A copy of this work was available on the public web and has been preserved in the Wayback Machine. The capture dates from 2022; you can also visit the original URL.
The file type is application/pdf
.
Filters
Rare-Seed Generation for Fuzzing
[article]
2022
arXiv
pre-print
In particular, we present techniques 1) that identify rare paths using quantitative symbolic analysis, and 2) generate inputs that can explore these rare paths using path-guided concolic execution. ...
., program paths with path constraints that are unlikely to be satisfied by random input generation), and then, generating inputs/seeds that trigger rare-paths, one can improve the coverage of fuzzing ...
We guide concolic execution tool CREST [11] using the rare paths we collect from our control flow analysis. ...
arXiv:2212.09004v1
fatcat:xvefnssl45hgvf2rbsshof62ei
Research on Fuzz Testing Framework based on Concolic Execution
2018
DEStech Transactions on Computer Science and Engineering
The work of this paper is to design and realize a fuzz framework based on concolic execution using C++. ...
SYSTEM FRAMEWORK A fuzz framework based on the concolic execution is proposed in this paper. ...
GENERATE SYMBOLIC EXECUTION TREE The symbol execution tree is derived from the control flow chart (CFG). ...
doi:10.12783/dtcse/csae2017/17478
fatcat:5jr6s535cjdehnlhx2a64f4l7e
FuCE: Fuzzing+Concolic Execution guided Trojan Detection in Synthesizable Hardware Designs
[article]
2021
arXiv
pre-print
In this work, we leverage the power of greybox fuzzing combined with concolic execution to explore deeper segments of design and uncover stealthy trojans. ...
Experimental results show that our proposed framework is able to automatically detect trojans faster with fewer test cases, while attaining notable branch coverage, without any manual pre-processing analysis ...
by automated injection of control flow statements on every conditional statement in run time, and generates executable. ...
arXiv:2111.00805v1
fatcat:f3go4fgc5zgnrlyevu2dxbl5wm
MaxAFL: Maximizing Code Coverage with a Gradient-Based Optimization Technique
2020
Electronics
However, there is a limitation that some paths with complex constraints cannot be tested even after long execution. Fuzzers based on concolic execution have emerged to address this issue. ...
The concolic execution fuzzers also have limitations in scalability. Recently, the gradient-based fuzzers that use a gradient to mutate inputs have been introduced. ...
Control Flow Graph and Call Graph The best way to understand the execution flow of programs is to construct the Control Flow Graph (CFG) and the Call Graph. ...
doi:10.3390/electronics10010011
fatcat:yw6i624a7ral7hqtl7ypqu3fou
Search-Based Concolic Execution for SW Vulnerability Discovery
2018
IEICE transactions on information and systems
It searches for unsafe API calls and automatically executes to the program block that have an unsafe API call. Also, we showed that BugHunter is more efficient than angr through experiments. ...
Using search-based concolic execution, it can explore only suspicious execution flows. • BugHunter does not work on program source code but program executables. ...
BugHunter uses the search-based concolic execution
to avoid unnecessary execution paths. First, it constructs a
Control Flow Graph (CFG) by parsing the program binary. ...
doi:10.1587/transinf.2018edl8052
fatcat:2u7rdjj6rja53dc3aksul4hqhe
DeepDiver: Diving into Abysmal Depth of the Binary for Hunting Deeply Hidden Software Vulnerabilities
2020
Future Internet
We combine AFL++ and concolic execution engine and leveraged the trace analyzer approach to construct the tree for each input to detect RCs. ...
Overall, DeepDiver outperformed existing software testing tools, including the patching-based fuzzer and state-of-the-art hybrid fuzzing techniques. ...
Another option is using control flow analysis and complex data flow to track cohesion between the complex conditional jump and input. ...
doi:10.3390/fi12040074
fatcat:ixy3b7ff7jecxj2mgexbqiygsm
CAB-Fuzz: Practical Concolic Testing Techniques for COTS Operating Systems
2017
USENIX Annual Technical Conference
Concolic testing, which generates all feasible inputs of a program by using symbolic execution and tests the program with the generated inputs, is one of the most promising approaches to solve this problem ...
We applied CAB-FUZZ to Windows 7 and Windows Server 2008 and found 21 undisclosed unique crashes, including two local privilege escalation vulnerabilities (CVE-2015-6098 and CVE-2016-0040) and one information ...
In this paper, we propose CAB-FUZZ (Context-Aware and Boundary-focused), a practical system specialized to detect vulnerabilities in COTS OSes based on concolic testing. ...
dblp:conf/usenix/KimLYXLYK17
fatcat:dm3o7kkcdnao7i7i32kg274q4u
MEUZZ: Smart Seed Scheduling for Hybrid Fuzzing
[article]
2020
arXiv
pre-print
MEUZZ's learning is based on a series of features extracted via code reachability and dynamic analysis, which incurs negligible runtime overhead (in microseconds). ...
MEUZZ determines which new seeds are expected to produce better fuzzing yields based on the knowledge learned from past seed scheduling decisions made on the same or similar programs. ...
that flow between fuzzer and concolic executor. ...
arXiv:2002.08568v2
fatcat:as2xekj7rnfltbm4ok25aculhe
SAVIOR: Towards Bug-Driven Hybrid Testing
2020
2020 IEEE Symposium on Security and Privacy (SP)
Hybrid testing combines fuzz testing and concolic execution. ...
It leverages fuzz testing to test easy-to-reach code regions and uses concolic execution to explore code blocks guarded by complex branch conditions. ...
Our further analysis so far reveals at least 25 of them are exploitable for goals such as information leak and control flow manipulation. ...
doi:10.1109/sp40000.2020.00002
dblp:conf/sp/ChenLXGZZWL20
fatcat:5kieeedzrzbetkohcjwwv3abqy
Challenges and opportunities with concolic testing
2015
2015 National Aerospace and Electronics Conference (NAECON)
In this paper, we discuss challenges to widespread adoption of concolic testing in an industrial setting and highlight further opportunities where concolic testing can find renewed applicability. ...
Although concolic testing is increasingly being explored as a viable software verification technique, its adoption in mainstream software development and testing in the industry is not yet extensive. ...
To counter this, control flow obfuscation techniques that aim to confuse the automated analyzers by obfuscating the programs' control flow structures are used to defend against software cracking and piracy ...
doi:10.1109/naecon.2015.7443099
fatcat:n757pypszveyhefimvoy6r3xte
QSYM : A Practical Concolic Execution Engine Tailored for Hybrid Fuzzing
2018
USENIX Security Symposium
Recently, hybrid fuzzing has been proposed to address the limitations of fuzzing and concolic execution by combining both approaches. ...
To overcome this problem, we design a fast concolic execution engine, called QSYM, to support hybrid fuzzing. ...
By adopting this, concolic executors can automatically truncate such complex yet irrelevant logic and stay focused on the input fields that determine a program's control flow. ...
dblp:conf/uss/Yun0XJK18
fatcat:grc2p5imfzhk3a4sfiobl3y24m
A Survey of Search Strategies in the Dynamic Symbolic Execution
2017
ITM Web of Conferences
One key challenge in DSE is to find proper paths in the huge program execution space to generate effective inputs. ...
This paper reviews and compares the main search strategies of DSE in recent years, including the Generational strategy, CarFast, Control-Flow ...
Firstly, Control-Flow Directed Search generates the control flow graph of the program, then assigns values to each edge. ...
doi:10.1051/itmconf/20171203025
fatcat:oererg6dwbgvbfnn3vwgufsywe
EPfuzzer: Improving Hybrid Fuzzing with Hardest-to-reach Branch Prioritization
2020
KSII Transactions on Internet and Information Systems
Hybrid fuzzing which combines fuzzing and concolic execution, has proved its ability to achieve higher code coverage and therefore find more bugs. ...
The evaluation results showed that EPfuzzer was much more efficient and scalable than the state-of-the-art concolic execution engine (QSYM). ...
Target-guided concolic execution is based on the concolic execution engine QSYM. ...
doi:10.3837/tiis.2020.09.018
fatcat:eundhnx44bgunbj33u6nbmxbwy
Survey of Automated Vulnerability Detection and Exploit Generation Techniques in Cyber Reasoning Systems
[article]
2018
arXiv
pre-print
These challenges have made binary analysis an important area of research in computer science and has emphasized the need for building automated analysis systems that can operate at scale, speed and efficacy ...
This growing dependence on technology and the increasing complexity software has serious security implications as it means we are potentially surrounded by software that contain exploitable vulnerabilities ...
Fig. 1 . 1 Example of simple control flow graph (adapted)
• Disassembly and intermediate-representation lifting • Program instrumentation • Symbolic execution • Control-flow analysis • Data-dependency ...
arXiv:1702.06162v4
fatcat:3rhzbmq6yve2jkcx2mv73pjnre
Detecting Exploit Primitives Automatically for Heap Vulnerabilities on Binary Programs
[article]
2022
arXiv
pre-print
Previous works first detected heap vulnerabilities and then searched for exploitable states by using symbolic execution and fuzzing techniques on binary programs. ...
In this paper, we present a solution DEPA to detect exploit primitives based on primitive-crucial-behavior model for heap vulnerabilities. ...
As shown in Figure 3 , the DEPA system contains three modules: (1) primitive-crucial-behavior analysis module, (2) fuzzing module based on generation, and (3) concolic execution module. ...
arXiv:2212.13990v1
fatcat:ztnudgmq6ba5jfakx6fz3u2cj4
« Previous
Showing results 1 — 15 out of 412 results