Software Vulnerabilities Detection Based on Random Programming

Bo Wu,Meng Jun Li,Bin Zhang,Chao Feng,Quan Zhang,Chao Jing Tang
DOI: https://doi.org/10.4028/www.scientific.net/amm.571-572.553
2014-01-01
Applied Mechanics and Materials
Abstract:Despite many automatic vulnerability detection approaches have been well documented, existing solutions for discovering software vulnerabilities in binary software are still difficult and time consuming. In this paper we present an approach based on random programming that works to quickly discover vulnerability in programmable binary software. By extracting the code snippets for special features and fixed API usages, we can get a set of original functional templates, and then we randomize the mutable factors in those templates. After that we reasonably make combination of those templates to produce final test templates. Finally, by concretizing the random factors we execute those test templates and monitor the software be tested to discover vulnerabilities. By template programming we can produce more reasonable test case, which makes our approach more effective than other solutions.
What problem does this paper attempt to address?