Filters








19 Hits in 1.8 sec

Enhancing symbolic execution with veritesting

Thanassis Avgerinos, Alexandre Rebert, Sang Kil Cha, David Brumley
2016 Communications of the ACM  
MergePoint introduces veritesting, a new technique that employs static symbolic execution to amplify the effect of dynamic symbolic execution.  ...  Veritesting allows MergePoint to find twice as many bugs, explore orders of magnitude more paths, and achieve higher code coverage than previous dynamic symbolic execution systems.  ...  CONCLUSION In this paper we proposed MergePoint and veritesting, a new technique to enhance symbolic execution with verificationbased algorithms.  ... 
doi:10.1145/2927924 fatcat:uxzvuhiwpnacxmhj2jch5mpf7y

Enhancing symbolic execution with veritesting

Thanassis Avgerinos, Alexandre Rebert, Sang Kil Cha, David Brumley
2014 Proceedings of the 36th International Conference on Software Engineering - ICSE 2014  
MergePoint introduces veritesting, a new technique that employs static symbolic execution to amplify the effect of dynamic symbolic execution.  ...  Veritesting allows MergePoint to find twice as many bugs, explore orders of magnitude more paths, and achieve higher code coverage than previous dynamic symbolic execution systems.  ...  CONCLUSION In this paper we proposed MergePoint and veritesting, a new technique to enhance symbolic execution with verificationbased algorithms.  ... 
doi:10.1145/2568225.2568293 dblp:conf/icse/AvgerinosRCB14 fatcat:lju5ctb2dbfpnp6cbdyvpox4ka

A Survey of Search Strategies in the Dynamic Symbolic Execution

Yu Liu, Xu Zhou, Wei-Wei Gong, X. Li, H. Yang, Y. Dai, L. Long, Y. Li
2017 ITM Web of Conferences  
Dynamic symbolic execution (DSE) is an important way to discover software vulnerabilities.  ...  One key challenge in DSE is to find proper paths in the huge program execution space to generate effective inputs.  ...  RWset truncates a path as soon as possibl e, thereby enhancing the efficiency of the dynamic symbolic execution, and reducing the path explosion. Veritesting.  ... 
doi:10.1051/itmconf/20171203025 fatcat:oererg6dwbgvbfnn3vwgufsywe

A hybrid symbolic execution assisted fuzzing method

Li Zhang, Vrizlynn L. L. Thing
2017 TENCON 2017 - 2017 IEEE Region 10 Conference  
This method starts with a bounded symbolic execution of the target program so as to explore as many paths as possible. Constraints of the explored paths are collected and solved for inputs.  ...  and effectiveness of the overall exploration can be greatly enhanced.  ...  However, techniques such as veritesting [18] which performs smart path merging has facilitated symbolic execution to work efficiently with such complex code constructs.  ... 
doi:10.1109/tencon.2017.8227972 fatcat:ph3qhljpwrca5cgdm6ohbafwnm

SOK: (State of) The Art of War: Offensive Techniques in Binary Analysis

Yan Shoshitaishvili, Ruoyu Wang, Christopher Salls, Nick Stephens, Mario Polino, Andrew Dutcher, John Grosen, Siji Feng, Christophe Hauser, Christopher Kruegel, Giovanni Vigna
2016 2016 IEEE Symposium on Security and Privacy (SP)  
In many situations binary analysis is the only possible way to prove (or disprove) properties about the code that is actually executed.  ...  We found that symbolic execution (including Veritesting) covered an average of 330 blocks per binary (with a median of 260), while fuzzing covered 689 (with a median of 402) and symbolic-assisted fuzzing  ...  Dynamic symbolic execution. We chose to evaluate dynamic symbolic execution both alone and in the presence of the Veritesting path explosion mitigation technique.  ... 
doi:10.1109/sp.2016.17 dblp:conf/sp/Shoshitaishvili16 fatcat:dw3axxn4mbczjmhpwhwd5jnfe4

DASE: Document-Assisted Symbolic Execution for Improving Automated Software Testing

Edmund Wong, Lei Zhang, Song Wang, Taiyue Liu, Lin Tan
2015 2015 IEEE/ACM 37th IEEE International Conference on Software Engineering  
DASE then uses the input constraints to guide symbolic execution to focus on inputs that are semantically more important.  ...  We propose and implement a new approach, Document-Assisted Symbolic Execution (DASE), to improve automated test generation and bug detection.  ...  ACKNOWLEDGMENT The authors thank the statistical counseling service provided by the University of Waterloo and William Marshall for help with the statistical analysis of the results.  ... 
doi:10.1109/icse.2015.78 dblp:conf/icse/WongZWLT15 fatcat:pcfxcedk6ne4rnzk6hmmgb2bwy

Hercules: Reproducing Crashes in Real-World Application Binaries

Van-Thuan Pham, Wei Boon Ng, Konstantin Rubinov, Abhik Roychoudhury
2015 2015 IEEE/ACM 37th IEEE International Conference on Software Engineering  
Experiments on real-life applications such as the Adobe Reader and the Windows Media Player demonstrate that our Hercules tool built on selective symbolic execution engine S2E can generate crashing inputs  ...  within few hours, where symbolic approaches (as embodied by S2E) or blackbox fuzzing approaches (as embodied by the commercial tool PeachFuzzer) failed.  ...  Built on Mayhem, Veritesting enhances dynamic symbolic execution with static symbolic execution [26] . These approaches are orthogonal to our work and can be integrated to enhance its scalability.  ... 
doi:10.1109/icse.2015.99 dblp:conf/icse/PhamNRR15 fatcat:tz7epnwtmrcejmipw4zb2vsovm

A Survey of Symbolic Execution Techniques [article]

Roberto Baldoni, Emilio Coppa, Daniele Cono D'Elia, Camil Demetrescu, Irene Finocchi
2018 arXiv   pre-print
Symbolic execution provides an elegant solution to the problem, by systematically exploring many possible execution paths at the same time without necessarily requiring concrete inputs.  ...  Symbolic execution has been incubated in dozens of tools developed over the last four decades, leading to major practical breakthroughs in a number of prominent software reliability applications.  ...  Section 3 through Section 6 address the key challenges that we listed in Section 1.2, while Section 7 discusses how recent advances in other areas could be applied to enhance symbolic execution techniques  ... 
arXiv:1610.00502v3 fatcat:zez6xtyiuna6rgv7ola3nzxmty

A Survey of Symbolic Execution Techniques

Roberto Baldoni, Emilio Coppa, Daniele Cono D'elia, Camil Demetrescu, Irene Finocchi
2018 ACM Computing Surveys  
Symbolic execution provides an elegant solution to the problem, by systematically exploring many possible execution paths at the same time without necessarily requiring concrete inputs.  ...  Symbolic execution has been incubated in dozens of tools developed over the last four decades, leading to major practical breakthroughs in a number of prominent software reliability applications.  ...  Section 3 through Section 6 address the key challenges that we listed in Section 1.2, while Section 7 discusses how recent advances in other areas could be applied to enhance symbolic execution techniques  ... 
doi:10.1145/3182657 fatcat:h6kadibzkvevxa3lgzdtdokq74

Combining Black-Box and White-Box Techniques for Learning Register Automata [chapter]

Falk Howar, Bengt Jonsson, Frits Vaandrager
2019 Lecture Notes in Computer Science  
In this paper, we explore some directions for future research on how black-box model learning can be enhanced using white-box information extraction methods, with the aim to maintain the benefits of dynamic  ...  Recently, various techniques have been employed to extend automata learning to extended automata models, which combine control flow with guards and assignments to data variables.  ...  There is a range of white-box symbolic execution techniques, such as veritesting [7] , concolic testing [35] , and white-box fuzz testing [34] that can be adapted to find counterexamples for hypothesis  ... 
doi:10.1007/978-3-319-91908-9_26 fatcat:jqjz3fm5ivbdni62vt2mukjmle

Exploiting Trade-offs in Symbolic Execution for Identifying Security Bugs

Athanasios Avgerinos
2018
In the second part of the dissertation, we investigate veritesting, a symbolic execution technique for exploiting the trade-o between formula expressivity and number of program states.  ...  By exploiting specific trade-o s in symbolic execution, such as state pruning and careful state modeling, we show how to increase the efficacy of vanilla symbolic execution in identifying exploitable bugs  ...  Conclusion In this chapter we proposed MergePoint and veritesting, a new technique to enhance symbolic execution with verification-based algorithms.  ... 
doi:10.1184/r1/6716573 fatcat:p3iys4iozvgmlamdkwclfsf2ra

Fatal injection: a survey of modern code injection attack countermeasures

Dimitris Mitropoulos, Diomidis Spinellis
2017 PeerJ Computer Science  
A CIA can have different forms depending on the execution context of the application and the location of the programming flaw that leads to the attack.  ...  With a code injection attack (CIA) an attacker can introduce malicious code into a computer program or system that fails to properly encode data that comes from an untrusted source.  ...  ACKNOWLEDGEMENTS We want to thank the reviewers for providing us with valuable suggestions and insightful comments.  ... 
doi:10.7717/peerj-cs.136 fatcat:erqwjwx3pndy5gkywrt4dwhpf4

Driller: Augmenting Fuzzing Through Selective Symbolic Execution

Nick Stephens, John Grosen, Christopher Salls, Andrew Dutcher, Ruoyu Wang, Jacopo Corbetta, Yan Shoshitaishvili, Christopher Kruegel, Giovanni Vigna
2016 Proceedings 2016 Network and Distributed System Security Symposium   unpublished
As products with access to sensitive data are becoming more prevalent, the number of potentially exploitable systems is also increasing, resulting in a greater need for automated software vetting tools  ...  DARPA recently funded a competition, with millions of dollars in prize money, to further research focusing on automated vulnerability finding and patching, showing the importance of research in this area  ...  These results demonstrate that enhancing a fuzzer with selective concolic execution improves its performance in finding crashes.  ... 
doi:10.14722/ndss.2016.23368 fatcat:xbuhao7zu5apzmmdr7k23gyuiq

FUZZBOMB: Autonomous Cyber Vulnerability Detection and Repair

David Musliner, Scott Friedman, Michael Boldt, J Benton, Max Schuchard, Peter Keller, Stephen Mccamant
unpublished
Starting from our prior work on autonomous cyber defense and symbolic analysis of binary programs, we developed numerous new components to create FUZZBOMB.  ...  The basic principle of symbolic execution is to replace certain concrete values in a program's state with symbolic variables.  ...  We enhanced our existing fault detection and leader election protocol methods to ensure that an OP is active in the cluster with very high reliability.  ... 
fatcat:uyyzt75xmzbzlplotdvpwis2eq

FUZZBOMB : Fully-Autonomous Detection and Repair of Cyber Vulnerabilities

David Musliner, Scott Friedman, Michael Boldt, J Benton, Max Schuchard, Peter Keller, Stephen Mccamant
2016 International Journal on Advances in Security   unpublished
Starting from our prior work on autonomous cyber defense and symbolic analysis of binary programs, we developed numerous new components to create FUZZBOMB.  ...  The basic principle of symbolic execution is to replace certain concrete values in a program's state with symbolic variables.  ...  We enhanced our existing fault detection and leader election protocol methods to ensure that an OP is active in the cluster with very high reliability.  ... 
fatcat:7e333y557zaevpcvxhtg7argoq
« Previous Showing results 1 — 15 out of 19 results