Paper Info
Title
File Parsing Vulnerability Detection with Symbolic Execution
Abstract
Symbolic execution simulates program execution by replacing concrete values with symbolic variables for inputs. It could be used in software behavior analysis, vulnerability detection and software security assessment. In this paper, we analyze the path explosion problem encountered in vulnerability detection with the state-of-the-art symbolic execution technology for large scale file parsing programs. We also propose 4 alleviations to ease the problem, i.e. loop controlling, irrelevant path elimination, path selecting and parallel symbolic execution. Based on these alleviations, we implemented a prototype tool to detect file parsing vulnerability in large scale programs automatically, and evaluate it with a suit of benchmarks chosen from open source programs. Our tool detected not only all reported vulnerabilities of memory overflow in the benchmarks, but also some unreported vulnerabilities. The evaluation results show these alleviations could effectively ease the path explosion problem while analyzing large scale file parsing programs.
Year
DOI
Venue
2012
10.1109/TASE.2012.13
TASE
Keywords
Field
DocType
parallel symbolic execution,symbolic execution,file parsing vulnerability detection,path selecting,vulnerability detection,state-of-the-art symbolic execution technology,program execution,irrelevant path elimination,path explosion problem,parsing program,large scale,concrete,security,program analysis,testing,public domain software,color,switches
Programming language,Software behavior,Software security assurance,Computer science,Real-time computing,Symbolic execution,Concolic testing,Parsing,Program analysis,Vulnerability,Vulnerability detection
Conference
Citations 
PageRank 
References 
4
0.42
11
Authors
5
Name
Order
Citations
PageRank
Chaojian Hu140.42
Zhoujun Li2964115.99
Jinxin Ma3226.02
Tao Guo438645.64
Zhiwei Shi51128.54