Title :
A Directed Fuzzing Based on the Dynamic Symbolic Execution and Extended Program Behavior Model
Author :
Zhe Chen ; Shize Guo ; Damao Fu
Author_Institution :
North Electron. Equipments Res. Inst., Beijing, China
Abstract :
This paper presents a new automated directed fuzzing technique. First, the behavior information is extracted from the original complex Control Flow Graph (CFG) by using the dynamic symbolic execution. Then, the case theory is used to establish the access control model for the access objects. Subsequently, to describe some access properties of the objects while a program is running, we present a control flow based Extended Program Behavior model with Finite-State Machine controlled parameters (EPBFSM) by adding constraints to the control flow model. Finally, the new fuzzed inputs are generated by resolving the constraints resulting from the EPBFSM. By combining the program behavior with the security model, we can find not only the possible path-aware vulnerabilities but also the possible access control objects-aware vulnerabilities.
Keywords :
finite state machines; flow graphs; program testing; access control model; access object; automated directed fuzzing technique; behavior information; case theory; control flow graph; dynamic symbolic execution; extended program behavior; finite state machine controlled parameters; objects aware vulnerability; Access control; Analytical models; Computational modeling; Instruments; Software; Testing; access control model; control flow graph; directed fuzzing; dynamic symbolic execution; extended program behavior model; finite-state machine;
Conference_Titel :
Instrumentation, Measurement, Computer, Communication and Control (IMCCC), 2012 Second International Conference on
Conference_Location :
Harbin
Print_ISBN :
978-1-4673-5034-1
DOI :
10.1109/IMCCC.2012.382
