Slide 15
Slide 15 text
Girls Meets Symbolic Execution (2) by @K_atc
Test case generation [KLEE]
It’s hard to perform high-coverage software test by hands!
Reverse engineering [S2E, Triton]
e.g. Path coverage, Deobfuscation
Exploit generation (Includes crash) [AEG, S2E, Driller]
eg. Control flow hijack
15
Usage of symbolic execution (Previous researches)
[KLEE] Cadar, C., Dunbar, D., and Engler, D. (2008). KLEE: Unassisted and automatic generation of high-coverage tests for complex systems
programs.
[S2E] Chipounov, V., Kuznetsov, V., and Candea, G. (2012). The S2E platform: Design, implementation, and applications.
[Triton] https://github.com/JonathanSalwan/Tigress_protection
[AEG] T. Avgerinos, S. K. Cha, B. L. Tze Hao, and D. Brumley. (2011). AEG: Automatic Exploit Generation.
[Driller] Stephens, N., Grosen, J., Salls, C., Dutcher, A., Wang, R., Corbetta, J., Shoshitaishvili, Y., Kruegel, C., and Vigna, G. (2016). Driller:
Augmenting fuzzing through selective symbolic execution.
Today’s topic