Automated Search for Vulnerabilities in ARM Software Using Dynamic Symbolic Execution

被引:1
|
作者
Ovasapyan, T. D. [1 ]
Knyazev, P., V [1 ]
Moskvin, D. A. [1 ]
机构
[1] Peter Great St Petersburg Polytech Univ, St Petersburg 195251, Russia
来源
AUTOMATIC CONTROL AND COMPUTER SCIENCES | 2021年 / 55卷 / 08期
基金
俄罗斯基础研究基金会;
关键词
symbolic execution; ARM architecture; taint analysis; Internet of Things; cyberphysical systems; fuzzing; NETWORKS;
D O I
10.3103/S014641162108023X
中图分类号
TP [自动化技术、计算机技术];
学科分类号
0812 ;
摘要
Automated search for vulnerabilities in ARM IoT devices is considered. The problems of using symbolic execution for vulnerability detection are investigated. A dynamic symbolic execution approach with taint analysis is proposed to improve the efficiency of vulnerability detection, which eliminates the problems that arise when using classical symbolic execution.
引用
收藏
页码:932 / 940
页数:9
相关论文
共 50 条
  • [41] Anxiety: a dynamic symbolic execution framework
    Gerasimov, Alexander
    Vartanov, Sergey
    Ermakov, Mikhail
    Kruglov, Leonid
    Kutz, Daniil
    Novikov, Alexander
    Asryan, Seryozha
    2017 IVANNIKOV ISPRAS OPEN CONFERENCE (ISPRAS), 2017, : 16 - 21
  • [42] A Branch History Directed Heuristic Search for Effective Binary Level Dynamic Symbolic Execution
    Hu, Yan
    Kong, Weiqiang
    Ren, Yizhi
    Choo, Kim-Kwang Raymond
    IEEE ACCESS, 2017, 5 : 8752 - 8762
  • [43] MACKE: Compositional Analysis of Low-Level Vulnerabilities with Symbolic Execution
    Ognawala, Saahil
    Ochoa, Martin
    Pretschner, Alexander
    Limmer, Tobias
    2016 31ST IEEE/ACM INTERNATIONAL CONFERENCE ON AUTOMATED SOFTWARE ENGINEERING (ASE), 2016, : 780 - 785
  • [44] Comparison and integration of genetic algorithms and dynamic symbolic execution for security testing of cross-site scripting vulnerabilities
    Avancini, Andrea
    Ceccato, Mariano
    INFORMATION AND SOFTWARE TECHNOLOGY, 2013, 55 (12) : 2209 - 2222
  • [45] Safe virtual execution using software dynamic translation
    Scott, K
    Davidson, J
    18TH ANNUAL COMPUTER SECURITY APPLICATIONS CONFERENCE, PROCEEDINGS, 2002, : 209 - 218
  • [46] Dynamic Analysis of Embedded Software using Execution Replay
    Song, Young Wn
    Lee, Yann-Hang
    2014 IEEE 17TH INTERNATIONAL SYMPOSIUM ON OBJECT/COMPONENT/SERVICE-ORIENTED REAL-TIME DISTRIBUTED COMPUTING (ISORC), 2014, : 166 - 173
  • [47] Automated Generation of Buffer Overflow Quick Fixes Using Symbolic Execution and SMT
    Muntean, Paul
    Kommanapalli, Vasantha
    Ibing, Andreas
    Eckert, Claudia
    COMPUTER SAFETY, RELIABILITY, AND SECURITY, SAFECOMP 2015, 2015, 9337 : 441 - 456
  • [48] Analyzing system software components using API model guided symbolic execution
    Tuba Yavuz
    Ken (Yihang) Bai
    Automated Software Engineering, 2020, 27 : 329 - 367
  • [49] Analyzing system software components using API model guided symbolic execution
    Yavuz, Tuba
    Bai, Ken
    AUTOMATED SOFTWARE ENGINEERING, 2020, 27 (3-4) : 329 - 367
  • [50] Generating Source Inputs for Metamorphic Testing Using Dynamic Symbolic Execution
    Alatawi, Eman
    Miller, Tim
    Sondergaard, Harald
    2016 IEEE/ACM 1ST INTERNATIONAL WORKSHOP ON METAMORPHIC TESTING (MET), 2016, : 19 - 25
12345