A copy of this work was available on the public web and has been preserved in the Wayback Machine. The capture dates from 2011; you can also visit the original URL.
The file type is application/pdf.
Filters
Dynamic Test Generation to Find Integer Bugs in x86 Binary Linux Programs
2009
USENIX Security Symposium
Preserved Fulltext
We introduce new methods for discovering integer bugs using dynamic test generation on x86 binaries, and we describe key design choices in efficient symbolic execution of such programs. ...
We implemented our methods in a prototype tool SmartFuzz, which we use to analyze Linux x86 binary executables. ...
We described new methods for finding integer bugs in dynamic test generation, and we implemented these methods in SmartFuzz, a new dynamic test generation tool. ...
dblp:conf/uss/MolnarLW09
fatcat:6wcvjwzhkvd73acfzhseahqglm
Architecture- and OS-Independent Binary-Level Dynamic Test Generation
[chapter]
2009
Lecture Notes in Computer Science
Preserved Fulltext
A copy of this work was available on the public web and has been preserved in the Wayback Machine. The capture dates from 2020; you can also visit the original URL.
The file type is application/pdf.
We have implemented our ReT-BLDTG, retargeted it to 32-bit x86, PowerPC and Sparc ISAs, and used it to automatically find the six known bugs in the six benchmarks over Linux and Windows. ...
This paper presents a new dynamic test generation technique and a tool, ReTBLDTG, short for ReTargetable Binary-Level Dynamic Test Generation, that implements this technique. ...
But these techniques do not pay their attention to find bugs in binaries, but source code. SAGE [7] is a dynamic test generation tool that works on Windows binaries. ...
doi:10.1007/978-3-642-11145-7_16
fatcat:muzw73vqwzdpbjm7znguc4kxbq
IntFinder: Automatically Detecting Integer Bugs in x86 Binary Program
[chapter]
2009
Lecture Notes in Computer Science
Preserved Fulltext
A copy of this work was available on the public web and has been preserved in the Wayback Machine. The capture dates from 2020; you can also visit the original URL.
The file type is application/pdf.
In this paper, we propose a tool, IntFinder, which can automatically detect Integer bugs in a x86 binary program. We implement IntFinder based on a combination of static and dynamic analysis. ...
Experimental results are quite encouraging: IntFinder has detected the integer bugs in several practical programs as well as one new bug in slocate-2.7, and it achieves a low false positives and negatives ...
Acknowledgements This work was supported in part by grants from the Chinese National Natural Science ...
doi:10.1007/978-3-642-11145-7_26
fatcat:jr6tcjo3fbd7beqxmmnzqfgmm4
ICICLE: A Re-Designed Emulator for Grey-Box Firmware Fuzzing
[article]
2023
arXiv
pre-print
Preserved Fulltext
A copy of this work was available on the public web and has been preserved in the Wayback Machine. The capture dates from 2023; you can also visit the original URL.
The file type is application/pdf.
Further, to demonstrate the effectiveness of Icicle to discover bugs in a currently unsupported architecture in emulation-based fuzzers, we perform a fuzzing campaign with real-world MSP430 firmware binaries ...
The instrumentation techniques added to extract feedback and guide input mutations towards generating effective test cases is at the core of modern fuzzers. ...
critical to finding this bug. ...
arXiv:2301.13346v1
fatcat:e3d22mt2cvgpjhei7e56kc73j4
Industrial Application of Concolic Testing on Embedded Software: Case Studies
2012
2012 IEEE Fifth International Conference on Software Testing, Verification and Validation
Preserved Fulltext
A copy of this work was available on the public web and has been preserved in the Wayback Machine. The capture dates from 2017; you can also visit the original URL.
The file type is application/pdf.
To alleviate this problem, concolic testing generates test cases that can achieve high coverage in an automated fashion. ...
Thus, it is necessary to check if concolic testing can detect bugs in embedded software in a practical manner through case studies. ...
SAGE [14] is a concolic testing tool that uses this approach to detect security bugs in x86-binaries. 3) Instrumentation of virtual machines: The concolic testing tools in this group are implemented ...
doi:10.1109/icst.2012.119
dblp:conf/icst/KimKJ12
fatcat:46h7srxyhjh7hinhnbu5ic3fsi
Checksum-Aware Fuzzing Combined with Dynamic Taint Analysis and Symbolic Execution
2011
ACM Transactions on Privacy and Security
Preserved Fulltext
A copy of this work was available on the public web and has been preserved in the Wayback Machine. The capture dates from 2015; you can also visit the original URL.
The file type is application/pdf.
Fuzz testing has proven successful in finding security vulnerabilities in large programs. ...
Furthermore, it can fix checksum values in generated inputs using combined concrete and symbolic execution techniques. (2) TaintScope is a taint-based fuzzing tool working at the x86 binary level. ...
A solution means an input likely to cause an integer overflow. SmartFuzz [Molnar et al. 2009 ] can also detect integer bugs at the binary program level based on type inference. ...
doi:10.1145/2019599.2019600
fatcat:7lxi63myd5hsfe7scxnxi5nouy
FramewORk for Embedded System verification
[chapter]
2015
Lecture Notes in Computer Science
Preserved Fulltext
A copy of this work was available on the public web and has been preserved in the Wayback Machine. The capture dates from 2020; you can also visit the original URL.
The file type is application/pdf.
Forest is a bounded model checker that implements symbolic execution on top of the LLVM intermediate language and is able to detect errors in programs developed in C. ...
This enables it to prove the satisfiability of reachability conditions such as the ones presented in SV-COMP. ...
The strengths of symbolic execution are its applicability in a wide spectrum of applications, the possibility of obtaining partial results and the speed of finding bugs when the program has some. ...
doi:10.1007/978-3-662-46681-0_36
fatcat:nhackd7akvf7noyskmvifu2omu
Turning programs against each other: high coverage fuzz-testing using binary-code mutation and dynamic slicing
2015
Proceedings of the 2015 10th Joint Meeting on Foundations of Software Engineering - ESEC/FSE 2015
Preserved Fulltext
A copy of this work was available on the public web and has been preserved in the Wayback Machine. The capture dates from 2015; you can also visit the original URL.
The file type is application/pdf.
Mutation-based fuzzing is a popular and widely employed black-box testing technique for finding security and robustness bugs in software. ...
By systematically mutating the program code of such generating programs, we leverage information about the input format encoded in the generating program to produce high-coverage test inputs, capable of ...
The dynamic slicer is implemented using the Pin [19] dynamic binary instrumentation framework, and works directly on Linux x86 executable programs. ...
doi:10.1145/2786805.2786844
dblp:conf/sigsoft/KargenS15
fatcat:jfufploxuzfqbh2sost4h3ipne
Breaking Through Binaries: Compiler-quality Instrumentation for Better Binary-only Fuzzing
2021
USENIX Security Symposium
Preserved Fulltext
A copy of this work was available on the public web and has been preserved in the Wayback Machine. The capture dates from 2021; you can also visit the original URL.
The file type is application/pdf.
Based on our findings, we design ZAFL: a platform for applying fuzzing-enhancing program transformations to binary-only targets-maintaining compiler-level performance. ...
Thus, applying fuzzing-enhancing program transformations to binary-only fuzzing-without sacrificing performanceremains a compelling challenge. ...
Acknowledgment We would like to thank our reviewers for helping us improve the paper. This material is based upon work supported by the Defense Advanced Research Projects Agency under Contract No. ...
dblp:conf/uss/NagyNHDH21
fatcat:ey3q4amsgfezhh4qcyq3u5dwji
Endicheck: Dynamic Analysis for Detecting Endianness Bugs
[chapter]
2020
Lecture Notes in Computer Science
Preserved Fulltext
A copy of this work was available on the public web and has been preserved in the Wayback Machine. The capture dates from 2020; you can also visit the original URL.
The file type is application/pdf.
It helps developers to find those code locations in their program where they forgot to swap bytes properly. ...
Our approach has been evaluated and validated on the Radeon SI Linux OpenGL driver, which is known to contain endianness-related bugs, and on several open-source programs. ...
the subject program through dynamic binary instrumentation. ...
doi:10.1007/978-3-030-45237-7_15
fatcat:mk2lqf2adreu7gw2xgqwh45aba
From Library Portability to Para-rehosting: Natively Executing Microcontroller Software on Commodity Hardware
[article]
2021
arXiv
pre-print
Preserved Fulltext
A copy of this work was available on the public web and has been preserved in the Wayback Machine. The capture dates from 2021; you can also visit the original URL.
The file type is application/pdf.
Other Versions
2021
Proceedings 2021 Network and Distributed System Security Symposium
unpublished
doi:10.14722/ndss.2021.24308 fatcat:wenoohbtkndklnhd6aa6xefdzm
doi:10.14722/ndss.2021.24308 fatcat:wenoohbtkndklnhd6aa6xefdzm
To demonstrate the superiority of our approach in terms of security testing, we used off-the-shelf dynamic analysis tools (AFL and ASAN) against the rehosted programs and discovered 28 previously-unknown ...
Finding bugs in microcontroller (MCU) firmware is challenging, even for device manufacturers who own the source code. ...
ACKNOWLEDGMENT We would like to thank the anonymous reviewers and our shepherd Dave (Jing) Tian for constructive comments and feedback. ...
arXiv:2107.12867v1
fatcat:y2xpjkggyvfdjfbt4epsu2knmq
Dynamic Analysis and Debugging of Binary Code for Security Applications
[chapter]
2013
Lecture Notes in Computer Science
Preserved Fulltext
A copy of this work was available on the public web and has been preserved in the Wayback Machine. The capture dates from 2015; you can also visit the original URL.
The file type is application/pdf.
In this paper, we present our work on developing a cross-platform interactive analysis tool, which leverages techniques such as symbolic execution and taint tracking to analyze binary code on a range of ...
Dynamic analysis techniques have made a significant impact in security practice, e.g. by automating some of the most tedious processes in detecting vulnerabilities. ...
We would like to thank Ilfak Guilfanov and the IDA team for promptly fixing the bugs that we have reported to them and for their suggestions on the GUI integration. ...
doi:10.1007/978-3-642-40787-1_31
fatcat:rrzv3sdnjzaxnceq5ymofd6axu
Floating-point symbolic execution: A case study in N-version programming
2017
2017 32nd IEEE/ACM International Conference on Automated Software Engineering (ASE)
Preserved Fulltext
A copy of this work was available on the public web and has been preserved in the Wayback Machine. The capture dates from 2020; you can also visit the original URL.
The file type is application/pdf.
Symbolic execution is a well-known program analysis technique for testing software, which makes intensive use of constraint solvers. ...
programming. ...
to find a total of 49 bugs). ...
doi:10.1109/ase.2017.8115670
dblp:conf/kbse/LiewSCDZW17
fatcat:2mzqrrregjaxhiug5ujg3cf6pa
Cross-architecture bug search in binary executables
2017
it - Information Technology
Preserved Fulltext
A copy of this work was available on the public web and has been preserved in the Wayback Machine. The capture dates from 2017; you can also visit the original URL.
The file type is application/pdf.
Unfortunately, existing bug finding methods fall short in that they i) require source code, ii) only work on a single architecture (typically x86), or iii) rely on dynamic analysis, which is difficult ...
AbstractWith the general availability of closed-source software for various CPU architectures, there is a need to identify security-critical vulnerabilities at the binary level. ...
Our system finds the Heartbleed bug in 21 out of 24 tested combinations of software programs across the three supported architectures. ...
doi:10.1515/itit-2016-0040
fatcat:vjedtlsdhvb2pjfzvv6vgk3qs4
Same Coverage, Less Bloat: Accelerating Binary-only Fuzzing with Coverage-preserving Coverage-guided Tracing
[article]
2022
arXiv
pre-print
Preserved Fulltext
A copy of this work was available on the public web and has been preserved in the Wayback Machine. The capture dates from 2022; you can also visit the original URL.
The file type is application/pdf.
Other Versions
2021
Proceedings of the 2021 ACM SIGSAC Conference on Computer and Communications Security
unpublished
doi:10.1145/3460120.3484787 fatcat:sn3bmyylgnh2rlop5sexjr4ypy
doi:10.1145/3460120.3484787 fatcat:sn3bmyylgnh2rlop5sexjr4ypy
, and AFL-Clang by 2-24x, finding more bugs in less time. ...
While executing billions of test cases mandates fast code coverage tracing, the nature of binary-only targets leads to reduced tracing performance. ...
We also thank Peter Goodman and Trail of Bits for assisting us with binary-to-LLVM lifting. ...
arXiv:2209.03441v1
fatcat:wtvil5inanf63bd74rmemnhtty
« Previous
Showing results 1 — 15 out of 1,071 results