Discover deeper bugs with dynamic symbolic execution and coverage-based fuzz testing

Coverage-based fuzz testing and dynamic symbolic execution are both popular program testing techniques. However, on their own, both techniques suffer from scalability problems when considering the complexity of modern software. Hybrid testing methods attempt to mitigate these problems by leveraging...

Celý popis

Uloženo v:
Podrobná bibliografie
Vydáno v:IET software Ročník 12; číslo 6; s. 507 - 519
Hlavní autoři: Zhang, Bin, Feng, Chao, Herrera, Adrian, Chipounov, Vitaly, Candea, George, Tang, Chaojing
Médium: Journal Article
Jazyk:angličtina
Vydáno: The Institution of Engineering and Technology 01.12.2018
Témata:
coverage-based fuzz testing
deeper bugs
dynamic symbolic execution
execution paths
fuzzy set theory
hybrid testing methods
lazy symbolic pointer concretisation method
modern software complexity
off-the-shelf vulnerability detection tools
popular program testing techniques
program debugging
program structures
program testing
Research Article
security of data
seed files
seed selection method
symbolic loop bucket optimisation
vanilla fuzz testing
program debugging
program testing
seed files
fuzzy set theory
deeper bugs
vanilla fuzz testing
execution paths
seed selection method
modern software complexity
security of data
symbolic loop bucket optimisation
lazy symbolic pointer concretisation method
program structures
coverage-based fuzz testing
popular program testing techniques
dynamic symbolic execution
off-the-shelf vulnerability detection tools
hybrid testing methods
ISSN:1751-8806, 1751-8814, 1751-8814
On-line přístup:Získat plný text
Tagy: Přidat tag
Žádné tagy, Buďte první, kdo vytvoří štítek k tomuto záznamu!
Abstract Coverage-based fuzz testing and dynamic symbolic execution are both popular program testing techniques. However, on their own, both techniques suffer from scalability problems when considering the complexity of modern software. Hybrid testing methods attempt to mitigate these problems by leveraging dynamic symbolic execution to assist fuzz testing. Unfortunately, the efficiency of such methods is still limited by specific program structures and the schedule of seed files. In this study, the authors introduce a novel lazy symbolic pointer concretisation method and a symbolic loop bucket optimisation to mitigate path explosion caused by dynamic symbolic execution in hybrid testing. They also propose a distance-based seed selection method to rearrange the seed queue of the fuzzer engine in order to achieve higher coverage. They implemented a prototype and evaluate its ability to find vulnerabilities in software and cover new execution paths. They show on different benchmarks that it can find more crashes than other off-the-shelf vulnerability detection tools. They also show that the proposed method can discover 43% more unique paths than vanilla fuzz testing.
AbstractList Coverage‐based fuzz testing and dynamic symbolic execution are both popular program testing techniques. However, on their own, both techniques suffer from scalability problems when considering the complexity of modern software. Hybrid testing methods attempt to mitigate these problems by leveraging dynamic symbolic execution to assist fuzz testing. Unfortunately, the efficiency of such methods is still limited by specific program structures and the schedule of seed files. In this study, the authors introduce a novel lazy symbolic pointer concretisation method and a symbolic loop bucket optimisation to mitigate path explosion caused by dynamic symbolic execution in hybrid testing. They also propose a distance‐based seed selection method to rearrange the seed queue of the fuzzer engine in order to achieve higher coverage. They implemented a prototype and evaluate its ability to find vulnerabilities in software and cover new execution paths. They show on different benchmarks that it can find more crashes than other off‐the‐shelf vulnerability detection tools. They also show that the proposed method can discover 43% more unique paths than vanilla fuzz testing.
Author Candea, George
Tang, Chaojing
Zhang, Bin
Chipounov, Vitaly
Herrera, Adrian
Feng, Chao
Author_xml – sequence: 1
  givenname: Bin
  surname: Zhang
  fullname: Zhang, Bin
  organization: 2School of Computer and Communication Sciences, École Polytechnique Fédérale de Lausanne (EPFL), Lausanne, Switzerland
– sequence: 2
  givenname: Chao
  surname: Feng
  fullname: Feng, Chao
  email: binzh4ng@hotmail.com
  organization: 1School of Electronic Science and Engineering, National University of Defense Technology (NUDT), Changsha, Hunan, People's Republic of China
– sequence: 3
  givenname: Adrian
  surname: Herrera
  fullname: Herrera, Adrian
  organization: 2School of Computer and Communication Sciences, École Polytechnique Fédérale de Lausanne (EPFL), Lausanne, Switzerland
– sequence: 4
  givenname: Vitaly
  surname: Chipounov
  fullname: Chipounov, Vitaly
  organization: 3Cyberhaven, Inc., 401 Park Drive, Suite 811 Boston, MA 02215, USA
– sequence: 5
  givenname: George
  surname: Candea
  fullname: Candea, George
  organization: 2School of Computer and Communication Sciences, École Polytechnique Fédérale de Lausanne (EPFL), Lausanne, Switzerland
– sequence: 6
  givenname: Chaojing
  surname: Tang
  fullname: Tang, Chaojing
  organization: 1School of Electronic Science and Engineering, National University of Defense Technology (NUDT), Changsha, Hunan, People's Republic of China
BookMark eNqFkMtOwzAQRS0EEm3hA9j5B1LGiROn7KBQQKrEgkosLT8mxVXqVHFKSb-ehCIWLMrq3sWcmdEZklNfeSTkisGYAZ9cO2yigH4cAxNjiAFOyICJlEV5zvjpb4fsnAxDWAGkaZpMBmRx74KpPrCmFnHThd4uA9255p3a1qu1MzS0a12VXcFPNNvGVZ4qb-k3pZYYaRXQ0mK739MGQ-P88oKcFaoMePmTI7KYPSymT9H85fF5ejuPTCIEjzCPE5twpq2wJgalMNex0hijUQIKBinLVWZtAZMk5jzloI3NM5FqlaERyYiIw1pTVyHUWEjjGtU_2NTKlZKB7N3Izo3s3MjejezddCT7Q25qt1Z1e5S5OTA7V2L7PyBfZ2_x3QyA5byDowPcj62qbe07L0eOfQGNBI58
CitedBy_id crossref_primary_10_1016_j_infsof_2020_106452
crossref_primary_10_1109_ACCESS_2021_3114202
Cites_doi 10.1007/978-3-540-78800-3_27
10.1145/1985793.1985995
10.14722/ndss.2015.23294
10.1145/360248.360252
10.1007/978-3-540-89862-7_1
10.1145/2568225.2568293
10.1109/TSE.1984.5010257
10.1109/ICSE.2009.5070546
10.14722/ndss.2017.23404
10.1007/978-3-642-14295-6_27
10.1145/1095430.1081750
10.1109/ASE.2017.8115671
10.1007/978-3-642-22110-1_37
10.1109/SP.2016.15
10.1145/2786805.2803205
10.1145/96267.96279
10.1109/ICSE.2001.919106
10.1109/COMPSAC.2015.99
10.1109/SP.2012.31
10.1145/2857705.2857720
10.1016/j.infsof.2008.08.007
10.14722/ndss.2016.23368
10.1016/j.jss.2011.07.028
10.1109/SP.2015.58
10.1145/1950365.1950396
10.18293/SEKE2015-115
10.1145/1180405.1180445
10.1145/2810103.2813604
10.1109/MS.2008.109
10.1109/SP.2010.26
10.1007/978-3-642-23602-0_9
10.1109/32.962562
10.1109/TSE.2003.1183927
10.1145/2090147.2094081
10.1109/TDSC.2012.10
10.1145/2408776.2408795
10.1109/CGO.2004.1281665
10.1109/SP.2010.37
10.1109/ICSE.2007.41
10.1145/2560217.2560219
ContentType Journal Article
Copyright The Institution of Engineering and Technology
2018 The Institution of Engineering and Technology
Copyright_xml – notice: The Institution of Engineering and Technology
– notice: 2018 The Institution of Engineering and Technology
DBID AAYXX
CITATION
DOI 10.1049/iet-sen.2017.0200
DatabaseName CrossRef
DatabaseTitle CrossRef
DatabaseTitleList CrossRef
DeliveryMethod fulltext_linktorsrc
Discipline Computer Science
EISSN 1751-8814
EndPage 519
ExternalDocumentID 10_1049_iet_sen_2017_0200
SFW2BF00184
Genre article
GroupedDBID 0R
24P
29I
3V.
4.4
4IJ
5GY
6IK
8AL
8FE
8FG
8VB
AAJGR
ABJCF
ABPTK
ABUWG
ACDCL
ACGFS
ACIWK
AENEX
AFKRA
ALMA_UNASSIGNED_HOLDINGS
ARAPS
AZQEC
BENPR
BFFAM
BGLVJ
BPHCQ
CS3
DU5
DWQXO
EBS
EJD
ESX
GNUQQ
GOZPB
GRPMH
HCIFZ
HZ
IFIPE
IPLJI
JAVBF
K6V
K7-
L6V
LAI
LOTEE
LXI
M0N
M43
M7S
MS
NADUK
NXXTH
O9-
OCL
P62
PQEST
PQQKQ
PQUKI
PROAC
PTHSS
QWB
RIE
RNS
RUI
U5U
UNMZH
UNR
ZL0
.DC
0R~
0ZK
1OC
2QL
96U
AAHJG
AAMMB
ABMDY
ABQXS
ACCMX
ACESK
ACGFO
ACXQS
ADEYR
AEFGJ
AEGXH
AFAZI
AGXDD
AIDQK
AIDYY
ALUQN
AVUZU
CCPQU
F8P
GROUPED_DOAJ
HZ~
IAO
IDLOA
ITC
K1G
MCNEO
MS~
OK1
PHGZM
PHGZT
PQGLB
PUEGO
WIN
AAYXX
AFFHD
CITATION
ID FETCH-LOGICAL-c3774-e823d341bd7dc20aae8b2abe2eca70f10518a6ddf093244540bcd8675ba6ec73
IEDL.DBID 24P
ISICitedReferencesCount 4
ISICitedReferencesURI http://www.webofscience.com/api/gateway?GWVersion=2&SrcApp=Summon&SrcAuth=ProQuest&DestLinkType=CitingArticles&DestApp=WOS_CPL&KeyUT=000452742700008&url=https%3A%2F%2Fcvtisr.summon.serialssolutions.com%2F%23%21%2Fsearch%3Fho%3Df%26include.ft.matches%3Dt%26l%3Dnull%26q%3D
ISSN 1751-8806
1751-8814
IngestDate Tue Nov 18 22:00:25 EST 2025
Wed Oct 29 21:07:01 EDT 2025
Tue Sep 09 05:10:05 EDT 2025
Tue Jan 05 21:44:26 EST 2021
IsDoiOpenAccess false
IsOpenAccess true
IsPeerReviewed true
IsScholarly true
Issue 6
Keywords program debugging
program testing
seed files
fuzzy set theory
deeper bugs
vanilla fuzz testing
execution paths
seed selection method
modern software complexity
security of data
symbolic loop bucket optimisation
lazy symbolic pointer concretisation method
program structures
coverage-based fuzz testing
popular program testing techniques
dynamic symbolic execution
off-the-shelf vulnerability detection tools
hybrid testing methods
Language English
LinkModel DirectLink
MergedId FETCHMERGED-LOGICAL-c3774-e823d341bd7dc20aae8b2abe2eca70f10518a6ddf093244540bcd8675ba6ec73
OpenAccessLink http://infoscience.epfl.ch/record/262687
PageCount 13
ParticipantIDs wiley_primary_10_1049_iet_sen_2017_0200_SFW2BF00184
crossref_citationtrail_10_1049_iet_sen_2017_0200
crossref_primary_10_1049_iet_sen_2017_0200
iet_journals_10_1049_iet_sen_2017_0200
ProviderPackageCode RUI
PublicationCentury 2000
PublicationDate December 2018
PublicationDateYYYYMMDD 2018-12-01
PublicationDate_xml – month: 12
  year: 2018
  text: December 2018
PublicationDecade 2010
PublicationTitle IET software
PublicationYear 2018
Publisher The Institution of Engineering and Technology
Publisher_xml – name: The Institution of Engineering and Technology
References Avgerinos, T.; Cha, S.K.; Rebert, A. (C32) 2014; 57
Rothermel, G.; Untch, R.H.; Chu, C. (C49) 2001; 27
Jones, J.A.; Harrold, M.J. (C47) 2003; 29
King, J.C. (C22) 1976; 19
Duran, J.W.; Ntafos, S.C. (C1) 1984; SE-10
Godefroid, P.; de Halleux, P.; Nori, A.V. (C6) 2008; 25
Cadar, C.; Sen, K. (C23) 2013; 56
Bishop, M.; Engle, S.; Howard, D. (C41) 2012; 9
Zhang, D.; Liu, D.; Lei, Y. (C48) 2012; 85
Krishnamoorthi, R.; Sahaaya Arul Mary, S.A. (C51) 2009; 51
Godefroid, P.; Levin, M.Y.; Molnar, D. (C11) 2012; 10
2012
2011
2010
2009
2008
2007
2006
2005
2004
2001; 27
2012; 10
2009; 51
1990
2001
2013; 56
2008; 25
1984
2017
2014; 57
2016
2015
2003; 29
2014
2013
2012; 85
1976; 19
2012; 9
e_1_2_9_31_1
e_1_2_9_52_1
e_1_2_9_50_1
e_1_2_9_10_1
e_1_2_9_35_1
e_1_2_9_56_1
e_1_2_9_12_1
e_1_2_9_33_1
e_1_2_9_54_1
Sutton M. (e_1_2_9_4_1) 2007
e_1_2_9_14_1
e_1_2_9_39_1
e_1_2_9_16_1
e_1_2_9_37_1
e_1_2_9_58_1
e_1_2_9_18_1
e_1_2_9_41_1
e_1_2_9_20_1
e_1_2_9_22_1
e_1_2_9_45_1
e_1_2_9_24_1
e_1_2_9_43_1
e_1_2_9_6_1
e_1_2_9_2_1
Neystadt J. (e_1_2_9_8_1) 2008
e_1_2_9_26_1
e_1_2_9_49_1
e_1_2_9_28_1
e_1_2_9_47_1
e_1_2_9_30_1
e_1_2_9_53_1
e_1_2_9_51_1
e_1_2_9_11_1
e_1_2_9_34_1
e_1_2_9_57_1
e_1_2_9_13_1
e_1_2_9_32_1
e_1_2_9_55_1
e_1_2_9_15_1
e_1_2_9_38_1
e_1_2_9_17_1
e_1_2_9_36_1
e_1_2_9_19_1
e_1_2_9_42_1
e_1_2_9_40_1
e_1_2_9_21_1
e_1_2_9_46_1
e_1_2_9_23_1
e_1_2_9_44_1
e_1_2_9_7_1
e_1_2_9_5_1
e_1_2_9_3_1
e_1_2_9_9_1
e_1_2_9_25_1
e_1_2_9_27_1
e_1_2_9_48_1
e_1_2_9_29_1
References_xml – volume: 19
  start-page: 385
  issue: 7
  year: 1976
  end-page: 394
  ident: C22
  article-title: Symbolic execution and program testing
  publication-title: Commun. ACM
– volume: 57
  start-page: 74
  issue: 2
  year: 2014
  end-page: 84
  ident: C32
  article-title: Automatic exploit generation
  publication-title: Commun. ACM
– volume: 10
  start-page: 20
  issue: 1
  year: 2012
  ident: C11
  article-title: Sage: whitebox fuzzing for security testing
  publication-title: Queue
– volume: 29
  start-page: 195
  issue: 3
  year: 2003
  end-page: 209
  ident: C47
  article-title: Test-suite reduction and prioritization for modified condition/decision coverage
  publication-title: IEEE Trans. Softw. Eng.
– volume: 51
  start-page: 799
  issue: 4
  year: 2009
  end-page: 808
  ident: C51
  article-title: Factor oriented requirement coverage based system test case prioritization of new and regression test cases
  publication-title: Inf. Softw. Technol.
– volume: 9
  start-page: 305
  issue: 3
  year: 2012
  end-page: 317
  ident: C41
  article-title: A taxonomy of buffer overflow characteristics
  publication-title: IEEE Trans. Dependable Secur. Comput.
– volume: 56
  start-page: 82
  issue: 2
  year: 2013
  end-page: 90
  ident: C23
  article-title: Symbolic execution for software testing: three decades later
  publication-title: Commun. ACM
– volume: 27
  start-page: 929
  issue: 10
  year: 2001
  end-page: 948
  ident: C49
  article-title: Prioritizing test cases for regression testing
  publication-title: IEEE Trans. Softw. Eng.
– volume: SE-10
  start-page: 438
  issue: 4
  year: 1984
  end-page: 444
  ident: C1
  article-title: An evaluation of random testing
  publication-title: IEEE Trans. Softw. Eng.
– volume: 25
  start-page: 30
  issue: 5
  year: 2008
  end-page: 37
  ident: C6
  article-title: Automating software testing using program analysis
  publication-title: IEEE Softw.
– volume: 85
  start-page: 102
  issue: 1
  year: 2012
  end-page: 111
  ident: C48
  article-title: SimFuzz: test case similarity directed deep fuzzing
  publication-title: J. Syst. Softw.
– start-page: 460
  year: 2015
  end-page: 471
  article-title: Craxfuzz: target-aware symbolic fuzz testing
– start-page: 49
  year: 2013
  end-page: 64
  article-title: Dowsing for overflows: A guided fuzzer to find buffer boundary violations
– start-page: 438
  issue: 4
  year: 1984
  end-page: 444
  article-title: An evaluation of random testing
  publication-title: IEEE Trans. Softw. Eng.
– start-page: 426
  year: 2015
  end-page: 437
  article-title: Vccfinder: finding potential vulnerabilities in open-source projects to assist code audits
– year: 2006
  article-title: Exe: A system for automatically generating inputs of death using symbolic execution
– start-page: 75
  year: 2004
  article-title: Llvm: A compilation framework for lifelong program analysis & transformation
– volume: 57
  start-page: 74
  issue: 2
  year: 2014
  end-page: 84
  article-title: Automatic exploit generation
  publication-title: Commun. ACM
– volume: 25
  start-page: 30
  issue: 5
  year: 2008
  end-page: 37
  article-title: Automating software testing using program analysis
  publication-title: IEEE Softw.
– year: 2014
– start-page: 263
  year: 2005
  end-page: 272
  article-title: Cute: a concolic unit testing engine for c
– start-page: 463
  year: 2011
  end-page: 469
  article-title: Bap: A binary analysis platform
– start-page: 209
  year: 2008
  end-page: 224
  article-title: Klee: unassisted and automatic generation of high-coverage tests for complex systems programs
– volume: 9
  start-page: 305
  issue: 3
  year: 2012
  end-page: 317
  article-title: A taxonomy of buffer overflow characteristics
  publication-title: IEEE Trans. Dependable Secur. Comput.
– year: 2009
  article-title: Intscope: automatically detecting integer overflow vulnerability in x86 binary using symbolic execution
– start-page: 497
  year: 2010
  end-page: 512
  article-title: Taintscope: A checksum-aware directed fuzzing tool for automatic software vulnerability detection
– start-page: 380
  year: 2014
  article-title: Symbolic memory with pointers
– start-page: 866
  year: 2015
  end-page: 879
  article-title: High system-code security with low overhead
– start-page: 906
  year: 2015
  end-page: 909
  article-title: Targeted program transformations for symbolic execution
– volume: 85
  start-page: 102
  issue: 1
  year: 2012
  end-page: 111
  article-title: SimFuzz: test case similarity directed deep fuzzing
  publication-title: J. Syst. Softw.
– year: 2008
– start-page: 317
  year: 2010
  end-page: 331
  article-title: All you ever wanted to know about dynamic taint analysis and forward symbolic execution (but might have been afraid to ask)
– start-page: 1
  year: 2008
  end-page: 25
  article-title: Bitblaze: A new approach to computer security via binary analysis
– start-page: 41
  year: 2005
  end-page: 46
  article-title: QEMU, a fast and portable dynamic translator
– year: 2017
  article-title: Vuzzer: application-aware evolutionary fuzzing
– start-page: 689
  year: 2017
  end-page: 701
  article-title: Cab-fuzz: practical concolic testing techniques for cots operating systems
– start-page: 416
  year: 2007
  end-page: 426
  article-title: Hybrid concolic testing
– start-page: 380
  year: 2012
  end-page: 394
  article-title: Unleashing mayhem on binary code
– start-page: 13
  year: 2011
  end-page: 13
  article-title: Vulnerability extrapolation: assisted discovery of vulnerabilities using machine learning
– volume: 51
  start-page: 799
  issue: 4
  year: 2009
  end-page: 808
  article-title: Factor oriented requirement coverage based system test case prioritization of new and regression test cases
  publication-title: Inf. Softw. Technol.
– year: 2015
  article-title: Firmalice-automatic detection of authentication bypass vulnerabilities in binary firmware
– year: 2013
  article-title: Overify: optimizing programs for fast verification
– start-page: 1066
  year: 2011
  end-page: 1071
  article-title: Symbolic execution for software testing in practice: preliminary assessment
– volume: 56
  start-page: 82
  issue: 2
  year: 2013
  end-page: 90
  article-title: Symbolic execution for software testing: three decades later
  publication-title: Commun. ACM
– start-page: 99
  year: 2010
  end-page: 109
  article-title: Ricb: integer overflow vulnerability dynamic analysis via buffer overflow
– volume: 10
  start-page: 20
  issue: 1
  year: 2012
  article-title: Sage: whitebox fuzzing for security testing
  publication-title: Queue
– year: 2007
– year: 2016
  article-title: Driller: augmenting fuzzing through selective symbolic execution
– start-page: 613
  year: 2017
  end-page: 618
  article-title: Rethinking pointer reasoning in symbolic execution
– start-page: 110
  year: 2016
  end-page: 121
  article-title: Lava: large-scale automated vulnerability addition
– volume: 19
  start-page: 385
  issue: 7
  year: 1976
  end-page: 394
  article-title: Symbolic execution and program testing
  publication-title: Commun. ACM
– year: 2016
– start-page: 474
  year: 2009
  end-page: 484
  article-title: Taint-based directed whitebox fuzzing
– year: 2012
– start-page: 1083
  year: 2014
  end-page: 1094
  article-title: Enhancing symbolic execution with veritesting
– year: 1990
  article-title: An empirical study of the reliability of unix utilities
– start-page: 358
  year: 2015
  end-page: 363
  article-title: Similarity-based regression test case prioritization
– start-page: 85
  year: 2016
  end-page: 96
  article-title: Toward large-scale vulnerability discovery using machine learning
– volume: 27
  start-page: 929
  issue: 10
  year: 2001
  end-page: 948
  article-title: Prioritizing test cases for regression testing
  publication-title: IEEE Trans. Softw. Eng.
– start-page: 329
  year: 2001
  end-page: 338
  article-title: Incorporating varying test costs and fault severities into test case prioritization
– year: 2011
  article-title: S2e: A platform for in-vivo multi-path analysis of software systems
– volume: 29
  start-page: 195
  issue: 3
  year: 2003
  end-page: 209
  article-title: Test-suite reduction and prioritization for modified condition/decision coverage
  publication-title: IEEE Trans. Softw. Eng.
– start-page: 288
  year: 2010
  end-page: 305
  article-title: Directed proof generation for machine code
– year: 2017
– start-page: 351
  year: 2008
  end-page: 366
  article-title: Rwset: attacking path explosion in constraint-based test generation
– ident: e_1_2_9_19_1
  doi: 10.1007/978-3-540-78800-3_27
– ident: e_1_2_9_5_1
  doi: 10.1145/1985793.1985995
– ident: e_1_2_9_16_1
  doi: 10.14722/ndss.2015.23294
– ident: e_1_2_9_23_1
  doi: 10.1145/360248.360252
– ident: e_1_2_9_17_1
– ident: e_1_2_9_26_1
  doi: 10.1007/978-3-540-89862-7_1
– ident: e_1_2_9_56_1
  doi: 10.1145/2568225.2568293
– ident: e_1_2_9_43_1
– ident: e_1_2_9_2_1
  doi: 10.1109/TSE.1984.5010257
– ident: e_1_2_9_39_1
– ident: e_1_2_9_6_1
  doi: 10.1109/ICSE.2009.5070546
– ident: e_1_2_9_9_1
  doi: 10.14722/ndss.2017.23404
– ident: e_1_2_9_27_1
  doi: 10.1007/978-3-642-14295-6_27
– ident: e_1_2_9_57_1
  doi: 10.1145/1095430.1081750
– ident: e_1_2_9_55_1
  doi: 10.1109/ASE.2017.8115671
– ident: e_1_2_9_25_1
  doi: 10.1007/978-3-642-22110-1_37
– ident: e_1_2_9_38_1
– ident: e_1_2_9_22_1
  doi: 10.1109/SP.2016.15
– ident: e_1_2_9_46_1
– ident: e_1_2_9_40_1
  doi: 10.1145/2786805.2803205
– ident: e_1_2_9_3_1
  doi: 10.1145/96267.96279
– ident: e_1_2_9_51_1
  doi: 10.1109/ICSE.2001.919106
– ident: e_1_2_9_11_1
– ident: e_1_2_9_15_1
  doi: 10.1109/COMPSAC.2015.99
– ident: e_1_2_9_32_1
  doi: 10.1109/SP.2012.31
– ident: e_1_2_9_47_1
  doi: 10.1145/2857705.2857720
– ident: e_1_2_9_52_1
  doi: 10.1016/j.infsof.2008.08.007
– ident: e_1_2_9_10_1
  doi: 10.14722/ndss.2016.23368
– ident: e_1_2_9_49_1
  doi: 10.1016/j.jss.2011.07.028
– ident: e_1_2_9_14_1
– ident: e_1_2_9_31_1
– ident: e_1_2_9_28_1
– ident: e_1_2_9_41_1
  doi: 10.1109/SP.2015.58
– volume-title: Automated penetration testing with white-box fuzzing
  year: 2008
  ident: e_1_2_9_8_1
– ident: e_1_2_9_21_1
  doi: 10.1145/1950365.1950396
– ident: e_1_2_9_36_1
– ident: e_1_2_9_54_1
– ident: e_1_2_9_35_1
  doi: 10.18293/SEKE2015-115
– ident: e_1_2_9_30_1
  doi: 10.1145/1180405.1180445
– ident: e_1_2_9_45_1
  doi: 10.1145/2810103.2813604
– ident: e_1_2_9_58_1
– ident: e_1_2_9_7_1
  doi: 10.1109/MS.2008.109
– ident: e_1_2_9_20_1
  doi: 10.1109/SP.2010.26
– ident: e_1_2_9_44_1
  doi: 10.1007/978-3-642-23602-0_9
– ident: e_1_2_9_50_1
  doi: 10.1109/32.962562
– ident: e_1_2_9_48_1
  doi: 10.1109/TSE.2003.1183927
– volume-title: Fuzzing: brute force vulnerability discovery
  year: 2007
  ident: e_1_2_9_4_1
– ident: e_1_2_9_12_1
  doi: 10.1145/2090147.2094081
– ident: e_1_2_9_42_1
  doi: 10.1109/TDSC.2012.10
– ident: e_1_2_9_24_1
  doi: 10.1145/2408776.2408795
– ident: e_1_2_9_37_1
  doi: 10.1109/CGO.2004.1281665
– ident: e_1_2_9_53_1
  doi: 10.1109/SP.2010.37
– ident: e_1_2_9_18_1
– ident: e_1_2_9_34_1
– ident: e_1_2_9_13_1
  doi: 10.1109/ICSE.2007.41
– ident: e_1_2_9_33_1
  doi: 10.1145/2560217.2560219
– ident: e_1_2_9_29_1
SSID ssj0055539
Score 2.1685734
Snippet Coverage-based fuzz testing and dynamic symbolic execution are both popular program testing techniques. However, on their own, both techniques suffer from...
Coverage‐based fuzz testing and dynamic symbolic execution are both popular program testing techniques. However, on their own, both techniques suffer from...
SourceID crossref
wiley
iet
SourceType Enrichment Source
Index Database
Publisher
StartPage 507
SubjectTerms coverage-based fuzz testing
deeper bugs
dynamic symbolic execution
execution paths
fuzzy set theory
hybrid testing methods
lazy symbolic pointer concretisation method
modern software complexity
off-the-shelf vulnerability detection tools
popular program testing techniques
program debugging
program structures
program testing
Research Article
security of data
seed files
seed selection method
symbolic loop bucket optimisation
vanilla fuzz testing
Title Discover deeper bugs with dynamic symbolic execution and coverage-based fuzz testing
URI http://digital-library.theiet.org/content/journals/10.1049/iet-sen.2017.0200
https://onlinelibrary.wiley.com/doi/abs/10.1049%2Fiet-sen.2017.0200
Volume 12
WOSCitedRecordID wos000452742700008&url=https%3A%2F%2Fcvtisr.summon.serialssolutions.com%2F%23%21%2Fsearch%3Fho%3Df%26include.ft.matches%3Dt%26l%3Dnull%26q%3D
hasFullText 1
inHoldings 1
isFullTextHit
isPrint
journalDatabaseRights – providerCode: PRVWIB
  databaseName: Wiley Online Library Free Content
  customDbUrl:
  eissn: 1751-8814
  dateEnd: 99991231
  omitProxy: false
  ssIdentifier: ssj0055539
  issn: 1751-8806
  databaseCode: WIN
  dateStart: 20130101
  isFulltext: true
  titleUrlDefault: https://onlinelibrary.wiley.com
  providerName: Wiley-Blackwell
– providerCode: PRVWIB
  databaseName: Wiley Online Library Open Access
  customDbUrl:
  eissn: 1751-8814
  dateEnd: 99991231
  omitProxy: false
  ssIdentifier: ssj0055539
  issn: 1751-8806
  databaseCode: 24P
  dateStart: 20130101
  isFulltext: true
  titleUrlDefault: https://authorservices.wiley.com/open-science/open-access/browse-journals.html
  providerName: Wiley-Blackwell
link http://cvtisr.summon.serialssolutions.com/2.0.0/link/0/eLvHCXMwrV1ba9swFBZptoe-LLvSdBf0MPow0GZZciw_btnCBiMEWpq-GV2OSmBzQ5yMNk_9CfuN_SU9kp1AGGQw9mKDLQlzdI7Op4u_j5C3wqdGeF0wAxkwKb1nRmQJM8E7UldwG3m2z7_n47G6uCgmHTLc_AvT8ENsF9xCZMTxOgS4No0KCYJa7MQZLFkNgcKU5-8R9OC8_QHnIg-uncrJZjjOsizKiWGa5EwpLrdbm8WHP5rYSU4H-HoXssacM-r9l699TB61kJN-bHzkCelA9ZT0NnIOtI3uZ-T886y24UQndQBzvJnVZU3DQi11jW49rW9-mkAkTOEabHRZqitHYy0cmO5uf4es6Khfrdd0GQg8qsvn5Gz05Wz4lbWyC8wKBIMMVCocJjfjcmfTRGtQJtUGUrA6TzwCMq70wDmfIPaTgcHPWKdw4mH0AGwuXpBudVXBEaHSZOB9njmBKEJZo5UXHHRmEu40N7JPko25S9tSkgdljB9l3BqXRYlmK9FsZTBbGczWJ--2VeYNH8e-wifhWRuV9b6CInbe35ssT0fT9NMoaBnK43-q9ZIc4nPVHIl5RbrLxQpek4f213JWL95E38Xr9Nv4HhyS9P0
linkProvider Wiley-Blackwell
linkToHtml http://cvtisr.summon.serialssolutions.com/2.0.0/link/0/eLvHCXMwrV1bS-QwFA7uKKwv3nbF--Zh8UHIbtuk0_TR2-Di7CA4qG8llxMZ2K1iZ0R98if4G_0l5qSdARFckH0qtEkop-fkfDlJv4-Q79wlmjuVMw0pMCGcY5qnEdPoHYnNYxN4ts-6Wa8nLy7ykylyMP4XpuaHmBTcMDLCfI0BjgXpesEpkCRzAENWAXKYxtkPj3r8wn1a-GyDOgaJOBnPx2maBj0xnydjJmUsJnub-c83Q7zKTp_849eYNSSdzvz_ed0FMteATrpbe8kimYJyicyPBR1oE99fyNnBoDJ4ppNagGt_0aPLimKpltpauZ5W9381UglTuAMTnJaq0tLQy09Nz49PmBctdaOHBzpECo_y8ivpdw77-0esEV5ghns4yEAm3Pr0pm1mTRIpBVInSkMCRmWR85AslqptrYs8-hPI4aeNlX7poVUbTMaXSau8KmGFUKFTcC5LLfc4QhqtpOMxqFRHsVWxFqskGtu7MA0pOWpj_CnC5rjIC2-2wputQLMVaLZVsjPpcl0zcrzXeBvvNXFZvdeQh6_37yGL0855stdBNUOx9qFe38jno_7vbtH91TteJ7O-jawPyGyQ1vBmBJtkxtwOB9XNVnDkF9dQ99A
linkToPdf http://cvtisr.summon.serialssolutions.com/2.0.0/link/0/eLvHCXMwrV1bS9xAFB7USumL1hvV2joPxQdhNMnMmMmjdhsqyrJQUd_CXM7IgqaL2S2tT_0J_Y39Jc6ZZBdEsFB8CiTnDOHkXL655DuEfOI-M9zrghmQwITwnhkuE2bQOzJXpDbybF-c5f2-uroqBnOkN_0XpuWHmC24YWTEfI0BDiPn2wmnQJLMIYxZA8hhmub7AfWEifsrIUOuRX5nMZjmYyll7CcW6mTKlErFbG-zOHgyxKPqNB8eP8asseiUyy_zum_JUgc66VHrJStkDupVsjxt6EC7-F4jF71hY_FMJ3UAo3Axk-uG4lItdW3netr8ujVIJUzhJ9jotFTXjkatkJr-_v6DddFRP7m_p2Ok8Kiv18l5-eX881fWNV5glgc4yEBl3IXyZlzubJZoDcpk2kAGVueJD5AsVfrQOZ8E9CeQw89Yp8LUw-hDsDnfIAv19xreESqMBO9z6XjAEcoarTxPQUuTpE6nRmySZGrvynak5Ngb46aKm-OiqILZqmC2Cs1Wodk2yd5MZdQycjwnvIv3urhsnhPk8ev9e8jqW3mZHZfYzVBs_ZfWDnk96JXV2Un_9D15E0RUez5mmyyM7ybwgSzaH-Nhc_cx-vEDiBb3VA
openUrl ctx_ver=Z39.88-2004&ctx_enc=info%3Aofi%2Fenc%3AUTF-8&rfr_id=info%3Asid%2Fsummon.serialssolutions.com&rft_val_fmt=info%3Aofi%2Ffmt%3Akev%3Amtx%3Ajournal&rft.genre=article&rft.atitle=Discover+deeper+bugs+with+dynamic+symbolic+execution+and+coverage-based+fuzz+testing&rft.jtitle=IET+software&rft.au=Zhang%2C+Bin&rft.au=Feng%2C+Chao&rft.au=Herrera%2C+Adrian&rft.au=Chipounov%2C+Vitaly&rft.date=2018-12-01&rft.pub=The+Institution+of+Engineering+and+Technology&rft.issn=1751-8806&rft.eissn=1751-8814&rft.volume=12&rft.issue=6&rft.spage=507&rft.epage=519&rft_id=info:doi/10.1049%2Fiet-sen.2017.0200&rft.externalDocID=10_1049_iet_sen_2017_0200
thumbnail_l http://covers-cdn.summon.serialssolutions.com/index.aspx?isbn=/lc.gif&issn=1751-8806&client=summon
thumbnail_m http://covers-cdn.summon.serialssolutions.com/index.aspx?isbn=/mc.gif&issn=1751-8806&client=summon
thumbnail_s http://covers-cdn.summon.serialssolutions.com/index.aspx?isbn=/sc.gif&issn=1751-8806&client=summon