LEI Xue, HUANG Wei, FANWenqing, et al., “Input Generation via Taintdata Identification: Finding Hidden Path in the Environment-Intensive Program,” Chinese Journal of Electronics, vol. 24, no. 3, pp. 480-486, 2015, doi: 10.1049/cje.2015.07.007
Citation: LEI Xue, HUANG Wei, FANWenqing, et al., “Input Generation via Taintdata Identification: Finding Hidden Path in the Environment-Intensive Program,” Chinese Journal of Electronics, vol. 24, no. 3, pp. 480-486, 2015, doi: 10.1049/cje.2015.07.007

Input Generation via Taintdata Identification: Finding Hidden Path in the Environment-Intensive Program

doi: 10.1049/cje.2015.07.007
Funds:  This work is supported by National Natural Science Foundation of China (No.61121061).
  • Received Date: 2014-10-28
  • Rev Recd Date: 2015-01-14
  • Publish Date: 2015-07-10
  • Concolic testing is an integrated approach of symbolic execution and dynamic analysis, which is widely adopted by security researchers for program behavior analysis. This approach fails on hidden path discovery of environment-intensive program. We investigated on existing concolic testing tools and found out that several of them does not take this issue into account while others solved this issue with overloaded working model. We proposed a systematic and unified approach of automatically identifying and modifying the output of the Data input interacting functions (DIIF) based on fine-grained taint analysis, which detects and updates the data interacting with the runtime environment and generating a new customized set of inputs to execute hidden paths, to reveal the hidden paths on only particular runtime configuration or context. A prototype was developed and evaluated with a set of complex and environment-intensive programs. The experimental result demonstrated that our approach could detect the DIIF precisely and improve the code coverage.
  • loading
  • K. Sen, D. Marinov and G. Agha, "CUTE: A concolic unit testing engine for C", Proc. of 10th European Software Engineering Conference (ESEC) and ACM SIGSOFT Symposium on the Foundations of Software Engineering, Lisbon, Portugal, Vol.30, No.5, pp.263-272, 2005.
    Saxena, Prateek, et al., "Loop-extended symbolic execution on binary programs", Proc. of the 18th International Symposium on Software Testing and Analysis, New York, NY, USA, pp.225-236, 2009.
    P. Godefroid, N. Klarlund and K. Sen, "DART: Directed automated random testing", Proc. of the ACM SIGPLAN Conference on Programming Language Design and Implementation, New York, NY, USA, Vol.40, No.6, pp.213-223, 2005.
    Dawn Song, et al., "TEMU: The BitBlaze dynamic analysis component", available at http://bitblaze.cs.berkeley.edu/temu, 2008-12.
    David Brumley, et al., "Vine: The BitBlaze static analysis component", available at http://bitblaze.cs.berkeley.edu/vine, 2008- 12.
    Dawn Song, et al., "BitBlaze: Binary analysis for computer security", available at http://bitblaze.cs.berkeley.edu/, 2008-12.
    M. Pietrek, "Inside Windows: An in-depth look into the Win32 portable executable file format", the February 2002 issue of MSDN magazine, pp.80-92, 2002.
    J.Y. Xu, A.H. Sung, P. Chavez and S. Mukkamala, "Polymorphic malicious executable scanner by API sequence analysis", Proc of of the 4th International Conference on Hybrid Intelligent Systems, Washington, DC, USA, pp.378-383, 2004.
    Guide, Part, "Intel 64 and IA-32 architectures software developer manuals", available at http://download.intel.com/design/ processor/manuals/253668.pdf, Vol.2A, pp.387-390, 2011-5.
    C. Cadar, V. Ganesh, P.M. Pawlowski, D.L. Dill and D.R. Engler, "EXE: Automatically generating inputs of death", Proc. of the 13th ACM Conference on Computer and Communications Security, New York, NY, USA, pp.322-335, 2006.
    V. Ganesh and D.L. Dill, "A decision procedure for bit-vectors and arrays", Proc. of the 19th International Conference on Computer Aided Verification, Berlin, Heidelberg, Germany, pp.519-531, 2007.
    Wikipedia, "x86 calling conventions", available at http:// en.wikipedia.org/wiki/X86 calling conventions, 2008-2.
    Philip Hazel, "PCRE-Perl compatible regular expressions", available at http://www.pcre.org, 2015-1-6.
    "AbiWord", available at http://www.abisource.com, 2014-12-23.
    "Angry IP Scanner", available at http://ourceforge.net/projects/ ipscan/?source=directory, 2014-9-30.
    "Double Commander", available at http://sourceforge.net/projects/ doublecmd/?source=directory, 2015-3-28.
    Matthias Ettrich, "metafile2eps", available at http://www.lyx. org, 2015-2-10.
    "MiniWeb HTTP server", available at http://sourceforge.net/ projects/miniweb/?source=typ redirect, 2013-3-9.
    Kristian Høgsberg, "Poppler", available at http://poppler.freedesktop. org, 2015-3-7.
    "Process Hacker", available at http://sourceforge.net/projects/ processhacker/?source=typ redirect, 2015-4-24.
    B. Cui, X. Liang, B. Zhao, et al., "Detecting integer overflow vulnerabilities in binary executables based on target filtering and dynamic taint tracing", Chinese Journal of Electronics, Vol.23, No.2, pp.348-352, 2014.
    K. Chen and Y.J. Zhang, "Statically-directed dynamic taint analysis", Chinese Journal of Electronics, Vol.23, No.1, pp.18- 24, 2014.
    C. Cadar, et al., "KLEE: Unassisted and automatic generation of high-coverage tests for complex systems programs", Proc. of the 8th USENIX Conference on Operating Systems Design and Implementation, Berkeley, CA, USA, Vol.8, pp.209-224, 2008.
    V. Chipounov, V. Kuznetsov and G. Candea, "S2E: A platform for in-vivo multi-path analysis of software systems", Proc. of the 16th International Conference on Architectural Support for Programming Languages and Operating Systems, New York, NY, USA, Vol.39, No.1, pp.265-278, 2011.
    Z. Liang, H. Yin and D. Song, "HookFinder: Identifying and understanding malware hooking behaviors", Department of Electrical and Computing Engineering, pp.41, 2008.
    J. Caballero, et al., "Input generation via decomposition and re-stitching: Finding bugs in malware", Proc. of the 17th ACM Conference on Computer and Communications Security, Chicago, Illinois, USA, pp.413-426, 2010.
  • 加载中


    通讯作者: 陈斌, bchen63@163.com
    • 1. 

      沈阳化工大学材料科学与工程学院 沈阳 110142

    1. 本站搜索
    2. 百度学术搜索
    3. 万方数据库搜索
    4. CNKI搜索

    Article Metrics

    Article views (394) PDF downloads(793) Cited by()
    Proportional views


    DownLoad:  Full-Size Img  PowerPoint