| In modern society, computer and daily life are inseparable. However,with the rapid development of society, the computer security issuesbecome increasingly serious. Vulnerability in software is an importantfactor to computer security.COTS is the abbreviation of Commercial-Off-the-Shelf, COTSsoftware are obtained by means having an open standard interface definedby software products. These products generally have a complex structureof software functionality, source unavailable, closely associated with theoperating system, etc.Currently given the shortcomings still exist in COTS bug finding,including path explosion, unavailable constraint solving,context modeling, vulnerability modeling, etc. This paper presents asystem-wide dynamic symbolic execution approach towards COTSfuzzing. Based on this approach we developed a smart fuzzing systemnamed COTSFuzzer.COTSFuzzer mainly include the following points:1) It uses S2E, theselective symbolic execution engine, to achieve a system-wide dynamicsymbolic execution.2) It introduces binary exponential path pruningalgorithm, effectively solving path explosion problem due to symbolicloop condition.3) It also designs a fine-grained user-mode exceptionmonitor mechanism, which implements crash dumping on Windows.4)COTSFuzzer makes it applicable for ActiveX controls, drivers, and fileprocessing software.Experiments show that COTSFuzzer can be effectively applied tosoftware fuzzing on Windows. Compared to dumb fuzzing, this approach can dramatically improve software testing coverage, therefore findingpotential vulnerabilities. |
PDF Full Text Request