BRANCH COVERAGE GUIDED SYMBOLIC EXECUTION FOR HYBRID FUZZ TESTING OF SOFTWARE BINARIES

摘要

To provide a method and a system for branch coverage guided symbolic execution for hybrid fuzzing.SOLUTION: An example computer-implemented method may include: receiving seed input of a binary program under analysis (BPUA) that is discovered during testing by a greybox fuzzer; concretely executing the seed input in the BPUA; collecting a trace resulting from the concrete execution of the seed input; determining whether the concrete execution of the seed input discovers a new branch; responsive to a determination that the concrete execution of the seed input discovers a new branch, updating a bitmap to indicate that the new branch is discovered, where the bitmap is utilized by the greybox fuzzer to maintain a record of the discovered branches in the BPUA; and providing the seed input to the greybox fuzzer.SELECTED DRAWING: Figure 3