EWFT:Execution-based Whitebox Fuzzing for Executables

Ying WANG,Li-ze GU,Yi-xian YANG,Yu-xin DONG
DOI: https://doi.org/10.3969/j.issn.0372-2112.2014.10.023
2014-01-01
Abstract:The dynamic testing for automaticlly identifing security vulnerabilities in binary executables has received increas-ingly interest in recent years .In this paper ,we present a new automated whitebox fuzzing tool EWFT (Execution-based Whitebox Fuzzing Tool ) ,which implements dynamic symbolic execution and taint tracing techniques during program execution .Our contribu-tions are:1 )we propose a ROBDD (Reduced Ordered Binary Decision Diagram )-based approach to analyse execution process ,2 )we introduce a new path weight analysis algorithm (PWA )for searching path space and automating test data generation ,and 3 )we build a prototype tool that automatically finds software vulnerabilities .Results of our experiments show that execution-based whitebox fuzzing is powerful to identify variety of security vulnerabilities in real applications .Compared to the related work in the research area ,it explored deeper program paths on the average ,and achieved higher structural coverage .
What problem does this paper attempt to address?