A Novel Method Makes Concolic System More Effective

摘要

Fuzzing is attractive for finding vulnerabilities in binary programs. However, when the application's input space is huge, fuzzing cannot deal with it well. For discovering vulnerabilities more effective, researchers came up concolic testing, and there are much researches on it recently. A common limitation of concolic systems designed to create inputs is that they often concentrate on path-coverage and struggle to exercise deeper paths in the executable under test, but ignore to find those test cases which can trigger the vulnerabilities. In this paper, we present TSM, a novel method for finding potential vulnerabilities in concolic systems, which can help concolic systems more effective for hunting vulnerabilities. We implemented TSM method on a wide-used concolic testing tool-Fuzzgrind, and the evaluation experiments show that TSM can make Fuzzgrind hunt bugs quickly in real-world software, which are hardly found ever before.