Search-Based Concolic Execution for SW Vulnerability Discovery
Huge amounts of software appear nowadays. The more the number of software increases, the more increased software vulnerabilities are. Although some automatic methods have been proposed in order to detect and remove software vulnerabilities, they still require a lot of time so they have a limitation...
Gespeichert in:
| Veröffentlicht in: | IEICE Transactions on Information and Systems 2018/10/01, Vol.E101.D(10), pp.2526-2529 |
|---|---|
| Hauptverfasser: | , , |
| Format: | Artikel |
| Sprache: | eng |
| Schlagworte: | |
| Online-Zugang: | Volltext |
| Tags: |
Tag hinzufügen
Keine Tags, Fügen Sie den ersten Tag hinzu!
|
| container_end_page | 2529 |
|---|---|
| container_issue | 10 |
| container_start_page | 2526 |
| container_title | IEICE Transactions on Information and Systems |
| container_volume | E101.D |
| creator | FAYOZBEK, Rustamov CHOI, Minjun YUN, Joobeom |
| description | Huge amounts of software appear nowadays. The more the number of software increases, the more increased software vulnerabilities are. Although some automatic methods have been proposed in order to detect and remove software vulnerabilities, they still require a lot of time so they have a limitation in the real world. To solve this problem, we propose BugHunter which automatically tests a binary file compiled with a C++ compiler. It searches for unsafe API calls and automatically executes to the program block that have an unsafe API call. Also, we showed that BugHunter is more efficient than angr through experiments. As a result, BugHunter is very helpful to find a software vulnerability in a short time. |
| doi_str_mv | 10.1587/transinf.2018EDL8052 |
| format | Article |
| fullrecord | <record><control><sourceid>proquest_cross</sourceid><recordid>TN_cdi_proquest_journals_2303796915</recordid><sourceformat>XML</sourceformat><sourcesystem>PC</sourcesystem><sourcerecordid>2303796915</sourcerecordid><originalsourceid>FETCH-LOGICAL-c454t-a24ed86f15c9facc10dbd5841b32bb289fe76b25a23ba5258612c8e91a2779873</originalsourceid><addsrcrecordid>eNpNkMtOwzAQRS0EEqXwBywisU7x2HHibJCgDQ-pEovyWFqO41BXIS62g8jfk6qldDV3cc4d6SJ0CXgCjGfXwcnWm7aeEAy8mM05ZuQIjSBLWAw0hWM0wjmkMWeUnKIz71d4AAmwEbpZaOnUMr6TXlfR1LbKNkZFxY9WXTC2jWrrosV79NY1rXayNI0JfTQzXtlv7fpzdFLLxuuL3R2j1_viZfoYz58fnqa381glLAmxJImueFoDU3ktlQJclRXjCZSUlCXhea2ztCRMElpKRhhPgSiuc5Aky3Ke0TG62vaunf3qtA9iZTvXDi8FoZhmeZoDG6hkSylnvXe6FmtnPqXrBWCxWUr8LSUOlhq0xVZb-SA_9F6SLhjV6H-pAAxitinbpYOWPa2W0gnd0l_yC3sC</addsrcrecordid><sourcetype>Aggregation Database</sourcetype><iscdi>true</iscdi><recordtype>article</recordtype><pqid>2303796915</pqid></control><display><type>article</type><title>Search-Based Concolic Execution for SW Vulnerability Discovery</title><source>J-STAGE Free</source><source>Elektronische Zeitschriftenbibliothek - Frei zugängliche E-Journals</source><creator>FAYOZBEK, Rustamov ; CHOI, Minjun ; YUN, Joobeom</creator><creatorcontrib>FAYOZBEK, Rustamov ; CHOI, Minjun ; YUN, Joobeom</creatorcontrib><description>Huge amounts of software appear nowadays. The more the number of software increases, the more increased software vulnerabilities are. Although some automatic methods have been proposed in order to detect and remove software vulnerabilities, they still require a lot of time so they have a limitation in the real world. To solve this problem, we propose BugHunter which automatically tests a binary file compiled with a C++ compiler. It searches for unsafe API calls and automatically executes to the program block that have an unsafe API call. Also, we showed that BugHunter is more efficient than angr through experiments. As a result, BugHunter is very helpful to find a software vulnerability in a short time.</description><identifier>ISSN: 0916-8532</identifier><identifier>EISSN: 1745-1361</identifier><identifier>DOI: 10.1587/transinf.2018EDL8052</identifier><language>eng</language><publisher>Tokyo: The Institute of Electronics, Information and Communication Engineers</publisher><subject>concolic execution ; Product design ; search-based ; Software ; Software reliability ; vulnerability</subject><ispartof>IEICE Transactions on Information and Systems, 2018/10/01, Vol.E101.D(10), pp.2526-2529</ispartof><rights>2018 The Institute of Electronics, Information and Communication Engineers</rights><rights>Copyright Japan Science and Technology Agency 2018</rights><lds50>peer_reviewed</lds50><oa>free_for_read</oa><woscitedreferencessubscribed>false</woscitedreferencessubscribed><citedby>FETCH-LOGICAL-c454t-a24ed86f15c9facc10dbd5841b32bb289fe76b25a23ba5258612c8e91a2779873</citedby><cites>FETCH-LOGICAL-c454t-a24ed86f15c9facc10dbd5841b32bb289fe76b25a23ba5258612c8e91a2779873</cites></display><links><openurl>$$Topenurl_article</openurl><openurlfulltext>$$Topenurlfull_article</openurlfulltext><thumbnail>$$Tsyndetics_thumb_exl</thumbnail><link.rule.ids>314,780,784,1883,27924,27925</link.rule.ids></links><search><creatorcontrib>FAYOZBEK, Rustamov</creatorcontrib><creatorcontrib>CHOI, Minjun</creatorcontrib><creatorcontrib>YUN, Joobeom</creatorcontrib><title>Search-Based Concolic Execution for SW Vulnerability Discovery</title><title>IEICE Transactions on Information and Systems</title><addtitle>IEICE Trans. Inf. & Syst.</addtitle><description>Huge amounts of software appear nowadays. The more the number of software increases, the more increased software vulnerabilities are. Although some automatic methods have been proposed in order to detect and remove software vulnerabilities, they still require a lot of time so they have a limitation in the real world. To solve this problem, we propose BugHunter which automatically tests a binary file compiled with a C++ compiler. It searches for unsafe API calls and automatically executes to the program block that have an unsafe API call. Also, we showed that BugHunter is more efficient than angr through experiments. As a result, BugHunter is very helpful to find a software vulnerability in a short time.</description><subject>concolic execution</subject><subject>Product design</subject><subject>search-based</subject><subject>Software</subject><subject>Software reliability</subject><subject>vulnerability</subject><issn>0916-8532</issn><issn>1745-1361</issn><fulltext>true</fulltext><rsrctype>article</rsrctype><creationdate>2018</creationdate><recordtype>article</recordtype><recordid>eNpNkMtOwzAQRS0EEqXwBywisU7x2HHibJCgDQ-pEovyWFqO41BXIS62g8jfk6qldDV3cc4d6SJ0CXgCjGfXwcnWm7aeEAy8mM05ZuQIjSBLWAw0hWM0wjmkMWeUnKIz71d4AAmwEbpZaOnUMr6TXlfR1LbKNkZFxY9WXTC2jWrrosV79NY1rXayNI0JfTQzXtlv7fpzdFLLxuuL3R2j1_viZfoYz58fnqa381glLAmxJImueFoDU3ktlQJclRXjCZSUlCXhea2ztCRMElpKRhhPgSiuc5Aky3Ke0TG62vaunf3qtA9iZTvXDi8FoZhmeZoDG6hkSylnvXe6FmtnPqXrBWCxWUr8LSUOlhq0xVZb-SA_9F6SLhjV6H-pAAxitinbpYOWPa2W0gnd0l_yC3sC</recordid><startdate>20181001</startdate><enddate>20181001</enddate><creator>FAYOZBEK, Rustamov</creator><creator>CHOI, Minjun</creator><creator>YUN, Joobeom</creator><general>The Institute of Electronics, Information and Communication Engineers</general><general>Japan Science and Technology Agency</general><scope>AAYXX</scope><scope>CITATION</scope><scope>7SC</scope><scope>8FD</scope><scope>JQ2</scope><scope>L7M</scope><scope>L~C</scope><scope>L~D</scope></search><sort><creationdate>20181001</creationdate><title>Search-Based Concolic Execution for SW Vulnerability Discovery</title><author>FAYOZBEK, Rustamov ; CHOI, Minjun ; YUN, Joobeom</author></sort><facets><frbrtype>5</frbrtype><frbrgroupid>cdi_FETCH-LOGICAL-c454t-a24ed86f15c9facc10dbd5841b32bb289fe76b25a23ba5258612c8e91a2779873</frbrgroupid><rsrctype>articles</rsrctype><prefilter>articles</prefilter><language>eng</language><creationdate>2018</creationdate><topic>concolic execution</topic><topic>Product design</topic><topic>search-based</topic><topic>Software</topic><topic>Software reliability</topic><topic>vulnerability</topic><toplevel>peer_reviewed</toplevel><toplevel>online_resources</toplevel><creatorcontrib>FAYOZBEK, Rustamov</creatorcontrib><creatorcontrib>CHOI, Minjun</creatorcontrib><creatorcontrib>YUN, Joobeom</creatorcontrib><collection>CrossRef</collection><collection>Computer and Information Systems Abstracts</collection><collection>Technology Research Database</collection><collection>ProQuest Computer Science Collection</collection><collection>Advanced Technologies Database with Aerospace</collection><collection>Computer and Information Systems Abstracts Academic</collection><collection>Computer and Information Systems Abstracts Professional</collection><jtitle>IEICE Transactions on Information and Systems</jtitle></facets><delivery><delcategory>Remote Search Resource</delcategory><fulltext>fulltext</fulltext></delivery><addata><au>FAYOZBEK, Rustamov</au><au>CHOI, Minjun</au><au>YUN, Joobeom</au><format>journal</format><genre>article</genre><ristype>JOUR</ristype><atitle>Search-Based Concolic Execution for SW Vulnerability Discovery</atitle><jtitle>IEICE Transactions on Information and Systems</jtitle><addtitle>IEICE Trans. Inf. & Syst.</addtitle><date>2018-10-01</date><risdate>2018</risdate><volume>E101.D</volume><issue>10</issue><spage>2526</spage><epage>2529</epage><pages>2526-2529</pages><issn>0916-8532</issn><eissn>1745-1361</eissn><abstract>Huge amounts of software appear nowadays. The more the number of software increases, the more increased software vulnerabilities are. Although some automatic methods have been proposed in order to detect and remove software vulnerabilities, they still require a lot of time so they have a limitation in the real world. To solve this problem, we propose BugHunter which automatically tests a binary file compiled with a C++ compiler. It searches for unsafe API calls and automatically executes to the program block that have an unsafe API call. Also, we showed that BugHunter is more efficient than angr through experiments. As a result, BugHunter is very helpful to find a software vulnerability in a short time.</abstract><cop>Tokyo</cop><pub>The Institute of Electronics, Information and Communication Engineers</pub><doi>10.1587/transinf.2018EDL8052</doi><tpages>4</tpages><oa>free_for_read</oa></addata></record> |
| fulltext | fulltext |
| identifier | ISSN: 0916-8532 |
| ispartof | IEICE Transactions on Information and Systems, 2018/10/01, Vol.E101.D(10), pp.2526-2529 |
| issn | 0916-8532 1745-1361 |
| language | eng |
| recordid | cdi_proquest_journals_2303796915 |
| source | J-STAGE Free; Elektronische Zeitschriftenbibliothek - Frei zugängliche E-Journals |
| subjects | concolic execution Product design search-based Software Software reliability vulnerability |
| title | Search-Based Concolic Execution for SW Vulnerability Discovery |
| url | https://sfx.bib-bvb.de/sfx_tum?ctx_ver=Z39.88-2004&ctx_enc=info:ofi/enc:UTF-8&ctx_tim=2024-12-19T07%3A07%3A27IST&url_ver=Z39.88-2004&url_ctx_fmt=infofi/fmt:kev:mtx:ctx&rfr_id=info:sid/primo.exlibrisgroup.com:primo3-Article-proquest_cross&rft_val_fmt=info:ofi/fmt:kev:mtx:journal&rft.genre=article&rft.atitle=Search-Based%20Concolic%20Execution%20for%20SW%20Vulnerability%20Discovery&rft.jtitle=IEICE%20Transactions%20on%20Information%20and%20Systems&rft.au=FAYOZBEK,%20Rustamov&rft.date=2018-10-01&rft.volume=E101.D&rft.issue=10&rft.spage=2526&rft.epage=2529&rft.pages=2526-2529&rft.issn=0916-8532&rft.eissn=1745-1361&rft_id=info:doi/10.1587/transinf.2018EDL8052&rft_dat=%3Cproquest_cross%3E2303796915%3C/proquest_cross%3E%3Curl%3E%3C/url%3E&disable_directlink=true&sfx.directlink=off&sfx.report_link=0&rft_id=info:oai/&rft_pqid=2303796915&rft_id=info:pmid/&rfr_iscdi=true |