Visible to the public S2F: Discover Hard-to-Reach Vulnerabilities by Semi-Symbolic Fuzz Testing

TitleS2F: Discover Hard-to-Reach Vulnerabilities by Semi-Symbolic Fuzz Testing
Publication TypeConference Paper
Year of Publication2017
AuthorsZhang, B., Ye, J., Feng, C., Tang, C.
Conference Name2017 13th International Conference on Computational Intelligence and Security (CIS)
Date Publisheddec
KeywordsBinary Analysis, compositionality, Computer bugs, Explosions, Fuzz Testing, fuzzing, fuzzy set theory, hard-to-reach vulnerabilities, Human Behavior, low frequency input, Metrics, path explosion, program testing, Prototypes, pubcrawl, Resiliency, semisymbolic fuzz testing, software tools, Software Vulnerability, symbolic execution, test case generation, Tools, vulnerability detection, vulnerability detection tools
AbstractFuzz testing is a popular program testing technique. However, it is difficult to find hard-to-reach vulnerabilities that are nested with complex branches. In this paper, we propose semi-symbolic fuzz testing to discover hard-to-reach vulnerabilities. Our method groups inputs into high frequency and low frequency ones. Then symbolic execution is utilized to solve only uncovered branches to mitigate the path explosion problem. Especially, in order to play the advantages of fuzz testing, our method locates critical branch for each low frequency input and corrects the generated test cases to comfort the branch condition. We also implemented a prototype\textbackslashtextbarS2F, and the experimental results show that S2F can gain 17.70% coverage performance and discover more hard-to-reach vulnerabilities than other vulnerability detection tools for our benchmark.
Citation Keyzhang_s2f:_2017