We present a new automated method for efficient detection of security vulnerabilities in binary programs. This
method starts with a bounded symbolic execution of the target program so as to explore as many paths as possible. Constraints of the explored paths are collected and solved for inputs. The inputs will then be fed to the following interleaved coverage based fuzzing and concolic execution. As the paths explored by the bounded symbolic execution may cover some unique paths that can be rarely reached by random testing featured fuzzing and locality featured concolic execution, the efficiency and effectiveness of the overall exploration can be greatly enhanced.
In particular, the bounded symbolic execution can effectively
prevent the fuzzing guided exploration from converging to the
less interesting but easy-to-fuzz branches.
License type:
PublisherCopyrights
Funding Info:
Singapore National Research Foundation under NCR Award No. NRF2014NCR-NCR001-034.