Tutorial: DeepState: Bringing Vulnerability Detection Tools into the Development Cycle

摘要

Traditionally, methods such as binary analysis, symbolic execution, and fuzzing have been used in a context that is strongly geared towards discovering existing vulnerabilities, rather than use in the development cycle to prevent vulnerabilities from arising. Unit testing, in contrast, is firmly in place as part of the development cycle, but is usually very limited in its ability to explore "deep" paths in a system, or expose completely un-anticipated aspects of system behavior. Incorporating the tools used for vulnerability discovery into the development cycle requires large expansion in the expertise that developers must possess, and significant changes in their practices. DeepState is an open-source tool that provides a Google Test-like API to give C and C++ developers push-button access to symbolic execution engines, such as Manticore and angr, and fuzzers, such as Dr. Fuzz. Rather than learning multiple complex tools, developers can learn one (familiar) interface for defining a test harness, and can use tools built to find security vulnerabilities to automatically generate more powerful unit tests for software, in an approach that merges traditional unit testing, security analysis methods, and property-based testing. This tutorial will show how to use DeepState in development, including to produce complex library and API tests, and how to take advantage of both the ability to easily apply multiple security-oriented back-ends for test generation during development and the novel strategies for improving back-end performance provided by DeepState.