Computer Science

Computer Science ›› 2026, Vol. 53 ›› Issue (6A): 250600035-7.doi: 10.11896/jsjkx.250600035

• Information Security • Previous Articles     Next Articles

Symbolic Execution-based Automated Verification Method for Binary Vulnerabilities

ZHANG Yuanyuan1, LIU Tieming2, LIU Guoan2, GE Xueshuai2   

  1. 1 Unit 32738 of the Chinese People's Liberation Army,Zhengzhou 450001,China
    2 Information Engineering University,Zhengzhou 450001,China
  • Online:2026-06-16 Published:2026-06-12
  • About author:ZHANG Yuanyuan,born in 1979,senior engineer.Her main research interests include computer science and technology and information systems.
    GE Xueshuai,born in 1997,postgraduate.His main research interests include binary vulnerability mining and automated exploitation of vulnerabilities.
  • Supported by:
    National Natural Science Foundation of China(62276091) and Major Public Welfare Projects in Henan Province(201300311200).

PDF (PC)

19

Abstract: With the widespread application of software systems,the number of binary vulnerabilities continues to grow,posing serious threats to information security.Existing research lacks comprehensive solutions that organically integrate vulnerability detection,root cause analysis,and automated exploitation,resulting in inefficient and limited-coverage vulnerability verification.This study aims to propose an automated,cross-architecture binary vulnerability verification method that integrates the entire process from vulnerability detection and root cause localization to exploit generation,while producing structured verification reports.It designs an automated verification framework based on symbolic execution,which consists of five components:preprocessing,vulnerability detection,root cause analysis,exploit generation,and verification.By combining vulnerability-oriented and path-guided symbolic execution strategies with taint analysis and constraint solving,the framework supports multi-architecture analysis.Validation on 14 test samples demonstrate that the proposed method successfully detects various types of vulnerabilities including stack overflow,heap overflow,use-after-free(UAF),and format string vulnerabilities,accurately locates root causes at the basic-block level,and achieves automated exploit generation for most samples.This research not only enhances the automation and accuracy of binary vulnerability verification but also provides a reliable basis for vulnerability remediation and defense.Future work will focus on improving heap vulnerability exploit generation,expanding verification capabilities for large-scale applications,and exploring automated repair techniques.

Key words: Automated vulnerability verification, Vulnerability detection, Vulnerability root cause analysis, Exploitation of vulnera-bilities, Symbolic execution

CLC Number: 

  • TP309
[1] National information security vulnerability sharing platform.Data statistics[EB/OL].https://www.cnvd.org.cn/flaw/statistic.
[2] IBM Security.X-Force Threat Intelligence Index 2025[EB/OL].https://www.ibm.com/reports/threat-intelligence.
[3] BEAMAN C,REDBOURNE M,MUMMERY J D,et al.Fuzzing vulnerability discovery techniques:Survey,challenges and future directions[J].Computers & Security,2022,120:102813.
[4] RUARO N,ZENG K,DRESEL L,et al.SyML:Guiding symbolicexecution toward vulnerable states through pattern learning[C]//Proceedings of the 24th International Symposium on Research in Attacks,Intrusions and Defenses.2021:456-468.
[5] ZHANG Y,WANG J,BERZIN D,et al.Fixing Security Vulnerabilities with AI in OSS-Fuzz[J].arXiv:2411.03346,2024.
[6] JIANMING F,JING C,GUOJUN P.PVDF:An automaticpatch-based vulnerability description and fuzzing method[C]//Communication Security Conference(CSC 2014).2014:1-8.
[7] STEPHENS N,GROSEN J,SALLS C,et al.Driller:Augmenting fuzzing through selective symbolic execution[C]//NDSS.2016:1-16.
[8] YAO S,SHE D.Empc:Effective Path Prioritization for Symbolic Execution with Path Cover[C]//Proceedings of the 2025 IEEE Symposium on Security and Privacy(SP).IEEE,2025.
[9] NASHID N,DING D,GALLABA K,et al.Characterizing Multi-Hunk Patches:Divergence,Proximity,and LLM Repair Challenges[C]//Proceedings of the 40th IEEE/ACM International Conference on Automated Software Engineering(ASE).IEEE,2025:1629-1641.
[10] BLAZYTKO T,SCHLÖGEL M,ASCHERMANN C,et al.AURORA:Statistical crash analysis for automated root cause explanation[C]//Proceedings of the 29th USENIX Conference on Security Symposium.2020:235-252.
[11] XU J,MU D,XING X,et al.Postmortem Program Analysis with Hardware-Enhanced Post-Crash Artifacts[C]//USENIX Security Symposium.2017:17-32.
[12] BRUMLEY D,POOSANKAM P,SONG D,et al.Automaticpatch-based exploit generation is possible:Techniques and implications[C]//2008 IEEE Symposium on Security and Privacy(sp 2008).IEEE,2008:143-157.
[13] AVGERINOS T,CHA S K,REBERT A,et al.Automatic exploit generation[J].Communications of the ACM,2014,57(2):74-84.
[14] YILMAZ F,SRIDHAR M,CHOI W.Guide me to exploit:Assisted ROP exploit generation for ActionScript virtual machine[C]//Annual Computer Security Applications Conference.2020:386-400.
[15] LIU D,WANG P,ZHOU X,et al.ERACE:Toward Facilitating Exploit Generation for Kernel Race Vulnerabilities[J].Applied Sciences,2022,12(23):1-12.
[16] JIANG Z,ZHANG Y,XU J,et al.AEM:Facilitating Cross-Version Exploitability Assessment of Linux Kernel Vulnerabilities[C]//2023 IEEE Symposium on Security and Privacy(SP).IEEE Computer Society,2022:588-603.
[17] BUI Q C,IANNONE E,CAMPORESE M,et al.A Systematic Literature Review on Automated Exploit and Security Test Generation[J].arXiv:2502.04953,2025.
[18] CHA S K,AVGERINOS T,REBERT A,et al.Unleashing mayhem on binary code[C]//2012 IEEE Symposium on Security and Privacy.IEEE,2012:380-394.
[19] HUANG S K,HUANG M H,HUANG P Y,et al.Crax:Software crash analysis for automatic exploit generation by modeling attacks as symbolic continuations[C]//2012 IEEE Sixth International Conference on Software Security and Reliability.IEEE,2012:78-87.
[1] SONG Jianhua, HE Jiawei, ZHANG Yan. Dual-channel Source Code Vulnerability Detection Model Based on Contrastive Learning [J]. Computer Science, 2026, 53(3): 424-432.
[2] ZHOU Tao, DU Yongping, XIE Runfeng, HAN Honggui. Vulnerability Detection Method Based on Deep Fusion of Multi-dimensional Features from Heterogeneous Contract Graphs [J]. Computer Science, 2025, 52(9): 368-375.
[3] BAO Shenghong, YAO Youjian, LI Xiaoya, CHEN Wen. Integrated PU Learning Method PUEVD and Its Application in Software Source CodeVulnerability Detection [J]. Computer Science, 2025, 52(6A): 241100144-9.
[4] ZHANG Xuming, SHI Yaqing, HUANG Song, WANG Xingya, HU Jinchang, LU Jiangtao. Survey of Open-source Software Component Vulnerability Detection and Automatic RepairTechnology [J]. Computer Science, 2025, 52(6): 1-20.
[5] SONG Jianhua, CAO Kai, ZHANG Yan. Smart Contract Bytecode Vulnerability Detection Method Based on Heterogeneous Graphs and Instruction Sequences [J]. Computer Science, 2025, 52(12): 367-373.
[6] HAN Luchao, ZHANG Wei. Survey on Fuzz Testing Techniques for Network Protocols [J]. Computer Science, 2025, 52(11A): 241100173-9.
[7] REN Jiadong, LI Shangyang, REN Rong, ZHANG Bing, WANG Qian. Web Access Control Vulnerability Detection Approach Based on Site Maps [J]. Computer Science, 2024, 51(9): 416-424.
[8] SONG Enzhou, HU Tao, YI Peng, WANG Wenbo. PDF Malicious Indicators Extraction Technique Based on Improved Symbolic Execution [J]. Computer Science, 2024, 51(7): 389-396.
[9] LI Qiuyue, HAN Daojun, ZHANG Lei, XU Tao. Fine-grained Vulnerability Detection Based on Hierarchical Attention Networks and Integral Gradients [J]. Computer Science, 2024, 51(12): 326-333.
[10] WANG Yufang, LE Deguang, Jack TAN, XIAO Le, GONG Shengrong. Opaque Predicate Construction Algorithm Without Size Constraints [J]. Computer Science, 2023, 50(8): 352-358.
[11] LIU Zerun, ZHENG Hong, QIU Junjie. Smart Contract Vulnerability Detection Based on Abstract Syntax Tree Pruning [J]. Computer Science, 2023, 50(4): 317-322.
[12] HE Jie, CAI Ruijie, YIN Xiaokang, LU Xuanting, LIU Shengli. Detection of Web Command Injection Vulnerability for Cisco IOS-XE [J]. Computer Science, 2023, 50(4): 343-350.
[13] CHEN Ruixiang, JIAO Jian, WANG Ruohua. Smart Contract Vulnerability Detection System Based on Ontology Reasoning [J]. Computer Science, 2023, 50(10): 336-342.
[14] ZHANG Ying-li, MA Jia-li, LIU Zi-ang, LIU Xin, ZHOU Rui. Overview of Vulnerability Detection Methods for Ethereum Solidity Smart Contracts [J]. Computer Science, 2022, 49(3): 52-61.
[15] CHEN Qiao-song, HE Xiao-yang, XU Wen-jie, DENG Xin, WANG Jin, PIAO Chang-hao. Reentrancy Vulnerability Detection Based on Pre-training Technology and Expert Knowledge [J]. Computer Science, 2022, 49(11A): 211200182-8.
Viewed
Full text


Abstract

Cited
  Shared   
  Discussed   
No Suggested Reading articles found!
渝ICP备16013121号-4
Add:18# Honghu West Rd., Yubei ,Chongqing,China    Post Code: 401121
Tel: 023-63500828/023-67039612/023-67039623
E-mail: jsjkx12@163.com
Powered by Beijing Magtech Co., Ltd.