DASE: Document-Assisted Symbolic Execution for Improving Automated Software Testing

Wong, Edmund; Zhang, Lei; Wang, Song; Liu, Taiyue; Tan, Lin

doi:10.1109/icse.2015.78

Cited by 24 publications

(21 citation statements)

References 56 publications

Supporting

Mentioning

Contrasting

Order By: Relevance

“…Note that our coverage results for klee are different from klee's paper. As discussed and reported in previous works [12,41], the coverage differences are mainly due to the major code changes of klee, an architecture change from 32-bit to 64-bit, and whether manual system call failures are introduced. angr shares the same limitation as klee requiring to maintain multiple states and provide models for execution environment, while it shares the disadvantage of crete in having no access to semantics information.…”

Section: Discussionmentioning

confidence: 67%

“…In this section, we present the evaluation results of crete from its application to GNU Coreutils [38] [5,12,41]. This is why we chose it as the benchmark to compare with klee and angr.…”

Section: Discussionmentioning

confidence: 99%

“…We set the timeout for crete as 15 min in this experiment. This timeout strategy was also used by DASE [41] for its evaluation on Coreutils. We conduct our experiments on an Intel Core i7-3770 3.40 GHz CPU desktop with 16 GB memory running 64-bit Ubuntu 14.04.5.…”

Section: Discussionmentioning

confidence: 99%

See 2 more Smart Citations

CRETE: A Versatile Binary-Level Concolic Testing Framework

Chen

Havlicek²,

Yang³

et al. 2018

Fundamental Approaches to Software Engineering

View full text Add to dashboard Cite

In this paper, we present crete, a versatile binary-level concolic testing framework, which features an open and highly extensible architecture allowing easy integration of concrete execution frontends and symbolic execution engine backends. crete's extensibility is rooted in its modular design where concrete and symbolic execution is loosely coupled only through standardized execution traces and test cases. The standardized execution traces are llvm-based, self-contained, and composable, providing succinct and sufficient information for symbolic execution engines to reproduce the concrete executions. We have implemented crete with klee as the symbolic execution engine and multiple concrete execution frontends such as qemu and 8051 Emulator. We have evaluated the effectiveness of crete on GNU Coreutils programs and TianoCore utility programs for UEFI BIOS. The evaluation of Coreutils programs shows that crete achieved comparable code coverage as klee directly analyzing the source code of Coreutils and generally outperformed angr. The evaluation of TianoCore utility programs found numerous exploitable bugs that were previously unreported.

show abstract

Section: Discussionmentioning

confidence: 67%

“…In this section, we present the evaluation results of crete from its application to GNU Coreutils [38] [5,12,41]. This is why we chose it as the benchmark to compare with klee and angr.…”

Section: Discussionmentioning

confidence: 99%

See 1 more Smart Citation

CRETE: A Versatile Binary-Level Concolic Testing Framework

Chen

Havlicek²,

Yang³

et al. 2018

Fundamental Approaches to Software Engineering

View full text Add to dashboard Cite

show abstract

“…Wiederseiner [65] uses "elfdump" to generates the symbol table of the code-base and source code line data of the ELF file. Wong [66] uses "elfdump", "objdump" and "readelf" to extract 2 This work is licensed under a Creative Commons Attribution 4.0 License. For more information, see https://creativecommons.org/licenses/by/4.0/.…”

Section: A Overviewmentioning

confidence: 99%

V-Sandbox for Dynamic Analysis IoT Botnet

Ngo

2020

IEEE Access

View full text Add to dashboard Cite

With the increasing use of resource-constrained IoT devices, the number of IoT Botnets has exploded with many variations and ways of penetration. Nowadays, studies based on machine learning and deep learning have focused on dealing with IoT Botnet with many successes, and these studies have required relevant data during malware execution. For this, the sandbox environment and behavior collection tools play an essential role. However, the existing sandboxes do not provide adequate behavior data of IoT botnet such as the C&C server communication, shared libraries requirements. Moreover, these sandboxes do not support a wide range of CPU architectures, data is not exhaustively collected during executable file runtime. In this paper, we present a new practical sandbox, named V-Sandbox, for dynamic analysis of the IoT Botnet. This sandbox is an ideal environment for IoT Botnet samples that exhibit all of their malicious behavior. It supports the C&C servers connection, shared libraries for dynamic files, and a wide range of CPU architectures. Experimental results on the 6141 IoT Botnet samples in our dataset have demonstrated the effectiveness of the proposed sandbox, compared to existing ones. The contribution of this paper is specific to the development of a usable, efficient sandbox for dynamic analysis of resource-constrained IoT devices.

show abstract

“…Previous work has applied NLP techniques to related problems. WHYPER (Pandita et al 2013) and DASE (Wong et al 2015) apply NLP techniques to identify sentences that describe the need for a given permission in a mobile application description and extract command-line input constraints from manual pages, respectively. The work in (Witte et al 2008) used documentation and source code to create an ontology allowing the cross-linking of software artifacts represented in code and natural language on a semantic level.…”

Section: Related Workmentioning

confidence: 99%

Leveraging Textual Specifications for Grammar-Based Fuzzing of Network Protocols

Jero¹,

Pacheco²,

Goldwasser³

et al. 2019

AAAI

View full text Add to dashboard Cite

Grammar-based fuzzing is a technique used to find software vulnerabilities by injecting well-formed inputs generated following rules that encode application semantics. Most grammar-based fuzzers for network protocols rely on human experts to manually specify these rules. In this work we study automated learning of protocol rules from textual specifications (i.e. RFCs). We evaluate the automatically extracted protocol rules by applying them to a state-of-the-art fuzzer for transport protocols and show that it leads to a smaller number of test cases while finding the same attacks as the system that uses manually specified rules.

show abstract

DASE: Document-Assisted Symbolic Execution for Improving Automated Software Testing

Cited by 24 publications

References 56 publications

CRETE: A Versatile Binary-Level Concolic Testing Framework

CRETE: A Versatile Binary-Level Concolic Testing Framework

V-Sandbox for Dynamic Analysis IoT Botnet

Leveraging Textual Specifications for Grammar-Based Fuzzing of Network Protocols

Contact Info

Product

Resources

About