Computer Science ›› 2021, Vol. 48 ›› Issue (5): 25-31.doi: 10.11896/jsjkx.200600128

• Computer Software • Previous Articles     Next Articles

SymFuzz:Vulnerability Detection Technology Under Complex Path Conditions

LI Ming-lei, HUANG Hui, LU Yu-liang, ZHU Kai-long   

  1. College of Electronic Engineering,National University of Defense Technology,Hefei 230037,China
    Anhui Key Laboratory of Cyberspace Security Situation Awareness and Evaluation,Hefei 230037,China
  • Received:2020-06-22 Revised:2020-08-21 Online:2021-05-15 Published:2021-05-09
  • About author:LI Ming-lei,born in 1996,master's degree.His main research interests include cyberspace security,binary software analysis and program vulnerability mining and analysis.(921519263@qq.com)
    LU Yu-liang,born in 1964,professor,Ph.D supervisor.His main research interests include cyberspace security,vulnerability mining and utilization and network situational awareness.
  • Supported by:
    National Key R&D Program of China (2017YFB0802905).

Abstract: The current vulnerability detection technology can realize the rapid detection of small-scale programs,but it is inefficient when performing vulnerability detection on programs with large or complex path conditions.In order to achieve a rapid detection of vulnerabilities under complex path conditions,this paper proposes a vulnerability detection technology SymFuzz under complex path conditions.SymFuzz combines guided fuzzing technology and selected symbolic execution technology,filters program paths through guided fuzzing technology,and uses selected symbolic execution technology to solve paths that may trigger vulnerabilities.This technology first obtains program vulnerability information through static analysis.Then it uses guided fuzzy test technology to quickly generate test cases that can cover the vulnerability function.Finally,it executes symbolic execution on the path that can trigger the vulnerability within the vulnerability function to generate a test case that triggers the program vulnerability.This paper implements the prototype system of SymFuzz based on open source projects such as AFL and S2E.The comparison experiments show that SymFuzz significantly improves the effectiveness of vulnerability detection under complex path conditions compared with existing fuzzy testing techniques.

Key words: Fuzzy testing, Stain analysis, Static analysis, Symbol execution, Vulnerability detection

CLC Number: 

  • TP309
[1]WU S Z,GUO T,DONG G W,et al.Advances in software vulnerability analysis techniques [J].Journal of Tsinghua University (Natural Science Edition),2012,52(10):1309-1319.
[2]BARTON P M,LOUIS F,BRYAN S.An Empirical Study of the Reliability of UNIX Utilities[J].Communications of the ACM,1990,33(12):32-44.
[3]GODEFROID P,LEVIN M Y,MOLNAR D.SAGE:whiteboxfuzzing for security testing[J].Communications of the ACM,2012,55(3):40-44.
[4]LI J,ZHAO B,ZHANG C.Fuzzing:a survey[J].Cybersecurity,2018,1(1):6.
[5]MANÈS V J M,HAN H S,HAN C,et al.The art,science,and engineering of fuzzing:A survey[J].IEEE Transactions on Software Engineering,2019,arXiv:1812.00140.
[6]REN Y Z,ZHANG Y W,AI C W.Review of Stain Analysis Technology Research [J].Journal of Computer Applications.2019,39(8):2302-2309.
[7]CHEN J M,SHU H,XIONGX B.Fuzzing test method based on symbolic execution [J].Computer Engineering,2009,35(21):33-35.
[8]ZOU Q C,ZHANG T,WU R P,et al.From automation to intelligence:software vulnerabilities mining technology progress [J].Journal of Tsinghua University (Science and Technology),2018,58(12):1079-1094.
[9]BÖHME M,PHAM V T,NGUYEN M D,et al.Directed Greybox Fuzzing[C]//Acm Sigsac Conference on Computer & Communications Security.2017:2329-2344.
[10]CHEN H,XUE Y,LI Y,et al.Hawkeye:Towards a desired directed grey-box fuzzer[C]//Proceedings of the 2018 ACM SIGSAC Conference on Computer and Communications Security.2018:2095-2108.
[11]CHIPOUNOV V,KUZNETSOV V,CANDEA G.S2E:A platorm for invivo multipath analysis of software systems [J].ACM SIGPLAN Notices,2011,47(4):265-278.
[12]CHIPOUNOV V,GEORGESCU V,ZAMFIR C,et al.Selective symbolic execution[C]//The Workshop on Hot Topics in System Dependability.2009:1286-1299.
[13]CADAR C,SEN K.Symbolic execution for software testing:Three decades later[J].Communications of the ACM,2013,56(2):82-90.
[14]BALDONI R,COPPA E,D'ELIA D C,et al.A survey of symbolic execution techniques[J].ACM Computing Surveys (CSUR),2018,51(3):1-39.
[15]MEHLHORN K.Data structures and algorithms:1.Searchingand sorting [J].Springer,1984,84:90.
[16]HUANG H,LU Y L,LIU L T,et al.Research on the symbolicexecution technology of control flow stain information[J].Journal of University of Science and Technology of China,2016,46(1):21-27.
[17]ZALEWSKIM.American Fuzzy Lop[OL].http://lcamtuf.coredump.cx/afl/.
[18]DARPA.DARPA cyber grand challenge [EB/OL].[2017-02-01].https://github.com/CyberGrandChallenge.
[1] ZHANG Guang-hua, GAO Tian-jiao, CHEN Zhen-guo, YU Nai-wen. Study on Malware Classification Based on N-Gram Static Analysis Technology [J]. Computer Science, 2022, 49(8): 336-343.
[2] ZHAO Jing-wen, FU Yan, WU Yan-xia, CHEN Jun-wen, FENG Yun, DONG Ji-bin, LIU Jia-qi. Survey on Multithreaded Data Race Detection Techniques [J]. Computer Science, 2022, 49(6): 89-98.
[3] ZHANG Ying-li, MA Jia-li, LIU Zi-ang, LIU Xin, ZHOU Rui. Overview of Vulnerability Detection Methods for Ethereum Solidity Smart Contracts [J]. Computer Science, 2022, 49(3): 52-61.
[4] CHEN Chen, ZHOU Yu, WANG Yong-chao, HUANG Zhi-qiu. Context-aware Based API Personalized Recommendation [J]. Computer Science, 2021, 48(12): 100-106.
[5] TU Liang-qiong, SUN Xiao-bing, ZHANG Jia-le, CAI Jie, LI Bin, BO Li-li. Survey of Vulnerability Detection Tools for Smart Contracts [J]. Computer Science, 2021, 48(11): 79-88.
[6] GONG Kou-lin, ZHOU Yu, DING Li, WANG Yong-chao. Vulnerability Detection Using Bidirectional Long Short-term Memory Networks [J]. Computer Science, 2020, 47(5): 295-300.
[7] XIE Nian-nian, ZENG Fan-ping, ZHOU Ming-song, QIN Xiao-xia, LV Cheng-cheng, CHEN Zhao. Android Malware Detection with Multi-dimensional Sensitive Features [J]. Computer Science, 2019, 46(2): 95-101.
[8] SIDIKE Pa-erhatijiang, MA Jian-feng, SUN Cong. Fine-grained Control Flow Integrity Method on Binaries [J]. Computer Science, 2019, 46(11A): 417-420.
[9] DENG Zhao-kun, LU Yu-liang, ZHU Kai-long, HUANG Hui. Symbolic Execution Technology Based Defect Detection System for Network Programs [J]. Computer Science, 2018, 45(11A): 325-329.
[10] ZHU Chao-yang, CHEN Xiang-zhou, YAN Long and ZHANG Xin-ming. Research on Software Defect Prediction Based on AIRS Using PCA [J]. Computer Science, 2017, 44(Z6): 483-485.
[11] NING Zhuo, SHAO Da-cheng, CHEN Yong and SUN Zhi-xin. Android Static Analysis System Based on Signature and Data Flow Pattern Mining [J]. Computer Science, 2017, 44(Z11): 317-321.
[12] MIAO Xu-dong, WANG Yong-chun, CAO Xing-chen and FANG Feng. Detection Approach for Security Vulnerability Based on Pattern Matching [J]. Computer Science, 2017, 44(4): 109-113.
[13] WEI Miao, WU Yi-jian, SHEN Li-wei, PENG Xin and ZHAO Wen-yun. Finding Type Mismatch Defects of JavaScript Based on Static Analysis [J]. Computer Science, 2017, 44(4): 223-228.
[14] WAN Yan, ZHAO Xi and WANG Guo-lin. Android Vulnerability Detection and Assessment System Based on OVAL [J]. Computer Science, 2017, 44(4): 79-81.
[15] LV Zhao-jin, SHEN Li-wei and ZHAO Wen-yun. Scenario-oriented Location Method of Android Applications [J]. Computer Science, 2017, 44(2): 216-221.
Viewed
Full text


Abstract

Cited

  Shared   
  Discussed   
No Suggested Reading articles found!