Skip to main content
SpringerLink
Log in

Black-box testing based on colorful taint analysis

  • Research Paper
  • Published:
Science China Information Sciences Aims and scope Submit manuscript

Abstract

Software vulnerability detection is one of the most important methods for guaranteeing software security. Two main classes of methods can detect vulnerabilities in binary files: white-box testing and black-box testing. The former needs to construct and solve path constraints to detect vulnerabilities. It has two main drawbacks: path exploding and complexity of constraints. The latter often aimlessly exhausts various inputs to test binary files. This paper combines both testing methods to detect vulnerabilities in binary files. By analyzing the input elements that affect check condition corresponding to a certain check point, we can generate one class of inputs that get to the check point to increase fuzzing efficiency. By analyzing the relationship between guard conditions and check condition, the redundant check points are removed. Colorful taint analysis method (CTAM) is proposed to compute guard conditions, which is more efficient than traditional taint analysis method (TTAM). We implemented a prototype and made several experiments on it. The results showed that our method could increase the efficiency of black-box testing.

This is a preview of subscription content, log in via an institution to check access.

Access this article

Log in via an institution

Price excludes VAT (USA)
Tax calculation will be finalised during checkout.

Instant access to the full article PDF.

Institutional subscriptions

Similar content being viewed by others

References

  1. Godefroid P, Levin M Y, Molnar D. Automated whitebox fuzz testing. In: Proceedings of the 16th Annual Network and Distributed System Security Symposium. Virginia: Internet Society, 2008

    Google Scholar 

  2. Linn C, Debray S. Obfuscation of executable code to improve resistance to static disassembly. In: Proceedings of the 10th ACM Conference on Computer and Communications Security. New York: ACM, 2003. 290–299

    Chapter  Google Scholar 

  3. Cadar C, Ganesh V, Pawlowski P M, et al. EXE: automatically generating inputs of death. In: Proceedings of the 13th ACM Conference on Computer and Communications Security. New York: ACM, 2006. 322–335

    Chapter  Google Scholar 

  4. Molnar D A, Wagner D. Catchconv: Symbolic Execution and Run-Time Type Inference for Integer Conversion Errors. Technical Report UCB/EECS-2007-23. 2007

  5. Ghosh A K, O’Connor T, McGraw G. Automated approach for identifying potential vulnerabilities in software. In: Proceedings of the IEEE Symposium on Security and Privacy, 1998. 104–114

  6. Sutton M, Greene A, Amini P. Fuzzing: Brute Force Vulnerability Discovery. Massachusetts: Addison-Wesley Professional, 2007

    Google Scholar 

  7. Godefroid P, Kiezun A, Levin M Y. Grammar-based whitebox fuzzing. In: Proceedings of the 2008 ACM SIGPLAN Conference on Programming Language Design and Implementation. New York: ACM, 2008. 206–215

    Chapter  Google Scholar 

  8. Wagner D, Foster J, Brewer E, et al. A first step towards automated detection of buffer overrun vulnerabilities. In: Proceedings of the 2000 Network and Distributed Security Symposium, ISOC, 2000. 3–17

  9. Evans D, Larochelle D. Improving security using extensible lightweight static analysis. IEEE Softw, 2002, 19: 42–51

    Article  Google Scholar 

  10. Shankar U, Talwar K, Foster J S, et al. Detecting format string vulnerabilities with type qualifiers. In: Proceedings of the 10th USENIX Security Symposium. Berkeley: USENIX Association, 2001. 201–216

    Google Scholar 

  11. Cova M, Felmetsger V, Banks G, et al. Static detection of vulnerabilities in x86 executables. In: Proceedings of the Annual Computer Security Applications Conference. Washington: IEEE Computer Society, 2006. 269–278

    Google Scholar 

  12. Xie Y, Aiken A. Saturn: a SAT-based tool for bug detection. In: Proceedings of 17th International Conference of Computer Aided Verification. Berlin: Springer, 2005. 139–143

    Chapter  Google Scholar 

  13. Ganesh V, Leek T, Rinard M. Taint-based directed whitebox fuzzing. In: Proceedings of 31st International Conference on Software Engineering. Washington: IEEE Computer Society, 2009. 474–484

    Google Scholar 

  14. Newsome J, Song D. Dynamic taint analysis for automatic detection, analysis, and signature generation of exploits on commodity software. In: Proceedings of the 12th Annual Network and Distributed System Security Symposium, 2005

  15. Akritidis P, Cadar C, Raiciu C, et al. Preventing memory error exploits with WIT. In: Proceedings of the IEEE Symposium on Security and Privacy. Washington: IEEE Computer Society, 2008. 263–277

    Google Scholar 

  16. Dimitrov M, Zhou H. Anomaly-based bug prediction, isolation, and validation: an automated approach for software debugging. In: Proceeding of the 14th International Conference on Architectural Support for Programming Languages and Operating Systems. New York: ACM, 2009. 61–72

    Chapter  Google Scholar 

  17. Gegick M, Rotella P, Williams L. Predicting attack-prone components. In: Proceedings of the 2009 International Conference on Software Testing Verification and Validation. Washington: IEEE Computer Society, 2009. 181–190

    Chapter  Google Scholar 

  18. Jiang Y, Cuki B, Menzies T, et al. Comparing design and code metrics for software quality prediction. In: Proceedings of the 4th International Workshop on Predictor Models in Software Engineering. New York: ACM, 2008. 11–18

    Chapter  Google Scholar 

  19. Weiser M. Program slicing. IEEE Trans Softw Engin, 1984, 10: 352–357

    Article  Google Scholar 

  20. Ferrante J, Ottenstein K J, Warren J D. The program dependence graph and its use in optimization. ACM Trans Progr Languag Syst, 1987, 9: 319–349

    Article  MATH  Google Scholar 

  21. Zhang Y Z. A novel formal approach to program slicing. Sci China Ser F-Inf Sci, 2007, 50: 657–670

    Article  MATH  Google Scholar 

Download references

Author information

Authors and Affiliations

  1. State Key Laboratory of Information Security, Institute of Software, Chinese Academy of Science, Beijing, 100190, China

    Kai Chen, DengGuo Feng, PuRui Su & YingJun Zhang

  2. State Key Laboratory of Information Security, Graduate University of Chinese Academy of Sciences, Beijing, 100049, China

    Kai Chen & YingJun Zhang

  3. National Engineering Research Center of Information Security, Beijing, 100190, China

    Kai Chen & YingJun Zhang

Authors
  1. Kai Chen
    View author publications

    You can also search for this author in PubMed Google Scholar

  2. DengGuo Feng
    View author publications

    You can also search for this author in PubMed Google Scholar

  3. PuRui Su
    View author publications

    You can also search for this author in PubMed Google Scholar

  4. YingJun Zhang
    View author publications

    You can also search for this author in PubMed Google Scholar

Corresponding author

Correspondence to Kai Chen.

Rights and permissions

Reprints and permissions

About this article

Cite this article

Chen, K., Feng, D., Su, P. et al. Black-box testing based on colorful taint analysis. Sci. China Inf. Sci. 55, 171–183 (2012). https://doi.org/10.1007/s11432-011-4291-y

Download citation

  • Received:

  • Accepted:

  • Published:

  • Issue Date:

  • DOI: https://doi.org/10.1007/s11432-011-4291-y

Keywords

Search

Navigation