By Topic

Decoupling Binary-Level Dynamic Test Generation from Specific Architecture Details

Sign In

Cookies must be enabled to login.After enabling cookies , please use refresh or reload or ctrl+f5 on the browser for the login options.

Formats Non-Member Member
$31 $13
Learn how you can qualify for the best price for this item!
Become an IEEE Member or Subscribe to
IEEE Xplore for exclusive pricing!
close button

puzzle piece

IEEE membership options for an individual and IEEE Xplore subscriptions for an organization offer the most affordable access to essential journal articles, conference papers, standards, eBooks, and eLearning courses.

Learn more about:

IEEE membership

IEEE Xplore subscriptions

5 Author(s)
Gen Li ; Sch. of Comput., Nat. Univ. of Defence Technol., Changsha, China ; Kai Lu ; Ying Zhang ; Xicheng Lu
more authors

Dynamic test generation approach is becoming increasingly popular to find security vulnerabilities in software. More and more research institutes and organizations use this approach to find security vulnerabilities in binary code. However, the existing binary level dynamic test generation approaches and tools are not retargetable, and can only find vulnerabilities in binaries for a specific ISA. This paper presents a new binary-level dynamic test generation technique and a tool, ReTBLDTG, short for retargetable binary-level dynamic test generation, that implements this technique. Unlike other such techniques that can operate only on binaries in a specific ISA, ReTBLDTG takes binaries of any ISAs as input and dynamically generates new inputs that exercise different control paths in the program, which may lead to security vulnerabilities. ReTBLDTG defines a meta instruction set architecture (MetalSA); ReTBLDTG maps the execution information, which is collected during the binary source code execution, to MetalSA; and symbolic execution, constraint collection and constraint solver operates on MetalSA, thus making these processes ISA-independent. We have implemented our ReTBLDTG, retargeted it to 32-bit x86, PowerPC and Sparc ISAs, and used it to automatically find the six known bugs in the six benchmarks. Our results indicate that our ReTBLDTG can be easily retargeted to any ISA with only a few overheads; and ReTBLDTG can effectively find bugs located deep within large applications from their binaries for 32-bit x86, PowerPC or Sparc ISA.

Published in:

Computer Sciences and Convergence Information Technology, 2009. ICCIT '09. Fourth International Conference on

Date of Conference:

24-26 Nov. 2009