A taxonomy of computer program security flaws
ACM Computing Surveys (CSUR)
CCured: type-safe retrofitting of legacy code
POPL '02 Proceedings of the 29th ACM SIGPLAN-SIGACT symposium on Principles of programming languages
ATEC '02 Proceedings of the General Track of the annual conference on USENIX Annual Technical Conference
CIL: Intermediate Language and Tools for Analysis and Transformation of C Programs
CC '02 Proceedings of the 11th International Conference on Compiler Construction
ITS4: A static vulnerability scanner for C and C++ code
ACSAC '00 Proceedings of the 16th Annual Computer Security Applications Conference
Demand-driven structural testing with dynamic instrumentation
Proceedings of the 27th international conference on Software engineering
DART: directed automated random testing
Proceedings of the 2005 ACM SIGPLAN conference on Programming language design and implementation
CUTE: a concolic unit testing engine for C
Proceedings of the 10th European software engineering conference held jointly with 13th ACM SIGSOFT international symposium on Foundations of software engineering
EXE: automatically generating inputs of death
Proceedings of the 13th ACM conference on Computer and communications security
Compositional dynamic test generation
Proceedings of the 34th annual ACM SIGPLAN-SIGACT symposium on Principles of programming languages
Statically detecting likely buffer overflow vulnerabilities
SSYM'01 Proceedings of the 10th conference on USENIX Security Symposium - Volume 10
Address obfuscation: an efficient approach to combat a board range of memory error exploits
SSYM'03 Proceedings of the 12th conference on USENIX Security Symposium - Volume 12
StackGuard: automatic adaptive detection and prevention of buffer-overflow attacks
SSYM'98 Proceedings of the 7th conference on USENIX Security Symposium - Volume 7
Better bug reporting with better privacy
Proceedings of the 13th international conference on Architectural support for programming languages and operating systems
Testing for buffer overflows with length abstraction
ISSTA '08 Proceedings of the 2008 international symposium on Software testing and analysis
BitBlaze: A New Approach to Computer Security via Binary Analysis
ICISS '08 Proceedings of the 4th International Conference on Information Systems Security
Taint-based directed whitebox fuzzing
ICSE '09 Proceedings of the 31st International Conference on Software Engineering
Loop-extended symbolic execution on binary programs
Proceedings of the eighteenth international symposium on Software testing and analysis
Demand-driven compositional symbolic execution
TACAS'08/ETAPS'08 Proceedings of the Theory and practice of software, 14th international conference on Tools and algorithms for the construction and analysis of systems
TaintScope: A Checksum-Aware Directed Fuzzing Tool for Automatic Software Vulnerability Detection
SP '10 Proceedings of the 2010 IEEE Symposium on Security and Privacy
KLEE: unassisted and automatic generation of high-coverage tests for complex systems programs
OSDI'08 Proceedings of the 8th USENIX conference on Operating systems design and implementation
| Hi-index | 0.00 |
Security testing aims at detecting program security flaws through a set of test cases and has become an active area of research. The challenge is how to efficiently produce test cases that are highly effective in detecting security flaws. This paper presents a novel distributed demand-driven security testing system to address this challenge. It leverages how end users use the software to increase the coverage of essential paths for security testing. The proposed system consists of many client sites and one testing site. The software under test is installed at each client site. Whenever a new path is about to be exercised by a user input, it will be sent to the testing site for security testing. At the testing site, symbolic execution is used to check any potential vulnerability on this new path. If a vulnerability is detected, a signature is automatically generated and updated to all client sites for protection. The benefits are as follows. First, it allows us to focus testing on essential paths, i.e., the paths that are actually being explored by users or attackers. Second, it stops an attacker from exploiting an unreported vulnerability at the client site. A prototype system has been implemented to evaluate the performance of the proposed system. The results show that it is both effective and efficient in practice.