• 中国计算机学会会刊
  • 中国科技核心期刊
  • 中文核心期刊

Computer Engineering & Science

Previous Articles     Next Articles

A software vulnerability detection method based on
static analysis and dynamic symbolic execution
 

CAI Jun,ZOU Peng,XIONG Dapeng,HE Jun   

  1. (Science and Technology on Complex Electronic System Simulation Laboratory,Academy of Equipment,Beijing 101416,China)
     
  • Received:2015-07-09 Revised:2015-11-13 Online:2016-12-25 Published:2016-12-25

Abstract:

Dynamic symbolic execution is a software vulnerability detection method emerging in recent years, which can automatically generate test cases for different execution paths of the target program, so it can obtain high test code coverage. However, there are so many execution paths of a program, and most of them are unrelated to vulnerabilities, and those paths containing dangerous function calls are more likely to lead to vulnerabilities. We propose a guided dynamic symbolic execution method based on static analysis, and implement a tool prototype named SAGDSE. This method firstly identifies the program instructions that call dangerous functions via static analysis, and then collects the constraints of dangerous paths during the dynamic symbolic execution process when encountering these instructions. Finally it generates test cases that go through these dangerous paths by solving the constraints. These test cases are more likely to trigger program vulnerabilities. Experimental results verify the effectiveness of the proposed method.

Key words: