• Title/Summary/Keyword: dynamic symbolic execution

Search Result 13, Processing Time 0.016 seconds

Input File Based Dynamic Symbolic Execution Method for Software Safety Verification (소프트웨어 안전성 검증을 위한 입력 파일 기반 동적 기호 실행 방법)

  • Park, Sunghyun;Kang, Sangyong;Kim, Hwisung;Noh, Bongnam
    • Journal of the Korea Institute of Information Security & Cryptology
    • /
    • v.27 no.4
    • /
    • pp.811-820
    • /
    • 2017
  • Software automatic technology research recently focuses not only on generating a single path test-case, but also on finding an optimized path to reach the vulnerability through various test-cases. Although Dynamic Symbolic Execution (DSE) technology is popular among these automatic technologies, most DSE technology researches apply only to Linux binaries or specific modules themselves. However, most software are vulnerable based on input files. Therefore, this paper proposes an input file based dynamic symbolic execution method for software vulnerability verification. As a result of applying it to three kinds of actual binary software, it was possible to create a test-case effectively reaching the corresponding point through the proposed method. This demonstrates that DSE technology can be used to automate the analysis of actual software.

Automated Method for Detecting Use-After-Free Vulnerability of Windows System Calls Using Dynamic Symbolic Execution (동적 기호 실행을 이용한 윈도우 시스템 콜 Use-After-Free 취약점 자동 탐지 방법)

  • Kang, Sangyong;Lee, Gwonwang;Noh, Bongnam
    • Journal of the Korea Institute of Information Security & Cryptology
    • /
    • v.27 no.4
    • /
    • pp.803-810
    • /
    • 2017
  • Recently, social security problems have been caused by the development of the software industry, and a variety of automation techniques have been used to verify software stability. In this paper, we propose a method of automatically detecting a use-after-free vulnerability on Windows system calls using dynamic symbolic execution, one of the software testing methods. First, a static analysis based pattern search is performed to select a target point. Based on the detected pattern points, we apply an induced path search technique that blocks branching to areas outside of interest. Through this, we overcome limitations of existing dynamic symbolic performance technology and verify whether vulnerability exists at actual target point. As a result of applying the proposed method to the Windows system call, it is confirmed that the use-after-free vulnerability, which had previously to be manually analyzed, can be detected by the proposed automation technique.

Graph based Binary Code Execution Path Exploration Platform for Dynamic Symbolic Execution (동적 기호 실행을 이용한 그래프 기반 바이너리 코드 실행 경로 탐색 플랫폼)

  • Kang, Byeongho;Im, Eul Gyu
    • Journal of the Korea Institute of Information Security & Cryptology
    • /
    • v.24 no.3
    • /
    • pp.437-444
    • /
    • 2014
  • In this paper, we introduce a Graph based Binary Code Execution Path Exploration Platform. In the graph, a node is defined as a conditional branch instruction, and an edge is defined as the other instructions. We implemented prototype of the proposed method and works well on real binary code. Experimental results show proposed method correctly explores execution path of target binary code. We expect our method can help Software Assurance, Secure Programming, and Malware Analysis more correct and efficient.

Automated Method for Detecting OOB Vulnerability of Heap Memory Using Dynamic Symbolic Execution (동적 기호 실행을 이용한 힙 메모리 OOB 취약점 자동 탐지 방법)

  • Kang, Sangyong;Park, Sunghyun;Noh, Bongnam
    • Journal of the Korea Institute of Information Security & Cryptology
    • /
    • v.28 no.4
    • /
    • pp.919-928
    • /
    • 2018
  • Out-Of-Bounds (OOB) is one of the most powerful vulnerabilities in heap memory. The OOB vulnerability allows an attacker to exploit unauthorized access to confidential information by tricking the length of the array and reading or writing memory of that length. In this paper, we propose a method to automatically detect OOB vulnerabilities in heap memory using dynamic symbol execution and shadow memory table. First, a shadow memory table is constructed by hooking heap memory allocation and release function. Then, when a memory access occurs, it is judged whether OOB can occur by referencing the shadow memory, and a test case for causing a crash is automatically generated if there is a possibility of occurrence. Using the proposed method, if a weak block search is successful, it is possible to generate a test case that induces an OOB. In addition, unlike traditional dynamic symbol execution, exploitation of vulnerabilities is possible without setting clear target points.

Automated Unit-test Generation for Detecting Vulnerabilities of Android Kernel Modules (안드로이드 커널 모듈 취약점 탐지를 위한 자동화된 유닛 테스트 생성 기법)

  • Kim, Yunho;Kim, Moonzoo
    • Journal of KIISE
    • /
    • v.44 no.2
    • /
    • pp.171-178
    • /
    • 2017
  • In this study, we propose an automated unit test generation technique for detecting vulnerabilities of Android kernel modules. The technique automatically generates unit test drivers/stubs and unit test inputs for each function of Android kernel modules by utilizing dynamic symbolic execution. To reduce false alarms caused by function pointers and missing pre-conditions of automated unit test generation technique, we develop false alarm reduction techniques that match function pointers by utilizing static analysis and generate pre-conditions by utilizing def-use analysis. We showed that the proposed technique could detect all existing vulnerabilities in the three modules of Android kernel 3.4. Also, the false alarm reduction techniques removed 44.9% of false alarms on average.

A Fuzzing Seed Generation Technique Using Natural Language Processing Model (자연어 처리 모델을 활용한 퍼징 시드 생성 기법)

  • Kim, DongYonug;Jeon, SangHoon;Ryu, MinSoo;Kim, Huy Kang
    • Journal of the Korea Institute of Information Security & Cryptology
    • /
    • v.32 no.2
    • /
    • pp.417-437
    • /
    • 2022
  • The quality of the fuzzing seed file is one of the important factors to discover vulnerabilities faster. Although the prior seed generation paradigm, using dynamic taint analysis and symbolic execution techniques, enhanced fuzzing efficiency, the yare not extensively applied owing to their high complexity and need for expertise. This study proposed the DDRFuzz system, which creates seed files based on sequence-to-sequence models. We evaluated DDRFuzz on five open-source applications that used multimedia input files. Following experimental results, DDRFuzz showed the best performance compared with the state-of-the-art studies in terms of fuzzing efficiency.

Symbolic computation and differential quadrature method - A boon to engineering analysis

  • Rajasekaran, S.
    • Structural Engineering and Mechanics
    • /
    • v.27 no.6
    • /
    • pp.713-739
    • /
    • 2007
  • Nowadays computers can perform symbolic computations in addition to mere number crunching operations for which they were originally designed. Symbolic computation opens up exciting possibilities in Structural Mechanics and engineering. Classical areas have been increasingly neglected due to the advent of computers as well as general purpose finite element software. But now, classical analysis has reemerged as an attractive computer option due to the capabilities of symbolic computation. The repetitive cycles of simultaneous - equation sets required by the finite element technique can be eliminated by solving a single set in symbolic form, thus generating a truly closed-form solution. This consequently saves in data preparation, storage and execution time. The power of Symbolic computation is demonstrated by six examples by applying symbolic computation 1) to solve coupled shear wall 2) to generate beam element matrices 3) to find the natural frequency of a shear frame using transfer matrix method 4) to find the stresses of a plate subjected to in-plane loading using Levy's approach 5) to draw the influence surface for deflection of an isotropic plate simply supported on all sides 6) to get dynamic equilibrium equations from Lagrange equation. This paper also presents yet another computationally efficient and accurate numerical method which is based on the concept of derivative of a function expressed as a weighted linear sum of the function values at all the mesh points. Again this method is applied to solve the problems of 1) coupled shear wall 2) lateral buckling of thin-walled beams due to moment gradient 3) buckling of a column and 4) static and buckling analysis of circular plates of uniform or non-uniform thickness. The numerical results obtained are compared with those available in existing literature in order to verify their accuracy.

Automated Test Data Generation for Dynamic Branch Coverage (동적 분기 커버리지를 위한 테스트 데이터 자동 생성)

  • Chung, In Sang
    • KIPS Transactions on Software and Data Engineering
    • /
    • v.2 no.7
    • /
    • pp.451-460
    • /
    • 2013
  • In order to achieve high test coverage, it is usual to generate test data using various techniques including symbolic execution, data flow analysis or constraints solving. Recently, a technique for automated test data generation that fulfills high coverage effectively without those sophisticated means has been proposed. However, the technique shows its weakness in the generation of test data that leads to high coverage for programs having branch conditions where different memory locations are binded during execution. For certain programs with flag conditions, in particular, high coverage can not be achieved because specific branches are not executed. To address the problem, this paper presents dynamic branch coverage criteria and a test data generation technique based on the notion of dynamic branch. It is shown that the proposed technique compared to the previous approach is more effective by conducting experiments involving programs with flag conditions.

Automated Test Data Generation Based on Branch Coverage for Testing C Programs (C 프로그램을 테스팅하기 위한 분기 커버리지에 기반을 둔 자동 테스트 데이터 생성)

  • Chung, In-Sang
    • The Journal of the Korea Contents Association
    • /
    • v.12 no.11
    • /
    • pp.39-48
    • /
    • 2012
  • It is well known that software testing amounts for a significant portion of software development cost. In order to reduce the cost of software testing. a lot of researches on automated test data generation have been performed. Sophisticated tools for performing symbolic execution or solving a system of path constraints are required to support automated test data generation. Developing or purchasing those tools leads to another factor of increasing the cost involving software testing. In this paper, we propose a dynamic test data generation approach that does not depend on symbolic execution or constraint solving at all. The proposed approach extends Korel's path-oriented method to satisfy the branch coverage criterion effectively. We conducted an experiment to evaluate the effectiveness of the proposed technique with a triangle classification program to show that branch coverage can be easily achieved.

Translation Java Bytecode to EVM SIL Code for Embedded Virtual Machines

  • Lee, Yang-Sun;Park, Jin-Ki
    • Journal of Korea Multimedia Society
    • /
    • v.8 no.12
    • /
    • pp.1658-1668
    • /
    • 2005
  • This paper presents the bytecode-to-SIL translator which enables the execution of the java program in EVM(Embedded Virtual Machine) environment without JVM(java Virtual Machine), translating bytecodes produced by compiling java programs into SIL(Standard Intermediate Language) codes. EVM, what we are now developing, is a virtual machine solution that can download and execute dynamic application programs written in sequential languages like C language as well as object oriented languages such as C#, Java, etc. EVM is a virtual machine mounted on embedded systems such as mobile device, set-top box, or digital TV, and converts the application program into SIL, an assembly language symbolic form, and execute it. SIL is a virtual machine code for embedded systems, based on the analysis of existing virtual machine codes such as bytecode, MSIL, etc. SIL has such features as to accommodate various programming languages, and in particularly has an operation code set to accept both object-oriented languages and sequential languages. After compiling, a program written in java language is converted to bytecode, and also executed by JVM platform but not in other platform such as .NET, EVM platform. For this reason, we designed and implemented the bytecode-to-SIL translator system for programs written in java language to be executed in the EVM platform without JVM. This work improves the execution speed of programs, enhances the productivity, and provides an environment for programmers to execute application programs at various platforms.

  • PDF