skip to main content
Visitante
Meu Espaço
Minha Conta
Sair
Identificação
This feature requires javascript
Tags
Revistas Eletrônicas (eJournals)
Livros Eletrônicos (eBooks)
Bases de Dados
Bibliotecas USP
Ajuda
Ajuda
Idioma:
Inglês
Espanhol
Português
This feature required javascript
This feature requires javascript
Primo Advanced Search
Busca Geral
Busca Geral
Acervo Físico
Acervo Físico
Produção Intelectual da USP
Produção USP
Primo Advanced Search Query Term
Input search text:
Show Results with:
criteria input
Qualquer
Show Results with:
Qualquer
Primo Advanced Search prefilters
Tipo de material:
criteria input
Todos os itens
Busca Geral
Busca Simples
This feature requires javascript
Combining BMC and Fuzzing Techniques for Finding Software Vulnerabilities in Concurrent Programs
Aljaafari, Fatimah K ; Menezes, Rafael ; Manino, Edoardo ; Shmarov, Fedor ; Mustafa, Mustafa A ; Cordeiro, Lucas C
Access, IEEE, 2022, Vol.10, p.121365-121384
IEEE
Sem texto completo
Citações
Citado por
Serviços
Detalhes
Resenhas & Tags
Nº de Citações
This feature requires javascript
Enviar para
Adicionar ao Meu Espaço
Remover do Meu Espaço
E-mail (máximo 30 registros por vez)
Imprimir
Link permanente
Referência
EasyBib
EndNote
RefWorks
del.icio.us
Exportar RIS
Exportar BibTeX
This feature requires javascript
Título:
Combining BMC and Fuzzing Techniques for Finding Software Vulnerabilities in Concurrent Programs
Autor:
Aljaafari, Fatimah K
;
Menezes, Rafael
;
Manino, Edoardo
;
Shmarov, Fedor
;
Mustafa, Mustafa A
;
Cordeiro, Lucas C
Assuntos:
bounded model checking
;
Computer bugs
;
Concurrency-aware gray-box fuzzer
;
Concurrent computing
;
concurrent programs
;
Fuzzing
;
Instruction sets
;
instrumentation
;
LLVM pass
;
Programming
;
Software engineering
;
System recovery
É parte de:
Access, IEEE, 2022, Vol.10, p.121365-121384
Descrição:
Finding software vulnerabilities in concurrent programs is a challenging task due to the size of the state-space exploration, as the number of interleavings grows exponentially with the number of program threads and statements. We propose and evaluate EBF (Ensembles of Bounded Model Checking with Fuzzing) - a technique that combines Bounded Model Checking (BMC) and Gray-Box Fuzzing (GBF) to find software vulnerabilities in concurrent programs. Since there are no publicly-available GBF tools for concurrent code, we first propose OpenGBF - a new open-source concurrency-aware gray-box fuzzer that explores different thread schedules by instrumenting the code under test with random delays. Then, we build an ensemble of a BMC tool and OpenGBF in the following way. On the one hand, when the BMC tool in the ensemble returns a counterexample, we use it as a seed for OpenGBF, thus increasing the likelihood of executing paths guarded by complex mathematical expressions. On the other hand, we aggregate the outcomes of the BMC and GBF tools in the ensemble using a decision matrix, thus improving the accuracy of EBF. We evaluate EBF against state-of-the-art pure BMC tools and show that it can generate up to 14.9% more correct verification witnesses than the corresponding BMC tools alone. Furthermore, we demonstrate the efficacy of OpenGBF, by showing that it can find 24.2% of the vulnerabilities in our evaluation suite, while non-concurrency-aware GBF tools can only find 0.55%. Finally, thanks to our concurrency-aware OpenGBF, EBF detects a data race in the open-source wolfMqtt library and reproduces known bugs in several other real-world programs, which demonstrates its effectiveness in finding vulnerabilities in real-world software.
Editor:
IEEE
Idioma:
Inglês
This feature requires javascript
This feature requires javascript
Voltar para lista de resultados
Anterior
Resultado
6
Avançar
This feature requires javascript
This feature requires javascript
Buscando em bases de dados remotas. Favor aguardar.
Buscando por
em
scope:(USP_PRODUCAO),scope:(USP_EBOOKS),scope:("PRIMO"),scope:(USP),scope:(USP_EREVISTAS),scope:(USP_FISICO),primo_central_multiple_fe
Mostrar o que foi encontrado até o momento
This feature requires javascript
This feature requires javascript