A Research Of Visualization For Binary Dynamic Symbolic Execution

Nowadays software security attracts more and more attention from the public,and researchers all over the world spend more time and efforts on vulnerability testing techniques.In those researches,a new approach of whitebox fuzz testing was proposed in recent years,which is called dynamic symbolic execution,and it is inspired by recent advances in dynamic test generation.Dynamic symbolic execution is one of the promising techniques for automated test generation and vulnerability mining.A number of researches indicate its potential for high productivity,and software developers are expecting industrial application of this technology.Nevertheless,dynamic symbolic execution often suffers bottlenecks of coverage while facing large-scale software projects.Moreover,it is difficult to locate the specific reason of the problem when using traditional analysis methods,which makes a large effort consumed in the analysis stage.In such cases,visualizing the data from the symbolic execution and the test generation process could greatly help the process analysis.Visualization provides possible clues to users,which makes it easier to identify the specific reason for the stagnation.What's more,with the help of visualization,users can tell the corresponding required configurations or modifications for further execution.This research is divided into 3 parts as below.1.Dynamic symbolic execution theory.This part states the theoretical basis,status of the development,technical challenges and corresponding solutions for dynamic symbolic execution.Then we compare 7 different dynamic symbolic execution tools.This part shows important advantages and challenges of this technique,which is the basis of this research.2.A visual analysis method for dynamic symbolic execution.We design a new method to perform visual and interactive analysis for dynamic symbolic execution,including its principle definition and advantages.3.A visual analysis tool for dynamic symbolic execution.On the basis of the method above,this paper presents a cross-platform tool named VDSE to analyze dynamic symbolic execution.It is able to visualize the process of dynamic symbolic execution in interactive UI and provide necessary information to help issues analysis.This part mainly describes the architecture of this tool.Then the experiment indicates VDSE has little negative impact on dynamic symbolic execution process.Finally,the end of this part shows how to use VDSE for engineering purposes.Now VDSE can work with Fuzzgrind,and our job in the future will make it support more symbolic execution-based tools.This research could help improve the availability of dynamic symbolic execution.We've also applied for a patent on this technology.