Abstract
Automatically generating test inputs for input handling routines which implement highly structured input formats is challenging. Existing input generation approaches (e.g. fuzzing) address this problem by requiring verification engineers to create input specifications based on which new inputs are generated. However, depending on the input format, creating such input specifications can be cumbersome and error-prone. We propose simplifying the creation of input specifications by allowing input formats to be only partially specified. This is achieved by utilizing concolic testing (a combination of concrete random testing and symbolic execution) as an input generation technique and thereby allowing parts of the input format to remain unspecified (i.e. unconstrained) symbolic values. For this purpose, we present SISL, a domain-specific language for creating partial input specifications for structured binary input formats.
This work was supported in part by the German Federal Ministry of Education and Research (BMBF) within the project Scale4Edge under contract no. 16ME0127 and within the project VerSys under contract no. 01IW19001.
Access this chapter
Tax calculation will be finalised at checkout
Purchases are for personal use only
References
Aschermann, C., Frassetto, T., Holz, T., Jauernig, P., Sadeghi, A.R., Teuchert, D.: NAUTILUS: fishing for deep bugs with grammars. In: The Network and Distributed System Security Symposium 2019, NDSS, San Diego, California (2019)
Ballantyne, M., King, A., Felleisen, M.: Macros for domain-specific languages. Proc. ACM Program. Lang. 4(OOPSLA) (2020)
Banks, G., Cova, M., Felmetsger, V., Almeroth, K., Kemmerer, R., Vigna, G.: SNOOZE: toward a stateful NetwOrk prOtocol fuzZEr. In: Katsikas, S.K., López, J., Backes, M., Gritzalis, S., Preneel, B. (eds.) ISC 2006. LNCS, vol. 4176, pp. 343–358. Springer, Heidelberg (2006). https://doi.org/10.1007/11836810_25
Bratus, S., Locasto, M.E., Patterson, M.L., Sassaman, L., Shubina, A.: Exploit programming: from buffer overflows to weird machines and theory of computation. Usenix; login 36, 13–21 (2011)
Cadar, C., Dunbar, D., Engler, D.: KLEE: unassisted and automatic generation of high-coverage tests for complex systems programs, OSDI 2008, pp. 209–224. USENIX Association (2008)
Godefroid, P., Kiezun, A., Levin, M.Y.: Grammar-based whitebox fuzzing. In: PLDI 2008, pp. 206–215. Association for Computing Machinery (2008)
Pham, V.T., Böhme, M., Santosa, A.E., Căciulescu, A.R., Roychoudhury, A.: Smart greybox fuzzing. IEEE Trans. Softw. Eng. 47(9) (2021)
Tempel, S., Herdt, V., Drechsler, R.: SymEx-VP: an open source virtual prototype for OS-agnostic concolic testing of IoT firmware. J. Syst. Architect. (2022)
Wang, J., Chen, B., Wei, L., Liu, Y.: Superion: grammar-aware greybox fuzzing. In: 2019 IEEE/ACM 41st International Conference on Software Engineering (2019)
Author information
Authors and Affiliations
Corresponding author
Editor information
Editors and Affiliations
Rights and permissions
Copyright information
© 2022 The Author(s), under exclusive license to Springer Nature Switzerland AG
About this paper
Cite this paper
Tempel, S., Herdt, V., Drechsler, R. (2022). SISL: Concolic Testing of Structured Binary Input Formats via Partial Specification. In: Bouajjani, A., Holík, L., Wu, Z. (eds) Automated Technology for Verification and Analysis. ATVA 2022. Lecture Notes in Computer Science, vol 13505. Springer, Cham. https://doi.org/10.1007/978-3-031-19992-9_5
Download citation
DOI: https://doi.org/10.1007/978-3-031-19992-9_5
Published:
Publisher Name: Springer, Cham
Print ISBN: 978-3-031-19991-2
Online ISBN: 978-3-031-19992-9
eBook Packages: Computer ScienceComputer Science (R0)