Extending Vulnerability Discovery with Fuzzing and Symbolic Execution to Realistic Applications
Open Access
Author:
Kilmer, Eric David
Graduate Program:
Computer Science and Engineering
Degree:
Master of Science
Document Type:
Master Thesis
Date of Defense:
June 09, 2017
Committee Members:
Patrick McDaniel, Thesis Advisor/Co-Advisor
Keywords:
Symbolic Execution Vulnerability Discovery Program Analysis Fuzzing
Abstract:
In 2016, DARPA held the Cyber Grand Challenge (CGC) using a special execution and evaluation environment to compare the results of different techniques in automated vulnerability discovery. However, this special execution environment simplifies many of the complexities seen in real binaries on a desktop Linux system. In this paper, we augment the top-scoring, open source, vulnerability discovery component from the CGC by providing additional functionality with respect to files, file systems, and library function summaries to more effectively operate on realistic Linux binaries. We begin by transforming the CGC challenge binaries to resemble more realistic Linux binaries by way of dynamically linked standard C library functions and compiling for a 64-bit system. We then look at examples of popular Linux applications to evaluate our solution. We find that support for files is important and the lack of function summaries for C library functions and system calls limits the effective use of symbolic execution in a real Linux environment as compared with the CGC.