{"title":"A Novel Method Makes Concolic System More Effective","authors":"Hongliang Liang, Zhengyu Li, Minhuan Huang, Xiaoxiao Pei","doi":"10.1109/CSCloud.2017.43","DOIUrl":null,"url":null,"abstract":"Fuzzing is attractive for finding vulnerabilities in binary programs. However, when the application's input space is huge, fuzzing cannot deal with it well. For discovering vulnerabilities more effective, researchers came up concolic testing, and there are much researches on it recently. A common limitation of concolic systems designed to create inputs is that they often concentrate on path-coverage and struggle to exercise deeper paths in the executable under test, but ignore to find those test cases which can trigger the vulnerabilities. In this paper, we present TSM, a novel method for finding potential vulnerabilities in concolic systems, which can help concolic systems more effective for hunting vulnerabilities. We implemented TSM method on a wide-used concolic testing tool-Fuzzgrind, and the evaluation experiments show that TSM can make Fuzzgrind hunt bugs quickly in real-world software, which are hardly found ever before.","PeriodicalId":436299,"journal":{"name":"2017 IEEE 4th International Conference on Cyber Security and Cloud Computing (CSCloud)","volume":"56 1","pages":"0"},"PeriodicalIF":0.0000,"publicationDate":"2017-06-01","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":"0","resultStr":null,"platform":"Semanticscholar","paperid":null,"PeriodicalName":"2017 IEEE 4th International Conference on Cyber Security and Cloud Computing (CSCloud)","FirstCategoryId":"1085","ListUrlMain":"https://doi.org/10.1109/CSCloud.2017.43","RegionNum":0,"RegionCategory":null,"ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":null,"EPubDate":"","PubModel":"","JCR":"","JCRName":"","Score":null,"Total":0}
引用次数: 0
Abstract
Fuzzing is attractive for finding vulnerabilities in binary programs. However, when the application's input space is huge, fuzzing cannot deal with it well. For discovering vulnerabilities more effective, researchers came up concolic testing, and there are much researches on it recently. A common limitation of concolic systems designed to create inputs is that they often concentrate on path-coverage and struggle to exercise deeper paths in the executable under test, but ignore to find those test cases which can trigger the vulnerabilities. In this paper, we present TSM, a novel method for finding potential vulnerabilities in concolic systems, which can help concolic systems more effective for hunting vulnerabilities. We implemented TSM method on a wide-used concolic testing tool-Fuzzgrind, and the evaluation experiments show that TSM can make Fuzzgrind hunt bugs quickly in real-world software, which are hardly found ever before.
京公网安备 11010802042870号
京ICP备2023020795号-1
分享
求助内容:
应助结果提醒方式:
扫码关注我们
