Title :
Improving guide-based vulnerability detection with hybrid symbolic execution
Author :
Yongji Ouyang ; Shuai Zeng ; Chao Yang ; Qingxian Wang
Author_Institution :
State Key Lab. of Math. Eng. & Adv. Comput., Zhengzhou, China
Abstract :
Symbolic Execution is a key and useful technology in current refinement software test, but there still exists some problems such as space explosion. In order to mitigate this problem and improve the ability for detecting vulnerabilities, this paper presents the improving guide-based vulnerability detection with hybrid symbolic execution, which aims to test suspicious objects. This method conducts path traversal with a hybrid symbolic execution model, which alternates between dynamic and static symbolic execution, and verify whether it is vulnerability through summarizing the characteristics of vulnerabilities and generating a constraint expression. Experimental result shows that this method can successfully detect errors in 56 seconds, which exceeds any other modern mainstream symbolic execution tools including CUTE, KLEE, S2E and Cloud9. Compared with CUTE, this method alleviates the problem of space explosion. Besides, this papaer successfully verifies the vulnerabilities of OpenSSL and some other commonly used software.
Keywords :
program diagnostics; program testing; CUTE; OpenSSL; constraint expression; dynamic symbolic execution; guide-based vulnerability detection; hybrid symbolic execution; path traversal; refinement software test; space explosion problem alleviation; static symbolic execution; Algorithm design and analysis; Context; Explosions; Hybrid power systems; Refining; Software; Testing; constraint expression; hybrid symbolic execution; space explosion; test;
Conference_Titel :
Systems and Informatics (ICSAI), 2014 2nd International Conference on
Conference_Location :
Shanghai
Print_ISBN :
978-1-4799-5457-5
DOI :
10.1109/ICSAI.2014.7009438
