Repository logo

Infoscience

  • English
  • French
Log In
Logo EPFL, École polytechnique fédérale de Lausanne

Infoscience

  • English
  • French
Log In
  1. Home
  2. Academic and Research Output
  3. Journal articles
  4. Discover deeper bugs with dynamic symbolic execution and coverage-based fuzz testing
 
Loading...
Thumbnail Image
research article

Discover deeper bugs with dynamic symbolic execution and coverage-based fuzz testing

Zhang, Bin
•
Feng, Chao
•
Herrera, Adrian
Show more
December 1, 2018
Iet Software

Coverage-based fuzz testing and dynamic symbolic execution are both popular program testing techniques. However, on their own, both techniques suffer from scalability problems when considering the complexity of modern software. Hybrid testing methods attempt to mitigate these problems by leveraging dynamic symbolic execution to assist fuzz testing. Unfortunately, the efficiency of such methods is still limited by specific program structures and the schedule of seed files. In this study, the authors introduce a novel lazy symbolic pointer concretisation method and a symbolic loop bucket optimisation to mitigate path explosion caused by dynamic symbolic execution in hybrid testing. They also propose a distance-based seed selection method to rearrange the seed queue of the fuzzer engine in order to achieve higher coverage. They implemented a prototype and evaluate its ability to find vulnerabilities in software and cover new execution paths. They show on different benchmarks that it can find more crashes than other off-the-shelf vulnerability detection tools. They also show that the proposed method can discover 43% more unique paths than vanilla fuzz testing.

  • Details
  • Metrics
Type
research article
DOI
10.1049/iet-sen.2017.0200
Web of Science ID

WOS:000452742700008

Author(s)
Zhang, Bin
•
Feng, Chao
•
Herrera, Adrian
•
Chipounov, Vitaly  
•
Candea, George  
•
Tang, Chaojing
Date Issued

2018-12-01

Publisher

INST ENGINEERING TECHNOLOGY-IET

Published in
Iet Software
Volume

12

Issue

6

Start page

507

End page

519

Subjects

Computer Science, Software Engineering

•

Computer Science

•

program testing

•

security of data

•

program debugging

•

fuzzy set theory

•

symbolic loop bucket optimisation

•

seed selection method

•

execution paths

•

vanilla fuzz testing

•

popular program testing techniques

•

dynamic symbolic execution

•

hybrid testing methods

•

lazy symbolic pointer concretisation method

•

deeper bugs

•

coverage-based fuzz testing

•

modern software complexity

•

program structures

•

seed files

•

off-the-shelf vulnerability detection tools

•

prioritization

Peer reviewed

REVIEWED

Written at

EPFL

EPFL units
DSLAB  
Available on Infoscience
December 29, 2018
Use this identifier to reference this record
https://infoscience.epfl.ch/handle/20.500.14299/153265
Logo EPFL, École polytechnique fédérale de Lausanne
  • Contact
  • infoscience@epfl.ch

  • Follow us on Facebook
  • Follow us on Instagram
  • Follow us on LinkedIn
  • Follow us on X
  • Follow us on Youtube
AccessibilityLegal noticePrivacy policyCookie settingsEnd User AgreementGet helpFeedback

Infoscience is a service managed and provided by the Library and IT Services of EPFL. © EPFL, tous droits réservés