Chia Yuan Cho, Domagoj Babic, Pongsin Poosankam, Kevin Zhijie Chen, Edward Xuejun Wu, Dawn Song
Citation
Chia Yuan Cho, Domagoj Babic, Pongsin Poosankam, Kevin Zhijie Chen, Edward Xuejun Wu, Dawn Song. "MACE: Model-inference-Assisted Concolic Exploration for Protocol and Vulnerability Discovery". Proceedings of the 20th USENIX conference on Security (SEC 11), Usenix, 2011.
Abstract
Program state-space exploration is central to software security, testing, and verification. In this paper, we propose a novel technique for state-space exploration of software that maintains an ongoing interaction with its environment. Our technique uses a combination of symbolic and concrete execution to build an abstract model of the analyzed application, in the form of a finite-state automaton, and uses the model to guide further state-space exploration. Through exploration, MACE further refines the abstract model. Using the abstract model as a scaffold, our technique wields more control over the search process. In particular: (1) shifting search to different parts of the search-space becomes easier, resulting in higher code coverage, and (2) the search is less likely to get stuck in small local state-subspaces (e.g., loops) irrelevant to the application’s interaction with the environment. Preliminary
experimental results show significant increases in
the code coverage and exploration depth. Further, our approach found a number of new deep vulnerabilities.
Electronic downloads
- Cho.pdf · application/pdf · 210 kbytes
| Citation formats |
- HTML
Chia Yuan Cho, Domagoj Babic, Pongsin Poosankam, Kevin Zhijie Chen, Edward Xuejun Wu, Dawn Song. <a href="http://www.truststc.org/pubs/854.html" >MACE: Model-inference-Assisted Concolic Exploration for Protocol and Vulnerability Discovery</a>, Proceedings of the 20th USENIX conference on Security (SEC 11), Usenix, 2011.
- Plain text
Chia Yuan Cho, Domagoj Babic, Pongsin Poosankam, Kevin Zhijie Chen, Edward Xuejun Wu, Dawn Song. "MACE: Model-inference-Assisted Concolic Exploration for Protocol and Vulnerability Discovery". Proceedings of the 20th USENIX conference on Security (SEC 11), Usenix, 2011.
- BibTeX
@inproceedings{ChoBabicPoosankamChenWuSong11_MACEModelinferenceAssistedConcolicExplorationForProtocol, author = {Chia Yuan Cho and Domagoj Babic and Pongsin Poosankam and Kevin Zhijie Chen and Edward Xuejun Wu and Dawn Song}, title = {MACE: Model-inference-Assisted Concolic Exploration for Protocol and Vulnerability Discovery}, booktitle = {Proceedings of the 20th USENIX conference on Security (SEC 11)}, organization = {Usenix}, year = {2011}, abstract = {Program state-space exploration is central to software security, testing, and verification. In this paper, we propose a novel technique for state-space exploration of software that maintains an ongoing interaction with its environment. Our technique uses a combination of symbolic and concrete execution to build an abstract model of the analyzed application, in the form of a finite-state automaton, and uses the model to guide further state-space exploration. Through exploration, MACE further refines the abstract model. Using the abstract model as a scaffold, our technique wields more control over the search process. In particular: (1) shifting search to different parts of the search-space becomes easier, resulting in higher code coverage, and (2) the search is less likely to get stuck in small local state-subspaces (e.g., loops) irrelevant to the application’s interaction with the environment. Preliminary experimental results show significant increases in the code coverage and exploration depth. Further, our approach found a number of new deep vulnerabilities.}, URL = {http://www.truststc.org/pubs/854.html} }
Posted by Mary Stewart on 4 Apr 2012.
For additional information, see the
Publications FAQ or
contact webmaster at www truststc org.
Notice: This material is presented to ensure timely dissemination of scholarly and technical work. Copyright and all rights therein are retained by authors or by other copyright holders. All persons copying this information are expected to adhere to the terms and constraints invoked by each author's copyright.