{"title":"带有抽象解释和静态污点跟踪的自动漏洞挖掘","authors":"Xiaocong Wang, Fei Yan, Fan He","doi":"10.1109/ICCIAUTOM.2011.6183972","DOIUrl":null,"url":null,"abstract":"With the expansion of software scale, effective approaches for automatic vulnerability mining have been in badly needed. This paper presents a novel approach which can generate test cases of high pertinence and reachability. Unlike standard fuzzing techniques which explore the test space blindly, our approach utilizes abstract interpretation based on intervals to locate the Frail-Points of program which may cause buffer over-flow in some special conditions and the technique of static taint trace to build mappings between the Frail-Points and program inputs. Moreover, acquire path constraints of each Frail-Point through symbolic execution. Finally, combine information of mappings and path constraints to propose a policy for guiding test case generation.","PeriodicalId":177039,"journal":{"name":"2011 2nd International Conference on Control, Instrumentation and Automation (ICCIA)","volume":"27 1","pages":"0"},"PeriodicalIF":0.0000,"publicationDate":"2011-12-01","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":"0","resultStr":"{\"title\":\"Automatic vulnerability mining with abstract interpretation and static taint trace\",\"authors\":\"Xiaocong Wang, Fei Yan, Fan He\",\"doi\":\"10.1109/ICCIAUTOM.2011.6183972\",\"DOIUrl\":null,\"url\":null,\"abstract\":\"With the expansion of software scale, effective approaches for automatic vulnerability mining have been in badly needed. This paper presents a novel approach which can generate test cases of high pertinence and reachability. Unlike standard fuzzing techniques which explore the test space blindly, our approach utilizes abstract interpretation based on intervals to locate the Frail-Points of program which may cause buffer over-flow in some special conditions and the technique of static taint trace to build mappings between the Frail-Points and program inputs. Moreover, acquire path constraints of each Frail-Point through symbolic execution. Finally, combine information of mappings and path constraints to propose a policy for guiding test case generation.\",\"PeriodicalId\":177039,\"journal\":{\"name\":\"2011 2nd International Conference on Control, Instrumentation and Automation (ICCIA)\",\"volume\":\"27 1\",\"pages\":\"0\"},\"PeriodicalIF\":0.0000,\"publicationDate\":\"2011-12-01\",\"publicationTypes\":\"Journal Article\",\"fieldsOfStudy\":null,\"isOpenAccess\":false,\"openAccessPdf\":\"\",\"citationCount\":\"0\",\"resultStr\":null,\"platform\":\"Semanticscholar\",\"paperid\":null,\"PeriodicalName\":\"2011 2nd International Conference on Control, Instrumentation and Automation (ICCIA)\",\"FirstCategoryId\":\"1085\",\"ListUrlMain\":\"https://doi.org/10.1109/ICCIAUTOM.2011.6183972\",\"RegionNum\":0,\"RegionCategory\":null,\"ArticlePicture\":[],\"TitleCN\":null,\"AbstractTextCN\":null,\"PMCID\":null,\"EPubDate\":\"\",\"PubModel\":\"\",\"JCR\":\"\",\"JCRName\":\"\",\"Score\":null,\"Total\":0}","platform":"Semanticscholar","paperid":null,"PeriodicalName":"2011 2nd International Conference on Control, Instrumentation and Automation (ICCIA)","FirstCategoryId":"1085","ListUrlMain":"https://doi.org/10.1109/ICCIAUTOM.2011.6183972","RegionNum":0,"RegionCategory":null,"ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":null,"EPubDate":"","PubModel":"","JCR":"","JCRName":"","Score":null,"Total":0}
Automatic vulnerability mining with abstract interpretation and static taint trace
With the expansion of software scale, effective approaches for automatic vulnerability mining have been in badly needed. This paper presents a novel approach which can generate test cases of high pertinence and reachability. Unlike standard fuzzing techniques which explore the test space blindly, our approach utilizes abstract interpretation based on intervals to locate the Frail-Points of program which may cause buffer over-flow in some special conditions and the technique of static taint trace to build mappings between the Frail-Points and program inputs. Moreover, acquire path constraints of each Frail-Point through symbolic execution. Finally, combine information of mappings and path constraints to propose a policy for guiding test case generation.
京公网安备 11010802042870号
京ICP备2023020795号-1
分享
求助内容:
应助结果提醒方式:
扫码关注我们
