Based On Hybrid Perform Testing System Design And Implementation Of Binary Code

Software security is the key issue of computer security,a variety of security prob-lems caused by software vulnerabilities, resulting in significant economic loss-es. Software testing is an effective method to protect the security of software, butwith the improvement of software size and complexity, the difficulty of software secu-rity testing also increased.Concolic execution technology is a new method of software testing,it first collectpath conditions through instrumentation during program execution, then derive newinputs from previous path constraint by a SMT (Satisfiability Modulo Theories) solverin order to steer next executions towards new program paths. When not solving thecollected path conditions, concolic execution technology can use a concrete value tosimplify the symbolic expressions, so that the test can continue. concolic executiontechnology can solve the problem of lacking effective test case set, combinedwith other techniques, can also automated test software, it is with the developmenttrend of automated software testing.In recent years, binary code safety testing and vulnerability mining have also be-come hot issueses in the field of software security research,for can test non-opensource software. Concolic execution technology is an effective means of formal analy-sis of software security, its currently research still remain in the stage of theoreticalvalidation and prototype at home and abroad.Therefore,in this thesis, the technologyof binary code testing based on concolic execution have both theoretical and practicalvalue.The existing software analysis tools using concolic execution technology havegreat limitations,so,in this thesis,we implement a prototype tool,CBCTS,for binarycode testing based on concolic execution technology in Pin instrumentation plat-form.Through verificating two vulnerabilities,MS09-032and CVE-2009-0927,by us-ing CBCTS,it can be concluded that the software security testing,combination of con-colic execution and dynamic binary analysis technology, is feasible and effective.