Search-Based Concolic Execution for SW Vulnerability Discovery

Search-Based Concolic Execution for SW Vulnerability Discovery

Huge amounts of software appear nowadays. The more the number of software increases, the more increased software vulnerabilities are. Although some automatic methods have been proposed in order to detect and remove software vulnerabilities, they still require a lot of time so they have a limitation...

Ausführliche Beschreibung

Gespeichert in:
Bibliographische Detailangaben
Veröffentlicht in:IEICE Transactions on Information and Systems 2018/10/01, Vol.E101.D(10), pp.2526-2529
Hauptverfasser: FAYOZBEK, Rustamov, CHOI, Minjun, YUN, Joobeom
Format: Artikel
Sprache:eng
Schlagworte:
concolic execution
Product design
search-based
Software
Software reliability
vulnerability
Online-Zugang:Volltext
Tags: Tag hinzufügen
Keine Tags, Fügen Sie den ersten Tag hinzu!
Beschreibung
Zusammenfassung:Huge amounts of software appear nowadays. The more the number of software increases, the more increased software vulnerabilities are. Although some automatic methods have been proposed in order to detect and remove software vulnerabilities, they still require a lot of time so they have a limitation in the real world. To solve this problem, we propose BugHunter which automatically tests a binary file compiled with a C++ compiler. It searches for unsafe API calls and automatically executes to the program block that have an unsafe API call. Also, we showed that BugHunter is more efficient than angr through experiments. As a result, BugHunter is very helpful to find a software vulnerability in a short time.
ISSN:0916-8532
1745-1361
DOI:10.1587/transinf.2018EDL8052