For Libraries For Publication Open Access Downloads About Us Contact Us
Paper Titles
Using Time Reachability Tree Logic to Specifying and Verifying Temporal Behavior of Workflow-Net
p.528
A Practical Method for Software Encryption
p.535
Directed Fuzzing Based on Dynamic Taint Analysis for Binary Software
p.539
Scheme Design of Mobile Phone Campus GIS System Basing on the Windows Phone Platform
p.546
Software Vulnerabilities Detection Based on Random Programming
p.553
Research on Tibetan Localization Based on Android
p.559
The Selection and Study of HA Cluster Software Design
p.567
Efficiently Subtree Matching between XML and Probabilistic XML Documents
p.575
Evaluation of B+-Tree and CSB+-Tree in Main Memory Database
p.580

Software Vulnerabilities Detection Based on Random Programming

Article Preview

Abstract:

Despite many automatic vulnerability detection approaches have been well documented, existing solutions for discovering software vulnerabilities in binary software are still difficult and time consuming. In this paper we present an approach based on random programming that works to quickly discover vulnerability in programmable binary software. By extracting the code snippets for special features and fixed API usages, we can get a set of original functional templates, and then we randomize the mutable factors in those templates. After that we reasonably make combination of those templates to produce final test templates. Finally, by concretizing the random factors we execute those test templates and monitor the software be tested to discover vulnerabilities. By template programming we can produce more reasonable test case, which makes our approach more effective than other solutions.

You might also be interested in these eBooks
Computers and Information Processing Technologies I View Preview

Info:

Periodical:

Applied Mechanics and Materials (Volumes 571-572)

Pages:

553-558

DOI:

https://doi.org/10.4028/www.scientific.net/AMM.571-572.553

Citation:

Cite this paper

Online since:

June 2014

Authors:

Bo Wu*, Meng Jun Li, Bin Zhang, Chao Feng, Quan Zhang, Chao Jing Tang

Keywords:

Random Programming, Software Vulnerability, Template Programming, Vulnerability Detection

Export:

RIS, BibTeX

Price:

Permissions CCC:

Request Permissions

Permissions PLS:

Request Permissions

Сopyright:

© 2014 Trans Tech Publications Ltd. All Rights Reserved

Share:

Citation:

* - Corresponding Author

References

[1] Kelly S. Memory Leak Detection via Static Analysis & Novel AST Traversal Optimizations for the ROSE Compiler[J]. (2013).

Google Scholar

[2] Savitskii V O, Sidorov D V. Fast analysis of source code in C and C++[J]. Programming and Computer Software, 2013, 39(1): 49-55.

DOI: 10.1134/s0361768813010064

Google Scholar

[3] Song D, Brumley D, Yin H, et al. BitBlaze: Binary Analysis for Computer Security[J]. (2013).

Google Scholar

[4] Brumley D, Cha S K, Avgerinos T, et al. Detecting exploitable bugs in binary code: U.S. Patent Application 13/898, 824[P]. 2013-5-21.

Google Scholar

[5] Godefroid P, Levin M Y, Molnar D. Sage: Whitebox fuzzing for security testing[J]. Queue, 2012, 10(1): 20.

DOI: 10.1145/2090147.2094081

Google Scholar

[6] Cadar C, Sen K. Symbolic execution for software testing: three decades later[J]. Communications of the ACM, 2013, 56(2): 82-90.

DOI: 10.1145/2408776.2408795

Google Scholar

[7] V. Chipounov, V. Kuznetsov, and G. Candea. S2E: a platform for in-vivo multi-path analysis of software systems. In Sixteenth International Conference on Architecture Support for Programming Languages and Operating Systems (ASPLOS '11), pages 265–278, (2011).

DOI: 10.1145/1950365.1950396

Google Scholar

[8] V Chipounov, V Kuznetsov, G Candea. The s2e platform: Design, implementation, and applications[J]. ACM Transactions on Computer Systems (TOCS), 2012, 30(1): 2.

DOI: 10.1145/2110356.2110358

Google Scholar

[9] Schwartz E J, Avgerinos T, Brumley D. All you ever wanted to know about dynamic taint analysis and forward symbolic execution [C]. Security and Privacy (SP), 2010 IEEE Symposium on. IEEE, 2010: 317-331.

DOI: 10.1109/sp.2010.26

Google Scholar

[10] Browsers Standards: http: /www. w3. org/standards/agents/browsers.

Google Scholar

[11] IE Developer Tools: http: /msdn. microsoft. com/en-us/library/dd565625%28v=vs. 85%29. aspx.

Google Scholar

[12] JavaScript Development Tools Debug: http: /www. eclipse. org/webtools/jsdt/debug.

Google Scholar

[13] Debugging Ref: http: /msdn. microsoft. com/en-us/library/windows/desktop/ms679304. aspx.

Google Scholar

© 2025 Trans Tech Publications Ltd. All rights are reserved, including those for text and data mining, AI training, and similar technologies. For open access content, terms of the Creative Commons licensing CC-BY are applied.
Scientific.Net is a registered trademark of Trans Tech Publications Ltd.