Directed symbolic execution for binary vulnerability mining

Author

Bo Wu ; Mengjun Li ; Bin Zhang ; Quan Zhang ; Chaojing Tang

Author_Institution

Sch. of Electron. Sci. & Eng., Nat. Univ. of Defence Technol., Changsha, China

fYear

2014

fDate

8-9 May 2014

Firstpage

614

Lastpage

617

Abstract

Despite more than two decades of independent, academic, and industry-related research, software vulnerabilities remain the main reason that undermine the security of our systems. Taint analysis and symbolic execution are among the most promising approaches for vulnerability detection, but either one can´t remit the problem separately. In this paper, we try to combine taint analysis and symbolic execution for binary vulnerability mining and proposed a method named directed symbolic execution. Our three-step approach firstly adopts dynamic taint analysis technology to identify the safety-related data, and then uses symbolic execution system to execute the binary software while marks those safety-related data as symbols, and finally discovers vulnerabilities with our check-model. The evaluation shows that our method can be used to detect vulnerabilities in binary software more efficiently.

Keywords

data mining; program diagnostics; security of data; software reliability; binary software; binary vulnerability mining; check-model; directed symbolic execution method; dynamic taint analysis technology; safety-related data identification; software vulnerability detection; Context; Protocols; Software; Symbolic Execution; Vulnerability detection; Vulnerability model;

fLanguage

English

Publisher

ieee

Conference_Titel

Electronics, Computer and Applications, 2014 IEEE Workshop on

Conference_Location

Ottawa, ON

Type

conf

DOI

10.1109/IWECA.2014.6845694

Filename

6845694