SEVE: Symbolic Execution based Vulnerability Exploring system

Purpose – Software vulnerabilities have been the greatest threat to the software industry for a long time. Many detection techniques have been developed to address this kind of issue, such as Fuzzing, but mere Fuzz Testing is not good enough, because the Fuzzing only alters the input of program randomly, and does not consider the basic semantics of the target software. The purpose of this paper is to introduce a new vulnerability exploring system, called “SEVE” to explore the target software more deeply and to generate more test cases with more accuracy.Design/methodology/approach – Symbolic execution is the core technique of SEVE. The user can just input a standard input, and the SEVE system will record the execution path, alter the critical branches of it, and generate a totally different test case which will make the software under test execute a different path. In this way, some potential bugs or defects, even the exploitable vulnerabilities will be discovered. To alleviate path explosion, the authors...

[1]  Su En-biao New method of software vulnerability detection based on fuzzing , 2009 .

[2]  James C. King,et al.  Symbolic execution and program testing , 1976, CACM.

[3]  Patrice Godefroid,et al.  Automated Whitebox Fuzz Testing , 2008, NDSS.

[4]  Michael R. Lowry,et al.  Combining test case generation and runtime verification , 2005, Theor. Comput. Sci..

[5]  Lori A. Clarke,et al.  A System to Generate Test Data and Symbolically Execute Programs , 1976, IEEE Transactions on Software Engineering.

[6]  Koushik Sen,et al.  CUTE: a concolic unit testing engine for C , 2005, ESEC/FSE-13.

[7]  Nicholas Nethercote,et al.  Valgrind: a framework for heavyweight dynamic binary instrumentation , 2007, PLDI '07.

[8]  Corina S. Pasareanu,et al.  Verification of Java Programs Using Symbolic Execution and Invariant Generation , 2004, SPIN.

[9]  Satish Narayanasamy,et al.  Automatically classifying benign and harmful data races using replay analysis , 2007, PLDI '07.

[10]  Dawson R. Engler,et al.  EXE: automatically generating inputs of death , 2006, CCS '06.

[11]  Nicolas Halbwachs,et al.  Automatic discovery of linear restraints among variables of a program , 1978, POPL.

[12]  Zhenkai Liang,et al.  BitBlaze: A New Approach to Computer Security via Binary Analysis , 2008, ICISS.

[13]  David Brumley,et al.  Replayer: automatic protocol replay by binary analysis , 2006, CCS '06.

[14]  Nishant Sinha,et al.  Symbolic Program Analysis Using Term Rewriting and Generalization , 2008, 2008 Formal Methods in Computer-Aided Design.

[15]  Koushik Sen,et al.  DART: directed automated random testing , 2005, PLDI '05.

[16]  Harish Patil,et al.  Pin: building customized program analysis tools with dynamic instrumentation , 2005, PLDI '05.

[17]  Todd Millstein,et al.  Automatic predicate abstraction of C programs , 2001, PLDI '01.

[18]  David Detlefs,et al.  Simplify: a theorem prover for program checking , 2005, JACM.

[19]  Sarfraz Khurshid,et al.  Generalized Symbolic Execution for Model Checking and Testing , 2003, TACAS.

[20]  Zhenkai Liang,et al.  BitScope: Automatically Dissecting Malicious Binaries , 2007 .

[21]  Corina S. Pasareanu,et al.  JPF-SE: A Symbolic Execution Extension to Java PathFinder , 2007, TACAS.