期刊文献+
任意字段
题名或关键词
题名
关键词
文摘
作者
第一作者
机构
刊名
分类号
参考文献
作者简介
基金资助
栏目信息

基于懒符号执行的软件脆弱性路径求解算法 被引量:7

Software Vulnerable Trace's Solving Algorithm Based on Lazy Symbolic Execution
下载PDF
导出
摘要 为了解决软件测试中路径爆炸、新路径发现率低以及静态分析中虚报率高等问题,提出了动静态分析结合的脆弱性挖掘框架,并针对循环爆炸问题设计了基于懒符号执行的路径求解算法,该路径求解算法应用最短路径、条件约束集概率和可达路径数量3种静态信息制导符号执行,提高了路径选择的准确率,能较快地逼近脆弱点,并利用懒符号执行技术自动识别循环结构,通过推迟变量实例化等方法,有效地缓解了循环结构的路径组合爆炸问题,最终生成到达脆弱点集的数据包.对coreutils6.10命令包的实验结果表明,与现有的方法 KLEE、Otter和SAGE相比,该文提出的方法可以有效地对具有较多分支的程序进行分析,当测试程序越大其优势越明显. To solve path explosion,low rate of new path's finding in the software testing and high rate of false alarm of static analysis,this paper proposes a vulnerability discovering architecture which combined dynamic analysis and static analysis,and design the trace solving algorithm based on lazy symbolic execution for the problem of loop explosion.This trace solving algorithm applies3 key factors consisting of shortest path,constraint probability and reachable trace number to guide the symbolic execution which can reach the vulnerability faster with the more accuracy of trace choosing.Through the lazy symbolic execution to automatically identify the loop structure and delay the variables' concreting,we can fit the problem of trace combination explosion of loop structure efficiently and get the test cases which can reach the vulnerability sets.Our algorithm is also tested on coreutils6.10 and compared with KLEE,Otter and SAGE.The experiment result shows that our algorithm can analyze the program containing more branches effectively,and the larger testing program is,the more obvious advantage it has.
作者 秦晓军 周林 陈左宁 甘水滔
机构地区 江南计算技术研究所
出处 《计算机学报》 EI CSCD 北大核心 2015年第11期2290-2300,共11页 Chinese Journal of Computers
基金 国家"八六三"高技术研究发展计划项目基金(2012AA7111043)资助
关键词 软件脆弱性 静态分析 懒符号执行 条件约束集概率 software vulnerability static analysis lazy symbolic execution condition constraint sets probability
分类号 TP311 [自动化与计算机技术—计算机软件与理论]
  • 相关文献

参考文献13

  • 1Ganesh V, Leek T, Rinard M. Taint-based directed whitebox fuzzing//Proceedings of the International Conference on Software Engineering. Vancouver, Canada, 2009.. 474-484.
  • 2李佳静,王铁磊,韦韬,凤旺森,邹维.一种多项式时间的路径敏感的污点分析方法[J].计算机学报,2009,32(9):1845-1855. 被引量:4
  • 3陈恺,冯登国,苏璞睿,张颖君.基于彩色污点传播的黑盒测试方法[J].中国科学:信息科学,2011,41(5):526-540. 被引量:2
  • 4朱贯淼,曾凡平,袁园,武飞.基于污点跟踪的黑盒fuzzing测试[J].小型微型计算机系统,2012,33(8):1736-1739. 被引量:6
  • 5Godefroid P, Klarlund N, Sen K. Dart: Directed automated random testi~//Proceedings of the ACM SIGPLAN Conference on Programming Language Design and Implementation. Chicago, USA, 2005:213-223.
  • 6Babic D, Martignoni L, McCamant S, Song D. Statically- directed dynamic automated test generation//Proceedings of the ACM SIGSOFT International Symposium on Software Testing and Analysis. Toronto, Canada, 2011:285-296.
  • 7崔展齐,王林章,李宣东.一种目标制导的混合执行测试方法[J].计算机学报,2011,34(6):953-964. 被引量:18
  • 8Ma K-K, Phang K Y, Foster J S, Hicks M. Directed symbolic execution//Proceedings of the 18th International Static Analysis Symposium (SAS). Venice, Italy, 2011:365-380.
  • 9Chen Zhe, Guo Shize, Fu Damao. A directed fuzzing based on the dynamic symbolic execution and extended program behavior model//Proceedings of the Instrumentation, Measurement, Computer, Communication and Control (IMCCC't2). Harbin, China, 2012: 1641-1644.
  • 10Pak B S. Hybrid Fuzz Testing.. Discovering Software Bugs Via Fuzzing and Symbolic Execution EM- S. dissertation]. Carnegie Mellon University, Pittsburgh, USA, 2012.

二级参考文献48

  • 1Pezze M, Young M. Software Testing and Analysis:Process, Principles and Techniques. Hoboken, NJ: John Wiley b- Sons, 2007.
  • 2Emanuelsson P, Nilsson U. A comparative study of industrial static analysis tools. Electronic Notes in Theoretical Computer Science, 2008, 217:5-21.
  • 3Bertolino A. Software testing research: Achievements, challenges, dreams//Proceedings of the Future of Software Engi- neering(FOSE'07). Washington, DC, USA.. IEEE Computer Society, 2007:85-103.
  • 4Godefroid P, Klarlund N, Sen K. DART: Directed automated random testing//Proceedings of the ACM SIGPLAN Conference on Programming Language Design and Implemen tation(PLDI'05). New York, NY, USA: ACM, 2005: 213-223.
  • 5Sen K, Marinov D, Agha G. CUTE: A concolic unit testing engine for C//Proceedings of the 10th European Software Engineering Conference Held Jointly with 13th ACM SIGSOFT International Symposium on Foundations of Software Engineering ( ESEC/FSE-13 ). New York, NY, USA: ACM, 2005:263-272.
  • 6Sen K, Agha G. CUTE and Jcute: Concolic unit testing and explicit path model checking tools//Proceedings of the 18th International Conference on Computer Aided Verification (CAVe06). Lecture Notes in Computer Science 4144. Berlin, Heidelberg: Springer, 2006:419-423.
  • 7Burnim J, Sen K. Heuristics for scalable dynamic test gener ation//Proceedings of the 23rd IEEE/ACM International Conference on Automated Software Engineering ( ASE ' 08). Washington, DC, USA: IEEE Computer Society, 2008: 443-446.
  • 8Xu R-G, Godefroid P, Majumdar R. Testing for buffer overflows with length abstraction//Proeeedings of the 2008 International Symposium on Software Testing and Analysis (ISS TA'08). New York, NY, USA: ACM, 2008:27-38.
  • 9Evans D, Larochelle D. Improving security using extensible lightweight static analysis. IEEE Software, 2002, 19 (1) : 42-51.
  • 10Xie Y, Chou A, Engler D. ARCHER: Using symbolic, path-sensitive analysis to detect memory access errors//Proceedings of the 9th European Software Engineering Conference Held Jointly with llth ACM SIGSOFT International Symposium on Foundations of Software Engineering (ESEC/ FSE11). New York, NY, USA: ACM, 2003:327-336.

共引文献25

同被引文献30

引证文献7

二级引证文献9

计算机学报
2015年 第11期

相关作者

内容加载中请稍等...

相关机构

内容加载中请稍等...

相关主题

内容加载中请稍等...

浏览历史

内容加载中请稍等...
;
使用帮助 返回顶部