detection ieee symposium on security and privacy. pp. 497- 512 ,(2010) , 10.1109/SP.2010.37
Cristian Cadar, Vijay Ganesh, Peter M. Pawlowski, David L. Dill, Dawson R. Engler, EXE ACM Transactions on Information and System Security. ,vol. 12, pp. 1- 38 ,(2008) , 10.1145/1455518.1455522
Alex Skaletsky, Tevi Devor, Nadav Chachmon, Robert Cohn, Kim Hazelwood, Vladimir Vladimirov, Moshe Bach, Dynamic program analysis of Microsoft Windows applications international symposium on performance analysis of systems and software. pp. 2- 12 ,(2010) , 10.1109/ISPASS.2010.5452079
Vijay Ganesh, Tim Leek, Martin Rinard, Taint-based directed whitebox fuzzing international conference on software engineering. pp. 474- 484 ,(2009) , 10.1109/ICSE.2009.5070546
Vijay Ganesh, David L. Dill, A Decision Procedure for Bit-Vectors and Arrays Computer Aided Verification. pp. 519- 531 ,(2007) , 10.1007/978-3-540-73368-3_52
Nicholas Nethercote, Julian Seward, How to shadow every byte of memory used by a program virtual execution environments. pp. 65- 74 ,(2007) , 10.1145/1254810.1254820