Learning regular sets from queries and counterexamples
Information and Computation
Symbolic execution and program testing
Communications of the ACM
Automatic predicate abstraction of C programs
Proceedings of the ACM SIGPLAN 2001 conference on Programming language design and implementation
Introduction to Algorithms
Smart simulation using collaborative formal and simulation engines
Proceedings of the 2000 IEEE/ACM international conference on Computer-aided design
Efficient conflict driven learning in a boolean satisfiability solver
Proceedings of the 2001 IEEE/ACM international conference on Computer-aided design
Query learning of subsequential transducers
ICG! '96 Proceedings of the 3rd International Colloquium on Grammatical Inference: Learning Syntax from Sentences
FORTE XII / PSTV XIX '99 Proceedings of the IFIP TC6 WG6.1 Joint International Conference on Formal Description Techniques for Distributed Systems and Communication Protocols (FORTE XII) and Protocol Specification, Testing and Verification (PSTV XIX)
DART: directed automated random testing
Proceedings of the 2005 ACM SIGPLAN conference on Programming language design and implementation
CUTE: a concolic unit testing engine for C
Proceedings of the 10th European software engineering conference held jointly with 13th ACM SIGSOFT international symposium on Foundations of software engineering
SYNERGY: a new algorithm for property checking
Proceedings of the 14th ACM SIGSOFT international symposium on Foundations of software engineering
Polyglot: automatic extraction of protocol message format using dynamic binary analysis
Proceedings of the 14th ACM conference on Computer and communications security
Design, deployment, and use of the DETER testbed
DETER Proceedings of the DETER Community Workshop on Cyber Security Experimentation and Test on DETER Community Workshop on Cyber Security Experimentation and Test 2007
Discoverer: automatic protocol reverse engineering from network traces
SS'07 Proceedings of 16th USENIX Security Symposium on USENIX Security Symposium
The Spec# Programming System: Challenges and Directions
Verified Software: Theories, Tools, Experiments
EXE: Automatically Generating Inputs of Death
ACM Transactions on Information and System Security (TISSEC)
Tupni: automatic reverse engineering of input formats
Proceedings of the 15th ACM conference on Computer and communications security
Prospex: Protocol Specification Extraction
SP '09 Proceedings of the 2009 30th IEEE Symposium on Security and Privacy
Dispatcher: enabling active botnet infiltration using automatic protocol reverse-engineering
Proceedings of the 16th ACM conference on Computer and communications security
FM '09 Proceedings of the 2nd World Congress on Formal Methods
Software verification with BLAST
SPIN'03 Proceedings of the 10th international conference on Model checking software
Model-based testing of object-oriented reactive systems with spec explorer
Formal methods and testing
ReFormat: automatic reverse engineering of encrypted messages
ESORICS'09 Proceedings of the 14th European conference on Research in computer security
Grammatical Inference: Learning Automata and Grammars
Grammatical Inference: Learning Automata and Grammars
Insights from the inside: a view of botnet management from infiltration
LEET'10 Proceedings of the 3rd USENIX conference on Large-scale exploits and emergent threats: botnets, spyware, worms, and more
KLEE: unassisted and automatic generation of high-coverage tests for complex systems programs
OSDI'08 Proceedings of the 8th USENIX conference on Operating systems design and implementation
Inference and analysis of formal models of botnet command and control protocols
Proceedings of the 17th ACM conference on Computer and communications security
Execution generated test cases: how to make systems code crash itself
SPIN'05 Proceedings of the 12th international conference on Model Checking Software
make test-zesti: a symbolic execution solution for improving regression testing
Proceedings of the 34th International Conference on Software Engineering
A software-hardware architecture for self-protecting data
Proceedings of the 2012 ACM conference on Computer and communications security
PeerPress: utilizing enemies' P2P strength against them
Proceedings of the 2012 ACM conference on Computer and communications security
Symbolic learning of component interfaces
SAS'12 Proceedings of the 19th international conference on Static Analysis
Sigma*: symbolic learning of input-output specifications
POPL '13 Proceedings of the 40th annual ACM SIGPLAN-SIGACT symposium on Principles of programming languages
Bridging pre- and post-silicon debugging with BiPeD
Proceedings of the International Conference on Computer-Aided Design
Hybrid learning: interface generation through static, dynamic, and symbolic analysis
Proceedings of the 2013 International Symposium on Software Testing and Analysis
AppIntent: analyzing sensitive data transmission in android for privacy leakage detection
Proceedings of the 2013 ACM SIGSAC conference on Computer & communications security
MetaSymploit: day-one defense against script-based attacks with security-enhanced symbolic analysis
SEC'13 Proceedings of the 22nd USENIX conference on Security
Explicating SDKs: uncovering assumptions underlying secure authentication and authorization
SEC'13 Proceedings of the 22nd USENIX conference on Security
Hi-index | 0.00 |
Programstate-space exploration is central to software security, testing, and verification. In this paper, we propose a novel technique for state-space exploration of software that maintains an ongoing interaction with its environment. Our technique uses a combination of symbolic and concrete execution to build an abstract model of the analyzed application, in the form of a finite-state automaton, and uses the model to guide further state-space exploration. Through exploration, MACE further refines the abstract model. Using the abstract model as a scaffold, our technique wields more control over the search process. In particular: (1) shifting search to different parts of the search-space becomes easier, resulting in higher code coverage, and (2) the search is less likely to get stuck in small local state-subspaces (e.g., loops) irrelevant to the application's interaction with the environment. Preliminary experimental results show significant increases in the code coverage and exploration depth. Further, our approach found a number of new deep vulnerabilities.