论文标题
FuseBMC:用于在C程序中查找安全漏洞的白色框fuzzer
FuSeBMC: A White-Box Fuzzer for Finding Security Vulnerabilities in C Programs
论文作者
论文摘要
我们描述并评估了名为FuseBMC的C程序的新颖的白色框Fuzzer,它结合了模糊和象征性执行,并应用有限的模型检查(BMC)在C程序中找到安全漏洞。 FuseBMC探索和分析C程序(1),以找到导致财产违规的执行路径,以及(2)逐步注入标签,以指导Fuzzer和BMC Engine以生产测试案例以进行代码覆盖。 FuseBMC成功参与了测试局21,并在封面类别中获得了第一名,在整个类别中获得了第二名。
We describe and evaluate a novel white-box fuzzer for C programs named FuSeBMC, which combines fuzzing and symbolic execution, and applies Bounded Model Checking (BMC) to find security vulnerabilities in C programs. FuSeBMC explores and analyzes C programs (1) to find execution paths that lead to property violations and (2) to incrementally inject labels to guide the fuzzer and the BMC engine to produce test-cases for code coverage. FuSeBMC successfully participates in Test-Comp'21 and achieves first place in the Cover-Error category and second place in the Overall category.
