DocumentCode
3861159
Title
Input Generation via Taintdata Identification: Finding Hidden Path in the Environment-Intensive Program
Author
Xue Lei;Wei Huang;Wenqing Fan;Yixian Yang
Author_Institution
Beijing University of Posts and Telecommunications, China
Volume
24
Issue
3
fYear
2015
Firstpage
480
Lastpage
486
Abstract
Concolic testing is an integrated approach of symbolic execution and dynamic analysis, which is widely adopted by security researchers for program behavior analysis. This approach fails on hidden path discovery of environment-intensive program. We investigated on existing concolic testing tools and found out that several of them does not take this issue into account while others solved this issue with overloaded working model. We proposed a systematic and unified approach of automatically identifying and modifying the output of the Data input interacting functions (DIIF) based on fine-grained taint analysis, which detects and updates the data interacting with the runtime environment and generating a new customized set of inputs to execute hidden paths, to reveal the hidden paths on only particular runtime configuration or context. A prototype was developed and evaluated with a set of complex and environment-intensive programs. The experimental result demonstrated that our approach could detect the DIIF precisely and improve the code coverage.
Journal_Title
Chinese Journal of Electronics
Publisher
iet
ISSN
1022-4653
Type
jour
DOI
10.1049/cje.2015.07.007
Filename
7406522
Link To Document