Browse > Article
http://dx.doi.org/10.13089/JKIISC.2014.24.3.437

Graph based Binary Code Execution Path Exploration Platform for Dynamic Symbolic Execution  

Kang, Byeongho (Department of Computer and Software, Hanyang University)
Im, Eul Gyu (Division of Computer Science and Engineering, Hanyang University)
Publication Information
Journal of the Korea Institute of Information Security & Cryptology / v.24, no.3, 2014 , pp. 437-444 More about this Journal
Abstract
In this paper, we introduce a Graph based Binary Code Execution Path Exploration Platform. In the graph, a node is defined as a conditional branch instruction, and an edge is defined as the other instructions. We implemented prototype of the proposed method and works well on real binary code. Experimental results show proposed method correctly explores execution path of target binary code. We expect our method can help Software Assurance, Secure Programming, and Malware Analysis more correct and efficient.
Keywords
Execution Path Exploration; Code Coverage Improvement; Symbolic Execution; Taint Analysis;
Citations & Related Records
연도 인용수 순위
  • Reference
1 S. Bucur, V. Ureche, C. Zamfir, and G. Candea. "Parallel Symbolic Execution for Automated Real-World Software Testing." EuroSys 2011. pp. 183-198, 2011.
2 C.K. Luk, R. Cohn, R. Muth, H. Patil, A. Klauser, G. Lowney, S. Wallace, V.J. Reddi, and K. Hazelwood, "Pin: Building Customized Program Analysis Tools with Dynamic Instrumentation," ACM SIGPLAN Notices, vol. 40, no. 6, pp. 190-200, 2005.   DOI
3 B. Dutertre, and L.D. Moura, "The Yices Smt Solver," http://yices.csl.sri.com/tool-paper.pdf, pp. 2, 2006.
4 F. Bellard, "QEMU, A Fast and Portable Dynamic Translator," USENIX Annual Technical Conference, pp. 41-46, 2005.
5 C. Cadar, D. Dunbar, and D.R. Engler, "KLEE: Unassisted and Automatic Generation of High-Coverage Tests for Complex Systems Programs," Proceedings of OSDI, vol. 8, pp. 209-224, 2008.
6 V. Chipounov, V. Kuznetsov, and G. Candea, "S2E: A Platform for In-Vivo Multi-Path Analysis of Software Systems," ACM SIGARCH Computer Architecture News, vol. 39, no. 1, pp. 265-278, 2011.   DOI
7 M. Maurer, and D. Brumley, "TACHYON: Tandem Execution for Efficient Live Patch Testing," Proceedings of the 21st USENIX Security Symposium, pp. 617, 2012.
8 T. Wang, T. Wei, G. Gu, and W. Zou, "TaintScope: A Checksum-Aware Directed Fuzzing Tool for Automatic Software Vulnerability Detection," Proceedings of the 31st IEEE Symposium on Security and Privacy, pp. 497-512, 2010.
9 K. Sen, D. Marinov, and G. Agha, "CUTE: A Concolic Unit Testing Engine for C," Proceedings of the 5th Joint meeting of the European Software Engineering Conference and ACM SIGSOFT Symposium on the Foundations of Software Engineering, 2005.
10 C. Cadar, V. Ganesh, P. M. Pawlowski, David L. Dill, and Dawson R. Engler, "EXE: Automatically Generating Inputs of Death," ACM Transactions on Information and System Security, vol. 12, no. 2, pp. 10, 2008.
11 R. Majumdar, and K. Sen, "Hybrid Concolic Testing," Proceedings of IEEE 29th International Conference on Software Engineering, pp. 416-426, 2007.
12 P. Godefroid, M.Y. Levin, and D. Molnar, "Sage: Whitebox Fuzzing for Security Testing," Queue, vol. 10, no. 1, pp. 20, 2012.
13 V. Ganesh, T. Leek, and M. Rinard, "Taint-Based Directed Whitebox Fuzzing," Proceedings of IEEE 31st International Conference on Software Engineering, pp. 474-484, 2009.
14 J. Bau, E. Bursztein, D. Gupta, and J. Mitchell, "State of the Art: Automated Black-Box Web Application Vulnerability Testing," IEEE Symposium on Security and Privacy, pp. 332-345, 2010.
15 D. Song, D. Brumley, H. Yin, J. Caballero, I. Jager, M.G. Kang, Z. Liang, J. Newsome, P. Poosankam, and P. Saxena, "BitBlaze: A New Approach to Computer Security via Binary Analysis," Proceedings of the 4th International Conference on Information Systems Security. Keynote invited paper, 2008.
16 K. Jayaraman, D. Harvison, V. Ganesh, and A. Kiezun, "jFuzz: A Concolic Whitebox Fuzzer for Java," NASA Formal Methods, pp. 121-125, 2009.
17 C.Y. Cho, D. Babic, P. Poosankam, K.Z. Chen, E.X. Wu, and D. Song, "MACE: Model-Inference-Assisted Concolic Exploration for Protocol and Vulnerability Discovery," USENIX Security Symposium, 2011.
18 A. Bessey, K. Block, B. Chelf, A. Chou, B. Fulton, S. Hallem, C. Henri-Gros, A. Kamsky, S. McPeak, and D. Engler, "A Few Billion Lines of Code Later: using Static Analysis to Find Bugs in the Real World," Communications of the ACM, vol. 53, no. 2, pp. 66-75, 2010.
19 A. Moser, C. Kruegel, and E. Kirda, "Limits of Static Analysis for Malware Detection," Proceedings of the 23th Computer Security Applications Conference, pp. 421-430, 2007.