Abstract | ||
---|---|---|
Symbolic Execution is a key and useful technology in current refinement software test, but there still exists some problems such as space explosion. In order to mitigate this problem and improve the ability for detecting vulnerabilities, this paper presents the improving guide-based vulnerability detection with hybrid symbolic execution, which aims to test suspicious objects. This method conducts path traversal with a hybrid symbolic execution model, which alternates between dynamic and static symbolic execution, and verify whether it is vulnerability through summarizing the characteristics of vulnerabilities and generating a constraint expression. Experimental result shows that this method can successfully detect errors in 56 seconds, which exceeds any other modern mainstream symbolic execution tools including CUTE, KLEE, S2E and Cloud9. Compared with CUTE, this method alleviates the problem of space explosion. Besides, this papaer successfully verifies the vulnerabilities of OpenSSL and some other commonly used software. |
Year | DOI | Venue |
---|---|---|
2014 | 10.1109/ICSAI.2014.7009438 | ICSAI |
Keywords | Field | DocType |
program diagnostics,program testing,cute,openssl,constraint expression,dynamic symbolic execution,guide-based vulnerability detection,hybrid symbolic execution,path traversal,refinement software test,space explosion problem alleviation,static symbolic execution,space explosion,test,testing,refining,algorithm design and analysis | Algorithm design,Programming language,Tree traversal,Computer science,Control engineering,Software,Concolic testing,Symbolic execution,Computer engineering,Symbolic trajectory evaluation,Vulnerability detection,Vulnerability | Conference |
Citations | PageRank | References |
0 | 0.34 | 8 |
Authors | ||
4 |
Name | Order | Citations | PageRank |
---|---|---|---|
Yongji Ouyang | 1 | 0 | 0.34 |
Shuai Zeng | 2 | 9 | 3.19 |
C. Yang | 3 | 296 | 43.66 |
Qingxian Wang | 4 | 4 | 0.72 |