| Title | S2F: Discover Hard-to-Reach Vulnerabilities by Semi-Symbolic Fuzz Testing |
| Publication Type | Conference Paper |
| Year of Publication | 2017 |
| Authors | Zhang, B., Ye, J., Feng, C., Tang, C. |
| Conference Name | 2017 13th International Conference on Computational Intelligence and Security (CIS) |
| Date Published | dec |
| Keywords | Binary Analysis, compositionality, Computer bugs, Explosions, Fuzz Testing, fuzzing, fuzzy set theory, hard-to-reach vulnerabilities, Human Behavior, low frequency input, Metrics, path explosion, program testing, Prototypes, pubcrawl, Resiliency, semisymbolic fuzz testing, software tools, Software Vulnerability, symbolic execution, test case generation, Tools, vulnerability detection, vulnerability detection tools |
| Abstract | Fuzz testing is a popular program testing technique. However, it is difficult to find hard-to-reach vulnerabilities that are nested with complex branches. In this paper, we propose semi-symbolic fuzz testing to discover hard-to-reach vulnerabilities. Our method groups inputs into high frequency and low frequency ones. Then symbolic execution is utilized to solve only uncovered branches to mitigate the path explosion problem. Especially, in order to play the advantages of fuzz testing, our method locates critical branch for each low frequency input and corrects the generated test cases to comfort the branch condition. We also implemented a prototype\textbackslashtextbarS2F, and the experimental results show that S2F can gain 17.70% coverage performance and discover more hard-to-reach vulnerabilities than other vulnerability detection tools for our benchmark. |
| DOI | 10.1109/CIS.2017.00127 |
| Citation Key | zhang_s2f:_2017 |
S2F: Discover Hard-to-Reach Vulnerabilities by Semi-Symbolic Fuzz Testing