Search-Based Concolic Execution for SW Vulnerability Discovery

Huge amounts of software appear nowadays. The more the number of software increases, the more increased software vulnerabilities are. Although some automatic methods have been proposed in order to detect and remove software vulnerabilities, they still require a lot of time so they have a limitation in the real world. To solve this problem, we propose BugHunter which automatically tests a binary file compiled with a C++ compiler. It searches for unsafe API calls and automatically executes to the program block that have an unsafe API call. Also, we showed that BugHunter is more efficient than angr through experiments. As a result, BugHunter is very helpful to find a software vulnerability in a short time. key words: search-based, concolic execution, vulnerability

[1]  Rupak Majumdar,et al.  Hybrid Concolic Testing , 2007, 29th International Conference on Software Engineering (ICSE'07).

[2]  Koushik Sen,et al.  Concolic testing , 2007, ASE.

[3]  Koushik Sen,et al.  Symbolic execution for software testing: three decades later , 2013, CACM.

[4]  David Brumley,et al.  Unleashing Mayhem on Binary Code , 2012, 2012 IEEE Symposium on Security and Privacy.

[5]  David Brumley,et al.  Automatic exploit generation , 2014, CACM.

[6]  Gary McGraw,et al.  Static Analysis for Security , 2004, IEEE Secur. Priv..

[7]  Chayanika Sharma,et al.  A Survey on Software Testing Techniques using Genetic Algorithm , 2014, ArXiv.

[8]  Koushik Sen,et al.  CUTE and jCUTE: Concolic Unit Testing and Explicit Path Model-Checking Tools , 2006, CAV.

[9]  Christopher Krügel,et al.  SOK: (State of) The Art of War: Offensive Techniques in Binary Analysis , 2016, 2016 IEEE Symposium on Security and Privacy (SP).

[10]  David Evans,et al.  Improving Security Using Extensible Lightweight Static Analysis , 2002, IEEE Softw..