skip to main content
Idioma:
Primo Advanced Search
Primo Advanced Search Query Term
Primo Advanced Search prefilters
Busca Simples

Combining BMC and Fuzzing Techniques for Finding Software Vulnerabilities in Concurrent Programs

Aljaafari, Fatimah K ; Menezes, Rafael ; Manino, Edoardo ; Shmarov, Fedor ; Mustafa, Mustafa A ; Cordeiro, Lucas C

Access, IEEE, 2022, Vol.10, p.121365-121384

IEEE

Sem texto completo

Citações Citado por
  • Título:
    Combining BMC and Fuzzing Techniques for Finding Software Vulnerabilities in Concurrent Programs
  • Autor: Aljaafari, Fatimah K ; Menezes, Rafael ; Manino, Edoardo ; Shmarov, Fedor ; Mustafa, Mustafa A ; Cordeiro, Lucas C
  • Assuntos: bounded model checking ; Computer bugs ; Concurrency-aware gray-box fuzzer ; Concurrent computing ; concurrent programs ; Fuzzing ; Instruction sets ; instrumentation ; LLVM pass ; Programming ; Software engineering ; System recovery
  • É parte de: Access, IEEE, 2022, Vol.10, p.121365-121384
  • Descrição: Finding software vulnerabilities in concurrent programs is a challenging task due to the size of the state-space exploration, as the number of interleavings grows exponentially with the number of program threads and statements. We propose and evaluate EBF (Ensembles of Bounded Model Checking with Fuzzing) - a technique that combines Bounded Model Checking (BMC) and Gray-Box Fuzzing (GBF) to find software vulnerabilities in concurrent programs. Since there are no publicly-available GBF tools for concurrent code, we first propose OpenGBF - a new open-source concurrency-aware gray-box fuzzer that explores different thread schedules by instrumenting the code under test with random delays. Then, we build an ensemble of a BMC tool and OpenGBF in the following way. On the one hand, when the BMC tool in the ensemble returns a counterexample, we use it as a seed for OpenGBF, thus increasing the likelihood of executing paths guarded by complex mathematical expressions. On the other hand, we aggregate the outcomes of the BMC and GBF tools in the ensemble using a decision matrix, thus improving the accuracy of EBF. We evaluate EBF against state-of-the-art pure BMC tools and show that it can generate up to 14.9% more correct verification witnesses than the corresponding BMC tools alone. Furthermore, we demonstrate the efficacy of OpenGBF, by showing that it can find 24.2% of the vulnerabilities in our evaluation suite, while non-concurrency-aware GBF tools can only find 0.55%. Finally, thanks to our concurrency-aware OpenGBF, EBF detects a data race in the open-source wolfMqtt library and reproduces known bugs in several other real-world programs, which demonstrates its effectiveness in finding vulnerabilities in real-world software.
  • Editor: IEEE
  • Idioma: Inglês
Voltar para lista de resultados
Ir para página anteriorAnterior Resultado  6 AvançarIr para próxima página

  • Realização: ABCD-USP USP   Logos de Redes Sociais: Freepik

Buscando em bases de dados remotas. Favor aguardar.