Search-Based Concolic Execution for SW Vulnerability Discovery
Summary :
Huge amounts of software appear nowadays. The more the number of software increases, the more increased software vulnerabilities are. Although some automatic methods have been proposed in order to detect and remove software vulnerabilities, they still require a lot of time so they have a limitation in the real world. To solve this problem, we propose BugHunter which automatically tests a binary file compiled with a C++ compiler. It searches for unsafe API calls and automatically executes to the program block that have an unsafe API call. Also, we showed that BugHunter is more efficient than angr through experiments. As a result, BugHunter is very helpful to find a software vulnerability in a short time.
- Publication
- IEICE TRANSACTIONS on Information Vol.E101-D No.10 pp.2526-2529
- Publication Date
- 2018/10/01
- Publicized
- 2018/07/02
- Online ISSN
- 1745-1361
- DOI
- 10.1587/transinf.2018EDL8052
- Type of Manuscript
- LETTER
- Category
- Data Engineering, Web Information Systems
Authors
Rustamov FAYOZBEK
Sejong University
Minjun CHOI
Sejong University
Joobeom YUN
Sejong University
Keyword
Latest Issue
Copyrights notice of machine-translated contents
The copyright of the original papers published on this site belongs to IEICE. Unauthorized use of the original or translated papers is prohibited. See IEICE Provisions on Copyright for details.
Cite this
Copy
Rustamov FAYOZBEK, Minjun CHOI, Joobeom YUN, "Search-Based Concolic Execution for SW Vulnerability Discovery" in IEICE TRANSACTIONS on Information,
vol. E101-D, no. 10, pp. 2526-2529, October 2018, doi: 10.1587/transinf.2018EDL8052.
Abstract: Huge amounts of software appear nowadays. The more the number of software increases, the more increased software vulnerabilities are. Although some automatic methods have been proposed in order to detect and remove software vulnerabilities, they still require a lot of time so they have a limitation in the real world. To solve this problem, we propose BugHunter which automatically tests a binary file compiled with a C++ compiler. It searches for unsafe API calls and automatically executes to the program block that have an unsafe API call. Also, we showed that BugHunter is more efficient than angr through experiments. As a result, BugHunter is very helpful to find a software vulnerability in a short time.
URL: https://global.ieice.org/en_transactions/information/10.1587/transinf.2018EDL8052/_p
Copy
@ARTICLE{e101-d_10_2526,
author={Rustamov FAYOZBEK, Minjun CHOI, Joobeom YUN, },
journal={IEICE TRANSACTIONS on Information},
title={Search-Based Concolic Execution for SW Vulnerability Discovery},
year={2018},
volume={E101-D},
number={10},
pages={2526-2529},
abstract={Huge amounts of software appear nowadays. The more the number of software increases, the more increased software vulnerabilities are. Although some automatic methods have been proposed in order to detect and remove software vulnerabilities, they still require a lot of time so they have a limitation in the real world. To solve this problem, we propose BugHunter which automatically tests a binary file compiled with a C++ compiler. It searches for unsafe API calls and automatically executes to the program block that have an unsafe API call. Also, we showed that BugHunter is more efficient than angr through experiments. As a result, BugHunter is very helpful to find a software vulnerability in a short time.},
keywords={},
doi={10.1587/transinf.2018EDL8052},
ISSN={1745-1361},
month={October},}
Copy
TY - JOUR
TI - Search-Based Concolic Execution for SW Vulnerability Discovery
T2 - IEICE TRANSACTIONS on Information
SP - 2526
EP - 2529
AU - Rustamov FAYOZBEK
AU - Minjun CHOI
AU - Joobeom YUN
PY - 2018
DO - 10.1587/transinf.2018EDL8052
JO - IEICE TRANSACTIONS on Information
SN - 1745-1361
VL - E101-D
IS - 10
JA - IEICE TRANSACTIONS on Information
Y1 - October 2018
AB - Huge amounts of software appear nowadays. The more the number of software increases, the more increased software vulnerabilities are. Although some automatic methods have been proposed in order to detect and remove software vulnerabilities, they still require a lot of time so they have a limitation in the real world. To solve this problem, we propose BugHunter which automatically tests a binary file compiled with a C++ compiler. It searches for unsafe API calls and automatically executes to the program block that have an unsafe API call. Also, we showed that BugHunter is more efficient than angr through experiments. As a result, BugHunter is very helpful to find a software vulnerability in a short time.
ER -
English
