Program Vulnerability Mining System based on Symbolic Execution

Proceedings of the 2022 7th International Conference on Intelligent Information Technology Pub Date : 2022-02-25 DOI:10.1145/3524889.3524903

Bailin Xie, Qi Li, Jiabin Luo

{"title":"Program Vulnerability Mining System based on Symbolic Execution","authors":"Bailin Xie, Qi Li, Jiabin Luo","doi":"10.1145/3524889.3524903","DOIUrl":null,"url":null,"abstract":"In recent years, vulnerability mining is a hot topic. Existing vulnerability mining methods of binary program are mainly based on fuzzy testing. These methods discover vulnerabilities by continuously inputting random data into the target program, in order to trigger the binary program's errors. However, the vulnerability output of these methods mainly depends on the input random data. The coverage rate of program execution path is low in these methods. In order to improve the coverage rate of program execution path and discover more unknown vulnerabilities, this paper presents an automatic vulnerability mining system based on symbolic execution. This system discovers vulnerabilities by performing constraint check on each execution path of the binary program. This system contains five modules, and each module is responsible for mining a type of vulnerabilities. This system has been developed based on the Python's Angr module. An experiment based on test programs is conducted to evaluate this system. The experimental results validate the effectiveness of this system. The experiment results also show that this system can discover most of the binary program's execution paths.","PeriodicalId":129277,"journal":{"name":"Proceedings of the 2022 7th International Conference on Intelligent Information Technology","volume":"23 1","pages":"0"},"PeriodicalIF":0.0000,"publicationDate":"2022-02-25","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":"0","resultStr":null,"platform":"Semanticscholar","paperid":null,"PeriodicalName":"Proceedings of the 2022 7th International Conference on Intelligent Information Technology","FirstCategoryId":"1085","ListUrlMain":"https://doi.org/10.1145/3524889.3524903","RegionNum":0,"RegionCategory":null,"ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":null,"EPubDate":"","PubModel":"","JCR":"","JCRName":"","Score":null,"Total":0}

引用次数: 0

Abstract

In recent years, vulnerability mining is a hot topic. Existing vulnerability mining methods of binary program are mainly based on fuzzy testing. These methods discover vulnerabilities by continuously inputting random data into the target program, in order to trigger the binary program's errors. However, the vulnerability output of these methods mainly depends on the input random data. The coverage rate of program execution path is low in these methods. In order to improve the coverage rate of program execution path and discover more unknown vulnerabilities, this paper presents an automatic vulnerability mining system based on symbolic execution. This system discovers vulnerabilities by performing constraint check on each execution path of the binary program. This system contains five modules, and each module is responsible for mining a type of vulnerabilities. This system has been developed based on the Python's Angr module. An experiment based on test programs is conducted to evaluate this system. The experimental results validate the effectiveness of this system. The experiment results also show that this system can discover most of the binary program's execution paths.

查看原文本刊更多论文

基于符号执行的程序漏洞挖掘系统

漏洞挖掘是近年来的研究热点。现有的二进制程序漏洞挖掘方法主要基于模糊测试。这些方法通过不断向目标程序中输入随机数据来发现漏洞，从而触发二进制程序的错误。然而，这些方法的漏洞输出主要依赖于输入的随机数据。在这些方法中，程序执行路径的覆盖率较低。为了提高程序执行路径的覆盖率，发现更多未知漏洞，本文提出了一种基于符号执行的漏洞自动挖掘系统。该系统通过对二进制程序的每个执行路径进行约束检查来发现漏洞。该系统包含五个模块，每个模块负责挖掘一种类型的漏洞。该系统是基于Python的Angr模块开发的。基于测试程序的实验对该系统进行了评估。实验结果验证了该系统的有效性。实验结果还表明，该系统能够发现大部分二进制程序的执行路径。

本文章由计算机程序翻译，如有差异，请以英文原文为准。

求助全文

约1分钟内获得全文求助全文

来源期刊

Proceedings of the 2022 7th International Conference on Intelligent Information Technology

自引率

0.00%

发文量