{"title":"一种新的方法使圆锥系统更有效","authors":"Hongliang Liang, Zhengyu Li, Minhuan Huang, Xiaoxiao Pei","doi":"10.1109/CSCloud.2017.43","DOIUrl":null,"url":null,"abstract":"Fuzzing is attractive for finding vulnerabilities in binary programs. However, when the application's input space is huge, fuzzing cannot deal with it well. For discovering vulnerabilities more effective, researchers came up concolic testing, and there are much researches on it recently. A common limitation of concolic systems designed to create inputs is that they often concentrate on path-coverage and struggle to exercise deeper paths in the executable under test, but ignore to find those test cases which can trigger the vulnerabilities. In this paper, we present TSM, a novel method for finding potential vulnerabilities in concolic systems, which can help concolic systems more effective for hunting vulnerabilities. We implemented TSM method on a wide-used concolic testing tool-Fuzzgrind, and the evaluation experiments show that TSM can make Fuzzgrind hunt bugs quickly in real-world software, which are hardly found ever before.","PeriodicalId":436299,"journal":{"name":"2017 IEEE 4th International Conference on Cyber Security and Cloud Computing (CSCloud)","volume":"56 1","pages":"0"},"PeriodicalIF":0.0000,"publicationDate":"2017-06-01","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":"0","resultStr":"{\"title\":\"A Novel Method Makes Concolic System More Effective\",\"authors\":\"Hongliang Liang, Zhengyu Li, Minhuan Huang, Xiaoxiao Pei\",\"doi\":\"10.1109/CSCloud.2017.43\",\"DOIUrl\":null,\"url\":null,\"abstract\":\"Fuzzing is attractive for finding vulnerabilities in binary programs. However, when the application's input space is huge, fuzzing cannot deal with it well. For discovering vulnerabilities more effective, researchers came up concolic testing, and there are much researches on it recently. A common limitation of concolic systems designed to create inputs is that they often concentrate on path-coverage and struggle to exercise deeper paths in the executable under test, but ignore to find those test cases which can trigger the vulnerabilities. In this paper, we present TSM, a novel method for finding potential vulnerabilities in concolic systems, which can help concolic systems more effective for hunting vulnerabilities. We implemented TSM method on a wide-used concolic testing tool-Fuzzgrind, and the evaluation experiments show that TSM can make Fuzzgrind hunt bugs quickly in real-world software, which are hardly found ever before.\",\"PeriodicalId\":436299,\"journal\":{\"name\":\"2017 IEEE 4th International Conference on Cyber Security and Cloud Computing (CSCloud)\",\"volume\":\"56 1\",\"pages\":\"0\"},\"PeriodicalIF\":0.0000,\"publicationDate\":\"2017-06-01\",\"publicationTypes\":\"Journal Article\",\"fieldsOfStudy\":null,\"isOpenAccess\":false,\"openAccessPdf\":\"\",\"citationCount\":\"0\",\"resultStr\":null,\"platform\":\"Semanticscholar\",\"paperid\":null,\"PeriodicalName\":\"2017 IEEE 4th International Conference on Cyber Security and Cloud Computing (CSCloud)\",\"FirstCategoryId\":\"1085\",\"ListUrlMain\":\"https://doi.org/10.1109/CSCloud.2017.43\",\"RegionNum\":0,\"RegionCategory\":null,\"ArticlePicture\":[],\"TitleCN\":null,\"AbstractTextCN\":null,\"PMCID\":null,\"EPubDate\":\"\",\"PubModel\":\"\",\"JCR\":\"\",\"JCRName\":\"\",\"Score\":null,\"Total\":0}","platform":"Semanticscholar","paperid":null,"PeriodicalName":"2017 IEEE 4th International Conference on Cyber Security and Cloud Computing (CSCloud)","FirstCategoryId":"1085","ListUrlMain":"https://doi.org/10.1109/CSCloud.2017.43","RegionNum":0,"RegionCategory":null,"ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":null,"EPubDate":"","PubModel":"","JCR":"","JCRName":"","Score":null,"Total":0}
A Novel Method Makes Concolic System More Effective
Fuzzing is attractive for finding vulnerabilities in binary programs. However, when the application's input space is huge, fuzzing cannot deal with it well. For discovering vulnerabilities more effective, researchers came up concolic testing, and there are much researches on it recently. A common limitation of concolic systems designed to create inputs is that they often concentrate on path-coverage and struggle to exercise deeper paths in the executable under test, but ignore to find those test cases which can trigger the vulnerabilities. In this paper, we present TSM, a novel method for finding potential vulnerabilities in concolic systems, which can help concolic systems more effective for hunting vulnerabilities. We implemented TSM method on a wide-used concolic testing tool-Fuzzgrind, and the evaluation experiments show that TSM can make Fuzzgrind hunt bugs quickly in real-world software, which are hardly found ever before.
求助内容:
应助结果提醒方式:
京公网安备 11010802042870号
