基于禁忌搜索的动态符号执行方法

软件漏洞是网络安全问题的根源之一,软件漏洞检测是当前网络安全领域的一个研究热点.动态符号执行是近年来研究较多的一种漏洞检测技术,针对现有动态符号执行方法在通过约束求解生成测试用例时,生成的测试用例存在大量重复或近似重复的问题,提出了一种基于禁忌搜索的动态符号执行方法,并实现了一个相应的工具原型Sword SE.该方法利用了禁忌搜索算法的全局逐步寻优能力,通过建立评价函数来优选种子文件,通过建立禁忌表来避免重复搜索.实验结果表明,Sword SE的路径搜索效率明显优于现有工具,且已发现0day漏洞4个.

Dynamic symbolic execution approach based on tabu search

Software vulnerabilities are one of the root causes of network security problem, and software vulnerability detection is currently a hot topic in the field of network security. Dynamic symbolic execution is one of the most studied approaches for vulnerability detection recently. Aimed at the problem that existing dynamic symbolic approaches produced a large number of duplicate or near-duplicate test cases, we proposed a novel dynamic symbolic execution approach based on tabu search, and implemented a corresponding tool named SwordSE. The proposed approach took advantage of the tabu search algorithm's ability of global optimization, it can do optimized seed selection by establishing an evaluation function, and can avoid duplicate path search by establishing a tabu list. Experiment results show that SwordSE's path search efficiency is significantly better than those of existing tools, and has detected four zero-day vulnerabilities until now.