[go: up one dir, main page]
More Web Proxy on the site http://driver.im/
Skip to main content
Springer Nature Link
Log in

A Tight Integration of Symbolic Execution and Fuzzing (Short Paper)

  • Conference paper
  • First Online:
Foundations and Practice of Security (FPS 2021)

Part of the book series: Lecture Notes in Computer Science ((LNCS,volume 13291))

Included in the following conference series:

Abstract

Most bug finding tools rely on either fuzzing or symbolic execution. While they both work well in some situations, fuzzing struggles with complex conditions and symbolic execution suffers from path explosion and high constraint solving costs. In order to enjoy the advantages from both techniques, we propose a new approach called Lightweight Symbolic Execution (LSE) that integrates well with fuzzing. Especially, LSE does not require any call to a constraint solver and allows for quickly enumerating inputs. In this short paper, we present the basic concepts of LSE together with promising preliminary experiments.

This is a preview of subscription content, log in via an institution to check access.

Access this chapter

Log in via an institution

Subscribe and save

Springer+ Basic
£29.99 /Month
  • Get 10 units per month
  • Download Article/Chapter or eBook
  • 1 Unit = 1 Article or 1 Chapter
  • Cancel anytime
Subscribe now

Buy Now

Chapter
GBP 19.95
Price includes VAT (United Kingdom)
  • Available as PDF
  • Read on any device
  • Instant download
  • Own it forever
eBook
GBP 43.99
Price includes VAT (United Kingdom)
  • Available as EPUB and PDF
  • Read on any device
  • Instant download
  • Own it forever
Softcover Book
GBP 54.99
Price includes VAT (United Kingdom)
  • Compact, lightweight edition
  • Dispatched in 3 to 5 business days
  • Free shipping worldwide - see info

Tax calculation will be finalised at checkout

Purchases are for personal use only

Institutional subscriptions

Similar content being viewed by others

References

  1. Cadar, C., et al.: KLEE: unassisted and automatic generation of high-coverage tests for complex systems programs. In: OSDI (2008)

    Google Scholar 

  2. Cadar, C., Sen, K.: Symbolic execution for software testing: three decades later. Commun. ACM 56(2), 82–90 (2013)

    Article  Google Scholar 

  3. Chen, P., Chen, H.: Angora: efficient fuzzing by principled search. In: 2018 IEEE Symposium on Security and Privacy (SP), pp. 711–725. IEEE (2018)

    Google Scholar 

  4. Chen, P., Liu, J., Chen, H.: Matryoshka: fuzzing deeply nested branches. In: Conference on Computer and Communications Security (2019)

    Google Scholar 

  5. David, R., et al.: A dynamic symbolic execution toolkit for binary-level analysis. In: Proceedings of the 23rd IEEE International Conference on Software Analysis, Evolution, and Reengineering, SANER 2016. IEEE (2016)

    Google Scholar 

  6. Djoudi, A., Bardin, S.: BINSEC: binary code analysis with low-level regions. In: Baier, C., Tinelli, C. (eds.) TACAS 2015. LNCS, vol. 9035, pp. 212–217. Springer, Heidelberg (2015). https://doi.org/10.1007/978-3-662-46681-0_17

    Chapter  Google Scholar 

  7. Dolan-Gavitt, B., et al.: Lava: large-scale automated vulnerability addition. In: IEEE Symposium on Security and Privacy (SP) (2016)

    Google Scholar 

  8. Fioraldi, A., Maier, D., Eißfeldt, H., Heuse, M.: AFL++: Combining incremental steps of fuzzing research. In: WOOT (2020)

    Google Scholar 

  9. Godefroid, P., Levin, M.Y., Molnar, D.A.: SAGE: whitebox fuzzing for security testing. Commun. ACM 55(3), 40–44 (2012)

    Article  Google Scholar 

  10. Huang, H., Yao, P., Wu, R., Shi, Q., Zhang, C.: Pangolin: incremental hybrid fuzzing with polyhedral path abstraction. In: Security and Privacy (2020)

    Google Scholar 

  11. King, J.C.: Symbolic execution and program testing. Commun. ACM 19(7), 385–394 (1976)

    Article  MathSciNet  Google Scholar 

  12. Manès, V.J.M., et al.: The art, science, and engineering of fuzzing: a survey. IEEE Trans. Softw. Eng. 47, 2312–2330 (2019)

    Article  Google Scholar 

  13. Miller, B.P., Fredriksen, L., So, B.: An empirical study of the reliability of UNIX utilities. Commun. ACM 33(12), 32–44 (1990)

    Article  Google Scholar 

  14. Rawat, S., Jain, V., Kumar, A., Cojocar, L., Giuffrida, C., Bos, H.: VUzzer: application-aware evolutionary fuzzing. In: 24th Annual Network and Distributed System Security Symposium, NDSS (2017)

    Google Scholar 

  15. Stephens, N., et al.: Driller: augmenting fuzzing through selective symbolic execution. In: NDSS (2016)

    Google Scholar 

  16. Website. Libfuzzer (2021). https://llvm.org/docs/LibFuzzer.html

  17. Yun, I., Lee, S., Xu, M., Jang, Y., Kim, T.: QSYM : a practical concolic execution engine tailored for hybrid fuzzing. In: 27th USENIX Security Symposium (USENIX Security 2018). USENIX Association (2018)

    Google Scholar 

  18. Zalewski, M.: American fuzzy lop (2021). http://lcamtuf.coredump.cx/afl/

Download references

Author information

Authors and Affiliations

  1. Université Paris-Saclay, CNRS, ENS Paris-Saclay, Inria, Laboratoire Méthodes Formelles, Gif-sur-Yvette, France

    Yaëlle Vinçont

  2. Université Paris-Saclay, CEA, List, Saclay, France

    Yaëlle Vinçont, Sébastien Bardin & Michaël Marcozzi

Authors
  1. Yaëlle Vinçont
    View author publications

    You can also search for this author in PubMed Google Scholar

  2. Sébastien Bardin
    View author publications

    You can also search for this author in PubMed Google Scholar

  3. Michaël Marcozzi
    View author publications

    You can also search for this author in PubMed Google Scholar

Corresponding author

Correspondence to Sébastien Bardin .

Editor information

Editors and Affiliations

  1. University of Montreal, Montreal, QC, Canada

    Esma Aïmeur

  2. Télécom SudParis, Palaiseau, France

    Maryline Laurent

  3. IRT SystemX, Palaiseau, France

    Reda Yaich

  4. University of Montreal, Montreal, QC, Canada

    Benoît Dupont

  5. Télécom SudParis, Palaiseau, France

    Joaquin Garcia-Alfaro

Rights and permissions

Reprints and permissions

Copyright information

© 2022 Springer Nature Switzerland AG

About this paper

Check for updates. Verify currency and authenticity via CrossMark

Cite this paper

Vinçont, Y., Bardin, S., Marcozzi, M. (2022). A Tight Integration of Symbolic Execution and Fuzzing (Short Paper). In: Aïmeur, E., Laurent, M., Yaich, R., Dupont, B., Garcia-Alfaro, J. (eds) Foundations and Practice of Security. FPS 2021. Lecture Notes in Computer Science, vol 13291. Springer, Cham. https://doi.org/10.1007/978-3-031-08147-7_20

Download citation

  • DOI: https://doi.org/10.1007/978-3-031-08147-7_20

  • Published:

  • Publisher Name: Springer, Cham

  • Print ISBN: 978-3-031-08146-0

  • Online ISBN: 978-3-031-08147-7

  • eBook Packages: Computer ScienceComputer Science (R0)

Publish with us

Policies and ethics

Search

Navigation