Concolic Execute Fuzzing Based on Control-Flow Analysis

This paper proposes a method which utilizing taint analysis to reduce the unnecessary analysis routine, concentrating on the control-flow altering input using concolic (concrete and symbolic) execution procedure. A prototype, Concolic Fuzz is implemented based on this method, which is built on Pin platform at x86 binary level and using Z3 as the SMT (Satisfiability Modulo Theories) solver. The results of experiments verify that our approach is effective in increasing code coverage with remarkably lower resource and time cost than the standard fuzzing and concolic testing tools. The scale of fuzzing range and symbols are reduced, so as the computing resource and time consumption, especially when the input data is in highly structured and complex file format.