TY - GEN
T1 - CRAXfuzz
T2 - 39th IEEE Annual Computer Software and Applications Conference, COMPSAC 2015
AU - Yeh, Chao Chun
AU - Chung, Hsiang
AU - Huang, Shih-Kun
N1 - Publisher Copyright:
© 2015 IEEE.
PY - 2015/9/21
Y1 - 2015/9/21
N2 - Vulnerabilities are caused by implementation bugs, such as buffer overflow, integer overflow, uncontrolled format strings, and command injection flaws. They are often exploited to intrude software systems. In order to reduce software bugs, testing techniques are proposed. The recent technique to discover security-related bugs is fuzz testing. However, traditional fuzzers can only find bugs when program exceptions, especially crashes, raised. Some security threats may pass these tests due to insufficient code coverage. In this paper, we introduce a software testing framework based on symbolic execution using S2E, a whole system symbolic execution engine. When a program executes our pre-defined security sensitive functions, such as malloc, strcpy or printf, our framework will initiate a triage process. The process will determine whether any related security vulnerabilities would possibly occur in these functions automatically. We successfully and efficiently reproduce 12 previously known vulnerabilities from normal input data within 100 seconds for large applications such as Tiff, VIM, and MPlayer. Our tool can help developers locate bugs faster, and improve the efficiency of software quality maintenance.
AB - Vulnerabilities are caused by implementation bugs, such as buffer overflow, integer overflow, uncontrolled format strings, and command injection flaws. They are often exploited to intrude software systems. In order to reduce software bugs, testing techniques are proposed. The recent technique to discover security-related bugs is fuzz testing. However, traditional fuzzers can only find bugs when program exceptions, especially crashes, raised. Some security threats may pass these tests due to insufficient code coverage. In this paper, we introduce a software testing framework based on symbolic execution using S2E, a whole system symbolic execution engine. When a program executes our pre-defined security sensitive functions, such as malloc, strcpy or printf, our framework will initiate a triage process. The process will determine whether any related security vulnerabilities would possibly occur in these functions automatically. We successfully and efficiently reproduce 12 previously known vulnerabilities from normal input data within 100 seconds for large applications such as Tiff, VIM, and MPlayer. Our tool can help developers locate bugs faster, and improve the efficiency of software quality maintenance.
KW - Fuzz testing
KW - Software testing
KW - Symbolic execution
KW - Vulnerability
UR - http://www.scopus.com/inward/record.url?scp=84962148490&partnerID=8YFLogxK
U2 - 10.1109/COMPSAC.2015.99
DO - 10.1109/COMPSAC.2015.99
M3 - Conference contribution
AN - SCOPUS:84962148490
T3 - Proceedings - International Computer Software and Applications Conference
SP - 460
EP - 471
BT - Proceedings - 2015 IEEE 39th Annual Computer Software and Applications Conference, COMPSAC 2015
A2 - Huang, Gang
A2 - Yang, Jingwei
A2 - Ahamed, Sheikh Iqbal
A2 - Hsiung, Pao-Ann
A2 - Chang, Carl K.
A2 - Chu, William
A2 - Crnkovic, Ivica
PB - IEEE Computer Society
Y2 - 1 July 2015 through 5 July 2015
ER -