RELEASE: Generating exploits using loop-aware concolic execution

Bing Han Li*, Shiuh-Pyng Shieh

*Corresponding author for this work

研究成果: Conference contribution同行評審

2 引文 斯高帕斯(Scopus)

摘要

Automatically finding vulnerabilities and even generating exploits are desirable for software testing. For the protection of intellectual property and copyright programs being tested may be lack of source code and symbol table information. Concolic execution is a novel technique which takes advantage of the rapid executing speed of concrete execution and the wide testing coverage of symbolic execution to discover and identify software bugs including vulnerabilities. However a serious limitation of concolic execution inherited from symbolic execution is its poor analysis result with loops a common programming construct. For instance when the number of iterations depends on the inputs the analysis cannot determine possible execution paths of the program. In this paper we propose a new concolic execution technique loop-aware concolic execution for testing software and analyzing loop-related variables with fewer execution steps. With the novel technique not only linear relations but also some polynomial recurrence relations in a loop can be handled. To demonstrate effectiveness of the novel technique we developed a concolic analyzer called RELEASE to discover buffer-overflow vulnerabilities in the testing benchmarks.

原文English
主出版物標題Proceedings - 2011 5th International Conference on Secure Software Integration and Reliability Improvement, SSIRI 2011
頁面165-173
頁數9
DOIs
出版狀態Published - 23 九月 2011
事件2011 5th International Conference on Secure Software Integration and Reliability Improvement, SSIRI 2011 - Jeju Island, Korea, Republic of
持續時間: 27 六月 201129 六月 2011

出版系列

名字Proceedings - 2011 5th International Conference on Secure Software Integration and Reliability Improvement, SSIRI 2011

Conference

Conference2011 5th International Conference on Secure Software Integration and Reliability Improvement, SSIRI 2011
國家Korea, Republic of
城市Jeju Island
期間27/06/1129/06/11

指紋 深入研究「RELEASE: Generating exploits using loop-aware concolic execution」主題。共同形成了獨特的指紋。

引用此