Paper Info
Title
MACE: model-inference-assisted concolic exploration for protocol and vulnerability discovery
Abstract
Programstate-space exploration is central to software security, testing, and verification. In this paper, we propose a novel technique for state-space exploration of software that maintains an ongoing interaction with its environment. Our technique uses a combination of symbolic and concrete execution to build an abstract model of the analyzed application, in the form of a finite-state automaton, and uses the model to guide further state-space exploration. Through exploration, MACE further refines the abstract model. Using the abstract model as a scaffold, our technique wields more control over the search process. In particular: (1) shifting search to different parts of the search-space becomes easier, resulting in higher code coverage, and (2) the search is less likely to get stuck in small local state-subspaces (e.g., loops) irrelevant to the application's interaction with the environment. Preliminary experimental results show significant increases in the code coverage and exploration depth. Further, our approach found a number of new deep vulnerabilities.
Year
Venue
Keywords
2011
USENIX Security Symposium
novel technique,vulnerability discovery,abstract model,software security,code coverage,model-inference-assisted concolic exploration,programstate-space exploration,search process,state-space exploration,exploration depth,ongoing interaction,higher code coverage
Field
DocType
Citations 
Code coverage,Model inference,Computer security,Software security assurance,Computer science,Automaton,Software,Concolic testing,Vulnerability discovery,Vulnerability
Conference
32
PageRank 
References 
Authors
1.05
23
6
Name
Order
Citations
PageRank
Chia Yuan Cho125111.20
Domagoj Babić21457.11
Pongsin Poosankam397539.96
Kevin Zhijie Chen41506.32
Edward XueJun Wu5943.88
Dawn Song67084442.36