EtWExplorer: Multi-Priority Scheduling Path Exploration Technology Based on Abstract Syntax Tree Analysis
-
Published:2022-10-10
Issue:19
Volume:12
Page:10182
-
ISSN:2076-3417
-
Container-title:Applied Sciences
-
language:en
-
Short-container-title:Applied Sciences
Author:
He XingluORCID,
Wang Pengfei,
Lu Kai,
Zhou XuORCID
Abstract
Symbolic execution is well known as a dynamic vulnerability discovery technique. Its greatest advantage is the capability to analyze the execution information of the program and to explore the path in the program deterministically. This is a more accurate way to determine if there are vulnerabilities in a program than randomized testing by fuzzing. In addition, symbolic execution does not suffer from the problem of decreasing the capability to discover new paths as more paths are discovered, similar to that caused by random-based fuzzing. However, the reason why symbolic execution is not widely used in vulnerability discovery is mainly due to the state space explosion in the program. The state space explosion severely affects the applicability of symbolic execution. To further improve the applicability of symbolic execution, this paper proposes a path exploration technology based on abstract syntax tree analysis. With the distance between the expression generated by the symbolic execution of the repeat location and the “unsatisfiable” condition of the “unsat” state, we can perform multi-priority scheduling for the repeat location state, thus mitigating the impact of the state space explosion on path exploration. We proposed and implemented EtWExplorer, a multi-priority scheduling technique based on abstract syntax tree analysis. With this technique, we can significantly improve the capability of symbolic execution to discover unknown paths even in state space exploration. Experiments show that EtWExplorer introduces a performance overhead of 72% in the worst case and can improve performance by 294% in the best case. EtWExplorer has a 95% improvement in state space explosion mitigation capability and a 199% to 983% improvement in the path exploration capability of block coverage and a 181% to 1047% improvement in the path exploration capability of edge coverage when facing programs that cause a state space explosion.
Funder
National High-level Personnel for Defense Technology Program
National Natural Science Foundation of China
Subject
Fluid Flow and Transfer Processes,Computer Science Applications,Process Chemistry and Technology,General Engineering,Instrumentation,General Materials Science
Reference17 articles.
1. Driller: Augmenting Fuzzing through Selective Symbolic Execution;Stephens;Proceedings of the NDSS,2016
2. {QSYM}: A practical concolic execution engine tailored for hybrid fuzzing;Yun;Proceedings of the 27th USENIX Security Symposium (USENIX Security 18),2018
3. Savior: Towards bug-driven hybrid testing;Chen;Proceedings of the 2020 IEEE Symposium on Security and Privacy (SP),2020
4. HFL: Hybrid Fuzzing on the Linux Kernel;Kim;Proceedings of the NDSS,2020
5. Pangolin: Incremental hybrid fuzzing with polyhedral path abstraction;Huang;Proceedings of the 2020 IEEE Symposium on Security and Privacy (SP),2020