Concolic Execution on Small-Size Binaries: Challenges and Empirical Study

2017 47th Annual IEEE/IFIP International Conference on Dependable Systems and Networks (DSN) Pub Date : 2017-06-01 DOI:10.1109/DSN.2017.11

Hui Xu, Yangfan Zhou, Yu Kang, Michael R. Lyu

{"title":"Concolic Execution on Small-Size Binaries: Challenges and Empirical Study","authors":"Hui Xu, Yangfan Zhou, Yu Kang, Michael R. Lyu","doi":"10.1109/DSN.2017.11","DOIUrl":null,"url":null,"abstract":"Concolic execution has achieved great success in many binary analysis tasks. However, it is still not a primary option for industrial usage. A well-known reason is that concolic execution cannot scale up to large-size programs. Many research efforts have focused on improving its scalability. Nonetheless, we find that, even when processing small-size programs, concolic execution suffers a great deal from the accuracy and scalability issues. This paper systematically investigates the challenges that can be introduced even by small-size programs, such as symbolic array and symbolic jump. We further verify that the proposed challenges are non-trivial via real-world experiments with three most popular concolic execution tools: BAP, Triton, and Angr. Among a set of 22 logic bombs we designed, Angr can solve only four cases correctly, while BAP and Triton perform much worse. The results imply that current tools are still primitive for practical industrial usage. We summarize the reasons and release the bombs as open source to facilitate further study.","PeriodicalId":426928,"journal":{"name":"2017 47th Annual IEEE/IFIP International Conference on Dependable Systems and Networks (DSN)","volume":"252 1","pages":"0"},"PeriodicalIF":0.0000,"publicationDate":"2017-06-01","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":"8","resultStr":null,"platform":"Semanticscholar","paperid":null,"PeriodicalName":"2017 47th Annual IEEE/IFIP International Conference on Dependable Systems and Networks (DSN)","FirstCategoryId":"1085","ListUrlMain":"https://doi.org/10.1109/DSN.2017.11","RegionNum":0,"RegionCategory":null,"ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":null,"EPubDate":"","PubModel":"","JCR":"","JCRName":"","Score":null,"Total":0}

引用次数: 8

Abstract

Concolic execution has achieved great success in many binary analysis tasks. However, it is still not a primary option for industrial usage. A well-known reason is that concolic execution cannot scale up to large-size programs. Many research efforts have focused on improving its scalability. Nonetheless, we find that, even when processing small-size programs, concolic execution suffers a great deal from the accuracy and scalability issues. This paper systematically investigates the challenges that can be introduced even by small-size programs, such as symbolic array and symbolic jump. We further verify that the proposed challenges are non-trivial via real-world experiments with three most popular concolic execution tools: BAP, Triton, and Angr. Among a set of 22 logic bombs we designed, Angr can solve only four cases correctly, while BAP and Triton perform much worse. The results imply that current tools are still primitive for practical industrial usage. We summarize the reasons and release the bombs as open source to facilitate further study.

查看原文本刊更多论文

小型二元期权的协同执行:挑战与实证研究

Concolic执行在许多二进制分析任务中取得了巨大的成功。然而，它仍然不是工业应用的主要选择。一个众所周知的原因是，聚合执行无法扩展到大型程序。许多研究工作都集中在提高其可扩展性上。尽管如此，我们发现，即使在处理小型程序时，concolic执行也会受到准确性和可伸缩性问题的严重影响。本文系统地研究了符号数组和符号跳转等小程序可能带来的挑战。我们通过使用三种最流行的结肠执行工具(BAP、Triton和Angr)的实际实验进一步验证了所提出的挑战并非微不足道。在我们设计的22个逻辑炸弹中，Angr只能正确解决4个案例，而BAP和Triton的表现要差得多。结果表明，目前的工具对于实际工业应用来说仍然是原始的。我们总结了原因，并将炸弹作为开源发布，以方便进一步研究。

本文章由计算机程序翻译，如有差异，请以英文原文为准。

求助全文

约1分钟内获得全文求助全文

来源期刊

2017 47th Annual IEEE/IFIP International Conference on Dependable Systems and Networks (DSN)

自引率

0.00%

发文量