Map2Check: Using Symbolic Execution and Fuzzing

Rocha, Herbert; Menezes, Rafael; Cordeiro, Lucas C.; Barreto, Raimundo

doi:10.1007/978-3-030-45237-7_29

“…• FuSeBMC [26], [27]: This is a white-box fuzzer that injects labels into C programs and then use a combination of ESBMC and a path-based symbolic execution tool called Map2check [28] to find inputs that reach those labels (while checking for vulnerabilities).…”

Section: B Static Analysismentioning

confidence: 99%

Towards a Hybrid Approach to Protect Against Memory Safety Vulnerabilities

Bhayat¹,

Cordeiro²,

Reger³

et al. 2021

Preprint

0

View full text Add to dashboard Cite

Memory corruption bugs continue to plague low-level systems software generally written in unsafe programming languages. In order to detect and protect against such exploits, many pre- and post-deployment techniques exist. In this position paper, we propose and motivate the need for a hybrid approach for the protection against memory safety vulnerabilities, combining techniques that can identify the presence (and absence) of vulnerabilities pre-deployment with those that can detect and mitigate such vulnerabilities post-deployment. Our hybrid approach involves three layers: hardware runtime protection provided by capability hardware, software runtime protection provided by compiler instrumentation, and static analysis provided by bounded model checking and symbolic execution. The key aspect of the proposed hybrid approach is that the protection offered is greater than the sum of its parts -- the expense of post-deployment runtime checks is reduced via information obtained during pre-deployment analysis. During pre-deployment analysis, static checking can be guided by runtime information.

show abstract

“…• FuSeBMC [27], [28]: This is a white-box fuzzer that injects labels into C programs and then use a combination of ESBMC and a path-based symbolic execution tool called Map2check [29] to find inputs that reach those labels (while checking for vulnerabilities).…”

Section: B Static Analysismentioning

confidence: 99%

Towards a Hybrid Approach to Protect Against Memory Safety Vulnerabilities

Bhayat¹,

Cordeiro²,

Reger³

et al. 2021

Preprint

0

View full text Add to dashboard Cite

Memory corruption bugs continue to plague low-level systems software generally written in unsafe programming languages. In order to detect and protect against such exploits, many pre- and post-deployment techniques exist. In this position paper, we propose and motivate the need for a hybrid approach for the protection against memory safety vulnerabilities, combining techniques that can identify the presence (and absence) of vulnerabilities pre-deployment with those that can detect and mitigate such vulnerabilities post-deployment. Our hybrid approach involves three layers: hardware runtime protection provided by capability hardware, software runtime protection provided by compiler instrumentation, and static analysis provided by bounded model checking and symbolic execution. The key aspect of the proposed hybrid approach is that the protection offered is greater than the sum of its parts -- the expense of post-deployment runtime checks is reduced via information obtained during pre-deployment analysis. During pre-deployment analysis, static checking can be guided by runtime information.

show abstract

“…Another hybrid fuzzing tool is Map2check [88] which consists of fuzzing and SE. This tool also utilizes LLVM v6.0 [89] compiler techniques to examine C language-based programs.…”

Section: ) Instrumentationmentioning

confidence: 99%

“…Similar to the LibKluzzer, another CGHF known as Map2Check also uses LibFuzzer and KLEE. To easily explore "shallow" vulnerabilities, Map2Check [88] generates random data as a test-input for C-language programs, and KLEE examines the properties of safety in a new way. Furthermore, Map2Check leverages MetaSMTs such as Yices [155] and Boolector [156] as the SMT solver.…”

Section: ) Mutation-based Hybrid Fuzzersmentioning

confidence: 99%

See 1 more Smart Citation

Exploratory Review of Hybrid Fuzzing for Automated Vulnerability Detection

Rustamov

¹

,

Kim

²

,

Yu

³

et al. 2021

IEEE Access

3

0

View full text Add to dashboard Cite

Recently, software testing has become a significant component of information security. The most reliable technique for automated software testing is a fuzzing tool that feeds programs with random test-input and detects software vulnerabilities that are critical to security. Similarly, symbolic execution has gained the most attention as an efficient testing tool for producing smart test-inputs and discovering hardto-reach bugs using search-based heuristics and compositional approaches. The combination of fuzzing and symbolic execution makes software testing more efficient by mitigating the limitations in each other. Although several studies have been conducted on hybrid fuzzing in recent years, a comprehensive and consistent review of hybrid fuzzing techniques has not been explored. To add coherence to the extensive literature on hybrid fuzzing and to make it reach a large audience, this study provides an overview of key concepts along with the taxonomy of existing hybrid fuzzing tools, problems, and solutions that have been developed in this sphere. It also includes evaluations of the proposed approaches and a number of suggestions for the development of hybrid fuzzing in the future.

show abstract

Map2Check: Using Symbolic Execution and Fuzzing

Cited by 9 publications

References 6 publications

Towards a Hybrid Approach to Protect Against Memory Safety Vulnerabilities

Towards a Hybrid Approach to Protect Against Memory Safety Vulnerabilities

Towards a Hybrid Approach to Protect Against Memory Safety Vulnerabilities

Exploratory Review of Hybrid Fuzzing for Automated Vulnerability Detection

Contact Info

Product

Resources

About