SymQEMU: Compilation-based symbolic execution for binaries

Poeplau, Sebastian; Francillon, Aurélien

doi:10.14722/ndss.2021.24118

Cited by 37 publications

(12 citation statements)

References 21 publications

(38 reference statements)

Supporting

Mentioning

Contrasting

Unclassified

Order By: Relevance

“…However, these methods are far from perfect since they are built on the token level and the AST level rather than the semantic level, and this leads to the scenario that two semantically equal code snippets may have a relatively low CodeBLEU score. Some methods like dynamic testing [29] or symbolic execution [20,54] have been proposed to solve this. But such methods are either too heavy to be practical or even impractical for code snippet which does not have a clear input and output.…”

Section: Discussionmentioning

confidence: 99%

On the Feasibility of Specialized Ability Stealing for Large Language Code Models

Li¹,

Wang²,

Ma³

et al. 2023

Preprint

View full text Add to dashboard Cite

Recent progress in large language code models (LLCMs) has led to a dramatic surge in the use of software development. Nevertheless, it is widely known that training a well-performed LLCM requires a plethora of workforce for collecting the data and high quality annotation. Additionally, the training dataset may be proprietary (or partially open source to the public), and the training process is often conducted on a large-scale cluster of GPUs with high costs. Inspired by the recent success of imitation attacks in extracting computer vision and natural language models, this work launches the first imitation attack on LLCMs: by querying a target LLCM with carefully-designed queries and collecting the outputs, the adversary can train an imitation model that manifests close behavior with the target LLCM. We systematically investigate the effectiveness of launching imitation attacks under different query schemes and different LLCM tasks. We also design novel methods to polish the LLCM outputs, resulting in an effective imitation training process. We summarize our findings and provide lessons harvested in this study that can help better depict the attack surface of LLCMs. Our research contributes to the growing body of knowledge on imitation attacks and defenses in deep neural models, particularly in the domain of code related tasks.

show abstract

Section: Discussionmentioning

confidence: 99%

On the Feasibility of Specialized Ability Stealing for Large Language Code Models

Li¹,

Wang²,

Ma³

et al. 2023

Preprint

View full text Add to dashboard Cite

show abstract

“…Despite the advances and improvements that made the new generation whitebox fuzzers much more performant [32], greybox approaches remain the leading technique to discover vulnerabilities in modern codebases. For instance, the OSS-Fuzz project by Google [3] makes use of greybox fuzzing approaches to test and detect bugs in a large number of popular open-source projects.…”

Section: Fuzz Testingmentioning

confidence: 99%

Dissecting American Fuzzy Lop - A FuzzBench Evaluation

Fioraldi¹,

Mantovani²,

Maier³

et al. 2022

Proceedings FUZZING 2022 - 1st International Fuzzing Workshop

View full text Add to dashboard Cite

AFL is one of the most used and extended fuzzing projects, adopted by industry and academic researchers alike. While the community agrees on AFL's effectiveness at discovering new vulnerabilities and at its outstanding usability, many of its internal design choices remain untested to date. Security practitioners often clone the project "as-is" and use it as a starting point to develop new techniques, usually taking everything under the hood for granted. Instead, we believe that a careful analysis of the different parameters could help modern fuzzers to improve their performance and explain how each choice can affect the outcome of security testing, either negatively or positively.The goal of this paper is to provide a comprehensive understanding of the internal mechanisms of AFL by performing experiments and comparing different metrics used to evaluate fuzzers. This will prove the efficacy of some patterns and clarify which aspects are instead outdated. To achieve this, we set up nine unique experiments that we carried out on the popular Fuzzbench platform. Each test focuses on a different aspect of AFL, ranging from its mutation approach to the feedback encoding scheme and the scheduling methodologies.Our preliminary findings show that each design choice affects different factors of AFL. While some of these are positively correlated with the number of detected bugs or the target coverage, other features are related to usability and reliability. Most important, the outcome of our experiments will indicate which parts of AFL we should preserve in modern fuzzers.

show abstract

“…Compared to all these solutions, LSym focuses on optimizing off-the-shelf concolic execution tools by means of conservative constraint debloating, which is a simple and effective way to improve the scalability of concolic execution without much compromising its soundness. Very recently Poeplau et al proposed SymCC [34] and SymQEMU [35]compilation-based symbolic execution technique for source and binary solutions respectively. We believe that the technique presented in LSym can further enhance symbolic execution performance by combining above mentioned techniques with taintflow analyses (e.g.…”

Section: Concolic Executionmentioning

confidence: 99%

LeanSym: Efficient Hybrid Fuzzing Through Conservative Constraint Debloating

Rawat

Giuffrida

et al. 2021

24th International Symposium on Research in Attacks, Intrusions and Defenses

View full text Add to dashboard Cite

General rightsCopyright and moral rights for the publications made accessible in the public portal are retained by the authors and/or other copyright owners and it is a condition of accessing publications that users recognise and abide by the legal requirements associated with these rights.• Users may download and print one copy of any publication from the public portal for the purpose of private study or research. • You may not further distribute the material or use it for any profit-making activity or commercial gain • You may freely distribute the URL identifying the publication in the public portal ? Take down policyIf you believe that this document breaches copyright please contact us providing details, and we will remove access to the work immediately and investigate your claim.

show abstract

SymQEMU: Compilation-based symbolic execution for binaries

Cited by 37 publications

References 21 publications

On the Feasibility of Specialized Ability Stealing for Large Language Code Models

On the Feasibility of Specialized Ability Stealing for Large Language Code Models

Dissecting American Fuzzy Lop - A FuzzBench Evaluation

LeanSym: Efficient Hybrid Fuzzing Through Conservative Constraint Debloating

Contact Info

Product

Resources

About