Research On Software Vulnerability Detection Automatically Based On Dynamic Symbolic Execution

First, I research comprehensive on the background of symbolic execution, the current research status, technical challenges and solutions,analysis existing DSE softwares. DSE has made a significant progress after nearly 10 years’ research,however there are many technical challenges which restrict DSE’s further development.Such as: floating-point operations, nonlinear operations, symbols pointer,path explosion.Second,a DSE software VunScope which rely on DSE technology as the core has been achieved.It does not need source code of analyzed software, and has the following innovations:(1)x86 instructions can be direct executed symbolically without intermediate representations(IR);(2)the proposed heuristic method can improve the accuracy of VunScope through dealing with overlapping symbols problems.(3)I choose lazy checking instead of checking each arithmetic.Third,I go on researching automated software vulnerability discovery based on VunScope, and then achieves an automated vulnerability detection software which can be used in detecting Windows executable files.The software named VunDetect contains the following innovations:(1) VunDetect designs a proactive vulnerability discovery, so vulnerability constraints can be added proactive to the path conditions to generate a new path condition, and then VunDetect generates testcase to trigger the vulnerability after solving this condition;(2) VunDetect designs optimal path search algorithms to improve the efficiency of vulnerability discovery;(3) VunDetect can be enhanced through the development of plugins.The last research propose four direcitons to the DSE’s future development.(1)DSE technique rely on solver,so the solver promotion will trigger a considerable impact on the DSE;(2)path explosion is the most significant problem to prevent the DSE’s development,so we should carry out detailed and in-depth research on path explosion.(3) DSE parallelization is also a key research direction which can significantly improve the efficiency of DSE.(4)Differentiated problems from analyzed softwares cause different user demands, the DSE’s customization implementation can solve this problem.