2022
DOI: 10.1109/access.2022.3223359
|View full text |Cite
|
Sign up to set email alerts
|

Combining BMC and Fuzzing Techniques for Finding Software Vulnerabilities in Concurrent Programs

Abstract: Finding software vulnerabilities in concurrent programs is a challenging task due to the size of the state-space exploration, as the number of interleavings grows exponentially with the number of program threads and statements. We propose and evaluate EBF (Ensembles of Bounded Model Checking with Fuzzing) -a technique that combines Bounded Model Checking (BMC) and Gray-Box Fuzzing (GBF) to find software vulnerabilities in concurrent programs. Since there are no publicly-available GBF tools for concurrent code,… Show more

Help me understand this report

Search citation statements

Order By: Relevance

Paper Sections

Select...
2
1
1
1

Citation Types

0
6
0

Year Published

2023
2023
2024
2024

Publication Types

Select...
3
2
1

Relationship

1
5

Authors

Journals

citations
Cited by 6 publications
(6 citation statements)
references
References 57 publications
0
6
0
Order By: Relevance
“…However, when the software features concurrent execution, the main challenge becomes exploring the exponentially growing program state space. For this reason, there have been many efforts to improve BMC for concurrent software, including sequentialization [5], dedicated theories for multi-threaded programs [4] or combining BMC with fuzzing [1]. A state-of-the-art example of such efforts is ESBMC, an efficient SMT-based bounded model checker for C and C++ programs [3].…”
Section: Overviewmentioning
confidence: 99%
“…However, when the software features concurrent execution, the main challenge becomes exploring the exponentially growing program state space. For this reason, there have been many efforts to improve BMC for concurrent software, including sequentialization [5], dedicated theories for multi-threaded programs [4] or combining BMC with fuzzing [1]. A state-of-the-art example of such efforts is ESBMC, an efficient SMT-based bounded model checker for C and C++ programs [3].…”
Section: Overviewmentioning
confidence: 99%
“…In EBF [9], we are the first to implement a cooperative approach that combines Bounded Model Checking (BMC) and concurrency-aware Gray-Box Fuzzing (GBF) for finding vulnerabilities in concurrent C programs. In order to simplify the communication interface between the cooperating tools, we adopt a black-box design philosophy where verification artifacts are implicitly shared via appropriate transformation and instrumentation of the program under test (PUT).…”
Section: Overviewmentioning
confidence: 99%
“…During this stage, EBF checks whether the PUT contains any vulnerabilities by fuzzing its inputs and thread interleavings. Due to the current lack of open-source GBF tools for concurrent programs [9], EBF uses our own concurrencyaware gray-box fuzzer OpenGBF. Its implementation extends AFL++, a state-of-theart GBF for single-threaded programs, by introducing the following concurrency-aware lightweight instrumentation in the PUT.…”
Section: Architecturementioning
confidence: 99%
“…For example in [2], BMC is used to generate paths that the fuzzer would not have found on its own. In [1], the authors combine BMC and Gray-Box Fuzzing to find vulnerabilities in concurrent programs. To our knowledge, no previous works combine fuzzing with parameterized model checking.…”
Section: Conclusion and Related Workmentioning
confidence: 99%