Combining dynamic symbolic execution, code static analysis and fuzzing
نویسندگان
چکیده
منابع مشابه
Improving Fuzzing with Symbolic Execution
Fuzzing is a great technique to, for example, discover and reproduce software system vulnerabilities. However, there exist problems with finding test inputs for complex checks (e.g., string equality checks). A recent approach proposes to combine fuzzing techniques with symbolic execution to effectively tackle this problem [1]. The student should examine and discuss the approach given in the pap...
متن کاملDriller: Augmenting Fuzzing Through Selective Symbolic Execution
Memory corruption vulnerabilities are an everpresent risk in software, which attackers can exploit to obtain unauthorized access to confidential information. As products with access to sensitive data are becoming more prevalent, the number of potentially exploitable systems is also increasing, resulting in a greater need for automated software vetting tools. DARPA recently funded a competition,...
متن کاملCombining static analysis and targeted symbolic execution for scalable bug-finding in application binaries
Manual software testing is laborious and prone to human error. Yet, it is the most popular method for quality assurance. Automating the test-case generation promises better effectiveness, especially for exposing “deep” corner-case bugs. Symbolic execution is an automated technique for program analysis that has recently become practical due to advances in constraint solvers. It stands out as an ...
متن کاملDeconstructing Dynamic Symbolic Execution
Dynamic symbolic execution (DSE) is a well-known technique for automatically generating tests to achieve higher levels of coverage in a program. Two keys ideas of DSE are to: (1) seed symbolic execution by executing a program on an initial input; (2) using concrete values from the program execution in place of symbolic expressions whenever symbolic reasoning is hard or not desired. We describe ...
متن کاملCombining Symbolic Execution and Model Checking to Reduce Dynamic Program Analysis Overhead
This paper addresses the problem of reducing the runtime monitoring overhead for programs where fine-grained monitoring of events is required. To this end we complement model checking techniques with symbolic reasoning methods and show that, under certain circumstances, code fragments do not affect the validity of underlying properties. We consider safety properties given as regular expressions...
متن کاملذخیره در منابع من
با ذخیره ی این منبع در منابع من، دسترسی به آن را برای استفاده های بعدی آسان تر کنید
ژورنال
عنوان ژورنال: Proceedings of the Institute for System Programming of the RAS
سال: 2018
ISSN: 2079-8156,2220-6426
DOI: 10.15514/ispras-2018-30(6)-2