期刊文献+
任意字段
题名或关键词
题名
关键词
文摘
作者
第一作者
机构
刊名
分类号
参考文献
作者简介
基金资助
栏目信息

基于分支混淆算法的符号执行技术 被引量:3

Symbolic Execution Based on Branch Confusion Algorithm
下载PDF
导出
摘要 符号执行是静态分析中的一项常用技术,数组元素混淆问题是限制符号执行本身性能的关键因素之一。通过分析数组混淆实质,提出了一种分支混淆算法,利用边混淆边符号执行的策略,可以处理较为复杂的数组问题。该策略使用实时的约束求解,及时地剪除不可达的混淆分支。结合符号执行和约束求解技术,开发了基于分支混淆算法的工具原型ASym。初步实验表明,利用分支混淆算法可以处理具有分支结构的数组混淆问题,避免延迟替换出现的数组语义误差,且在很大程度上缩减了分支数量,提高执行效率。 Symbolic execution is a common static analysis technology.Issue of array element confusion is one of the key factors limiting symbolic execution performance itself.Through analysis to array confusion essence,branch confusion algorithm was proposed.With the strategy that manages confusion algorithm and symbolic execution in the same time,some complex array problems were solved.Using the real time method of constraint solving,infeasible confusion branches were cut in time.Combining with symbolic execution and constraint solving,the prototypical tool ASym was developed,which was based on improved confusion algorithm.Primary experiments show that it can solve the confusion problem in branch structure and avoid array semantic error in delay replacement.Meanwhile,extensional branches are dramatically reduced and efficiency is improved.
作者 过辰楷 姬秀娟 许静
机构地区 南开大学信息技术科学学院 南京大学计算机软件新技术国家重点实验室
出处 《计算机科学》 CSCD 北大核心 2012年第9期115-119,共5页 Computer Science
基金 南京大学计算机软件新技术国家重点实验室开放课题(KFKT2010B22) 天津市科技攻关项目(08ZCKFGX01100)资助
关键词 符号执行 软件测试 数组混淆 约束求解 Symbolic execution Software testing Array confusion Constraint solving
分类号 TP311 [自动化与计算机技术—计算机软件与理论]
  • 相关文献

参考文献13

  • 1King J C. Symbolic execution and program testing [J].Commun ACM, 1976,19(7) : 385-394.
  • 2Godefroid P, Klarlund N, Sen K. DART: directed automated ran dom testing[C]//Proceedings of the 2005 ACM SIGPLAN Con ference on Programming Language Design and Implementation. New York, USA, 2005 : 213- 223.
  • 3Sen K, Agha G. CUTE and Jcute: Concolic unit testing and ex- plicit path model-checking tools[C]//Proceedings of Conference on Computer Aided Verification. 2006,4144:419-423.
  • 4Cadar C, Ganesh V, Pawlowski P, et al. EXE: Automatically generating inputs of death[J]. ACM Transaction on Information and System Security, 2008,12 : 1-38.
  • 5Coward P D. Symbolic execution systerns-a review [J].Software Engineering Journal, 1988,3(6) : 229-239.
  • 6林梦香,陈胤立,陈睿,周刚.基于懒替换的C符号执行[J].北京航空航天大学学报,2009,35(6):687-691. 被引量:3
  • 7Zhang Jian, Wang Xiao-xu. A constraint solver and its applica tion to path feasibility analysis[J].International Journal of Soft ware Engineering and Knwoledge Engineering, 2001, 11 (2) 139-156.
  • 8洪宇,陈光,于见平,韩柯.处理符号执行中数组元素混淆的一种新方法[J].计算机应用,2005,25(B12):434-436. 被引量:2
  • 9Ngo M N,Tan H B K. Heuristices based infeasible path detec- tion for dynamic test data generation[J]. Information ~ Soft- ware Technology, 2008,50(7/8) : 641-655.
  • 10Xu Z,Zhang J. A test data generation tool for unit testing of C programs[C]//International Conference on Quality Software (QSIC' 06). 2006 : 63-74.

二级参考文献39

  • 1汪黎,杨学军,王戟,罗宇.操作系统内核程序函数执行上下文的自动检验[J].软件学报,2007,18(4):1056-1067. 被引量:5
  • 2Brat G, Havelund K, Park S, et al. Model checking programs [C]//IEEE International Conference on Automated Software Engineering. March 2000:25-37.
  • 3Xie Y, Kiken A. Saturn: A SAT-based tool for bug detection[C]// Proceeding of the Conference on Computer-Aided Verification. 2005:13-18.
  • 4Feng X,Ni Z,Shao Z,et al. An open framework for foundational proof-carrying code[C] // Proceeding of ACM SIGPLAN International Workshop on Types in Language Design and Implementation. 2007 : 67-78.
  • 5King J C. Symbolic Execution and Program Testing[J].Communications of the ACM, 1976,19(7) : 385-394.
  • 6Zhang Jian. Symbolic execution of program paths involving pointer and structure variables[C]//4th International Conference on Quality Software(QSIC'04). 2004:87-92.
  • 7Xu Z,Zhang J. A test data generation tool for unit testing of C programs[C] // International Conference on Quality Software (QSIC'06). 2006 : 63-74.
  • 8Cadar C,Dunbar D,Engler D. KLEE: Unassisted and Automatic Generation of High coverage Tests for Complex Systems Programs[C]//USENIX Symposium on Operating Systems Design and Implementation (OSI)I 2008). San Diego, December 2008: 33-45.
  • 9Cadar C, Dunbar D. EXE: Automatically generating inputs of death[J]. ACM Transactions on Information and System Security, 2008,12(2) :26-43.
  • 10Necula G C, McPeak S , Rahul S, et al. CIL: Intermediate language and tools for analysis and transformation of C programs [C] /// International Conference on Compiler Construction. March 2002 :67-83.

共引文献38

同被引文献38

  • 1王彤彤,韩文报,王航.基于安全需求的软件漏洞分析模型[J].计算机科学,2007,34(9):287-289. 被引量:5
  • 2ProxyFuzz [EB/OL]. http://www, darknet, org. uk/2007/06/ proxy fuzz-mitre-network- fuzzer-in-python/.
  • 3SPIKE Proxy[EB/OL]. http://www, immunitysec, com/resou-rcesfreesoftware.
  • 4Milani C P, Gilbert W, Christopher K, et al. Prospex: protocol specification extraction[C]//Proc, of the 30th IEEE Symposium on Security and Privacy. Oakland,California,USA,2009 : 110-125.
  • 5Tsankov P, Dashti M T, Basin D. SECFUZZ: Fuzz-testing securi- ty protocols [C]//Proc. of the 7th International Workshop on Automation of Software Test(AST). Zurich, Switzerland, 2012.
  • 6Caballero J,Johnson N, McCamant S, et al. Binary code extrac- tion and interface identification for security applications[C]// Proc of the 16th ACM Conference on Computer and Communi- cations Security(CCS). Chicago, USA, 2009.
  • 7Wang T,Wei T, Zou W. TaintScope: a checksum-aware directed fuzzing tool for automatic software vulnerability detection[C]// Proc. of the 31st IEEE Symposium on Security & Privacy (S&P). Oakland, California, USA, 2010.
  • 8Godefroid P, Levin M Y, Molnar D. Automated whitebox fuzz testing[C]//Proc, of the 16th Network and Distributed System Security(NDSS). California, USA, 2008.
  • 9Caballero J, Poosankarn P, McCamant S. Input generation via de- composition and re-stitching., finding bugs in malware[C]// Proc. of the 18th ACM Conference on Comput Communications Security(CCS). Chicago, USA, 2010.
  • 10Ganesh V, Leek T, Rinard M. Taint-based directed whitebox fuzzing[C]//Proc, of the 31st International Conference on Soft- ware Engineering. Vancouver, Canada, 2009.

引证文献3

二级引证文献12

计算机科学
2012年 第9期

相关作者

内容加载中请稍等...

相关机构

内容加载中请稍等...

相关主题

内容加载中请稍等...

浏览历史

内容加载中请稍等...
;
使用帮助 返回顶部