Abstract
Software vulnerability detection is one of the most important methods for guaranteeing software security. Two main classes of methods can detect vulnerabilities in binary files: white-box testing and black-box testing. The former needs to construct and solve path constraints to detect vulnerabilities. It has two main drawbacks: path exploding and complexity of constraints. The latter often aimlessly exhausts various inputs to test binary files. This paper combines both testing methods to detect vulnerabilities in binary files. By analyzing the input elements that affect check condition corresponding to a certain check point, we can generate one class of inputs that get to the check point to increase fuzzing efficiency. By analyzing the relationship between guard conditions and check condition, the redundant check points are removed. Colorful taint analysis method (CTAM) is proposed to compute guard conditions, which is more efficient than traditional taint analysis method (TTAM). We implemented a prototype and made several experiments on it. The results showed that our method could increase the efficiency of black-box testing.
Similar content being viewed by others
References
Godefroid P, Levin M Y, Molnar D. Automated whitebox fuzz testing. In: Proceedings of the 16th Annual Network and Distributed System Security Symposium. Virginia: Internet Society, 2008
Linn C, Debray S. Obfuscation of executable code to improve resistance to static disassembly. In: Proceedings of the 10th ACM Conference on Computer and Communications Security. New York: ACM, 2003. 290–299
Cadar C, Ganesh V, Pawlowski P M, et al. EXE: automatically generating inputs of death. In: Proceedings of the 13th ACM Conference on Computer and Communications Security. New York: ACM, 2006. 322–335
Molnar D A, Wagner D. Catchconv: Symbolic Execution and Run-Time Type Inference for Integer Conversion Errors. Technical Report UCB/EECS-2007-23. 2007
Ghosh A K, O’Connor T, McGraw G. Automated approach for identifying potential vulnerabilities in software. In: Proceedings of the IEEE Symposium on Security and Privacy, 1998. 104–114
Sutton M, Greene A, Amini P. Fuzzing: Brute Force Vulnerability Discovery. Massachusetts: Addison-Wesley Professional, 2007
Godefroid P, Kiezun A, Levin M Y. Grammar-based whitebox fuzzing. In: Proceedings of the 2008 ACM SIGPLAN Conference on Programming Language Design and Implementation. New York: ACM, 2008. 206–215
Wagner D, Foster J, Brewer E, et al. A first step towards automated detection of buffer overrun vulnerabilities. In: Proceedings of the 2000 Network and Distributed Security Symposium, ISOC, 2000. 3–17
Evans D, Larochelle D. Improving security using extensible lightweight static analysis. IEEE Softw, 2002, 19: 42–51
Shankar U, Talwar K, Foster J S, et al. Detecting format string vulnerabilities with type qualifiers. In: Proceedings of the 10th USENIX Security Symposium. Berkeley: USENIX Association, 2001. 201–216
Cova M, Felmetsger V, Banks G, et al. Static detection of vulnerabilities in x86 executables. In: Proceedings of the Annual Computer Security Applications Conference. Washington: IEEE Computer Society, 2006. 269–278
Xie Y, Aiken A. Saturn: a SAT-based tool for bug detection. In: Proceedings of 17th International Conference of Computer Aided Verification. Berlin: Springer, 2005. 139–143
Ganesh V, Leek T, Rinard M. Taint-based directed whitebox fuzzing. In: Proceedings of 31st International Conference on Software Engineering. Washington: IEEE Computer Society, 2009. 474–484
Newsome J, Song D. Dynamic taint analysis for automatic detection, analysis, and signature generation of exploits on commodity software. In: Proceedings of the 12th Annual Network and Distributed System Security Symposium, 2005
Akritidis P, Cadar C, Raiciu C, et al. Preventing memory error exploits with WIT. In: Proceedings of the IEEE Symposium on Security and Privacy. Washington: IEEE Computer Society, 2008. 263–277
Dimitrov M, Zhou H. Anomaly-based bug prediction, isolation, and validation: an automated approach for software debugging. In: Proceeding of the 14th International Conference on Architectural Support for Programming Languages and Operating Systems. New York: ACM, 2009. 61–72
Gegick M, Rotella P, Williams L. Predicting attack-prone components. In: Proceedings of the 2009 International Conference on Software Testing Verification and Validation. Washington: IEEE Computer Society, 2009. 181–190
Jiang Y, Cuki B, Menzies T, et al. Comparing design and code metrics for software quality prediction. In: Proceedings of the 4th International Workshop on Predictor Models in Software Engineering. New York: ACM, 2008. 11–18
Weiser M. Program slicing. IEEE Trans Softw Engin, 1984, 10: 352–357
Ferrante J, Ottenstein K J, Warren J D. The program dependence graph and its use in optimization. ACM Trans Progr Languag Syst, 1987, 9: 319–349
Zhang Y Z. A novel formal approach to program slicing. Sci China Ser F-Inf Sci, 2007, 50: 657–670
Author information
Authors and Affiliations
Corresponding author
Rights and permissions
About this article
Cite this article
Chen, K., Feng, D., Su, P. et al. Black-box testing based on colorful taint analysis. Sci. China Inf. Sci. 55, 171–183 (2012). https://doi.org/10.1007/s11432-011-4291-y
Received:
Accepted:
Published:
Issue Date:
DOI: https://doi.org/10.1007/s11432-011-4291-y