Abstract
Vulnerabilities are one of the major threats to software security. Usually, they are hunted by security experts via manual code audits, or with some automated tools like fuzzers (e.g., [1, 5, 12]) and symbolic execution (e.g., [4, 7, 10, 13]), which can provide concrete inputs to trigger and validate the vulnerabilities. As fuzzy static scanners usually flag a list of potential vulnerable codes or functions with high rate of false positive, we deem them in the spectrum of attack surface identification approaches. The scalability of symbolic execution is extremely restricted by the path exploration problem and solver capability, which makes it not a preferable choice for large scale vulnerability detection. Coverage-based undirected fuzzing is hardly scalable and effective in general due to the large size of the program and the lack of good seeds to trigger various behaviors or executions. Faced with the fact that all existing static and dynamic detection tools are concerned with the trade-off problem between scalability and precision, a generic and scalable vulnerability detection platform is desirable.
This is a preview of subscription content, log in via an institution to check access.
Access this chapter
Tax calculation will be finalised at checkout
Purchases are for personal use only
References
American fuzzy lop. http://lcamtuf.coredump.cx/afl/ (2017)
Leopard. https://sites.google.com/site/leopardsite2017/ (2017)
FOT. https://sites.google.com/view/fot-the-fuzzer (2018)
Babić, D., Martignoni, L., McCamant, S., Song, D.: Statically-directed dynamic automated test generation. In: ISSTA, pp. 12–22 (2011)
Böhme, M., Pham, V.T., Nguyen, M.D., Roychoudhury, A.: Directed greybox fuzzing. In: CCS, pp. 2329–2344 (2017)
Cai, Y., Xiao, L., Kazman, R., Mo, R., Feng, Q.: Design rule spaces: a new model for representing and analyzing software architecture. TSE (2018)
Cha, S.K., Woo, M., Brumley, D.: Program-adaptive mutational fuzzing. In: SP, pp. 725–741 (2015)
Chen, H., et al.: Hawkeye: towards a desired directed grey-box fuzzer. In: CCS (2018)
Feng, Q., Kazman, R., Cai, Y., Mo, R., Xiao, L.: Towards an architecture-centric approach to security analysis. In: WICSA, pp. 221–230 (2016)
Godefroid, P., Levin, M.Y., Molnar, D.A.: Automated whitebox fuzz testing. In: NDSS (2008)
Malhotra, R.: A systematic review of machine learning techniques for software fault prediction. Appl. Soft Comput. 27(C), 504–518 (2015)
Rawat, S., Jain, V., Kumar, A., Cojocar, L., Giuffrida, C., Bos, H.: Vuzzer: application-aware evolutionary fuzzing. In: NDSS (2017)
Stephens, N., et al.: Driller: augmenting fuzzing through selective symbolic execution. In: NDSS (2016)
Vanegue, J., Lahiri, S.K.: Towards practical reactive security audit using extended static checkers. In: SP, pp. 33–47 (2013)
Yamaguchi, F., Golde, N., Arp, D., Rieck, K.: Modeling and discovering vulnerabilities with code property graphs. In: SP, pp. 590–604 (2014)
Yamaguchi, F., Wressnegger, C., Gascon, H., Rieck, K.: Chucky: exposing missing checks in source code for vulnerability discovery. In: CCS, pp. 499–510 (2013)
Zimmermann, T., Nagappan, N., Williams, L.: Searching for a needle in a haystack: predicting security vulnerabilities for windows vista. In: ICST, pp. 421–428 (2010)
Author information
Authors and Affiliations
Corresponding author
Editor information
Editors and Affiliations
Rights and permissions
Copyright information
© 2018 Springer Nature Switzerland AG
About this paper
Cite this paper
Du, X. (2018). Towards Building a Generic Vulnerability Detection Platform by Combining Scalable Attacking Surface Analysis and Directed Fuzzing. In: Sun, J., Sun, M. (eds) Formal Methods and Software Engineering. ICFEM 2018. Lecture Notes in Computer Science(), vol 11232. Springer, Cham. https://doi.org/10.1007/978-3-030-02450-5_36
Download citation
DOI: https://doi.org/10.1007/978-3-030-02450-5_36
Published:
Publisher Name: Springer, Cham
Print ISBN: 978-3-030-02449-9
Online ISBN: 978-3-030-02450-5
eBook Packages: Computer ScienceComputer Science (R0)