讲座信息
7.03 | 漏洞驱动的混合软件测试
2019.06.28
演讲者 徐军
头衔职位 博士,助理教授,史蒂文斯理工学院
时间 2019 年 7 月 3 日 10:00 -11:30
地点 复旦大学张江校区,软件楼 102 第二会议室
联系人 张源 yuanxzhang@fudan.edu.cn

演讲简介

Hybrid testing leverages fuzz testing to test easy-to-reach code regions and uses concolic execution to explore code blocks guarded by complex branch conditions. As a result, hybrid testing is able to reach deeper into program state space than fuzz testing or concolic execution alone. However, the design of hybrid testing has been coverage-centric, leading to inefficiency in bug coverage and deficient in bug triggering. In this talk, I will present SAVIOR, a new hybrid testing framework pioneering a bug-driven principle. Unlike the existing hybrid testing tools, SAVIOR prioritizes the concolic execution of the seeds that are likely to uncover more vulnerabilities. Moreover, SAVIOR verifies all vulnerable program locations along the executing program path. By modeling faulty situations using SMT constraints, SAVIOR reasons the feasibility of vulnerabilities and generates concrete test cases as proofs. Our evaluation shows that the bug-driven approach outperforms mainstream automated testing techniques, including state-of-the-art hybrid testing systems driven by code coverage. According to the evaluation on 11 well fuzzed benchmark programs, within the first 24 hours, SAVIOR triggers 481 UBSAN violations, among which 243 are real bugs.

关于讲者

Jun Xu is an Assistant Professor in the Computer Science Department at Stevens Institute of Technology. He received his PhD degree from Pennsylvania State University and his bachelor degree from USTC. His research mainly lies in the areas of software security and system security. He has published many papers at top-tier cyber security conferences, including IEEE S&P, ACM CCS and USENIX Security. His recent research focuses are automated software testing and binary code analysis. He is a recipient of ACM CCS Outstanding Paper Award, Penn State Alumni Dissertation Award, RSA Security Scholar Award and USTC Guo-moruo Scholarship.
© 2019 复旦大学计算机科学技术学院 地址:上海市张衡路825号 Tell:+86-21-51355555 Fax:+86-21-51355558 Emall:cs_school@fudan.edu.cn
复旦大学计算机科学技术学院
扫一扫了解学院