Sydr: Cutting Edge Dynamic Symbolic Execution


Sydr: Cutting Edge Dynamic Symbolic Execution

Авторы

Alexey Vishnyakov, Andrey Fedotov, Daniil Kuts, Alexander Novikov, Darya Parygina, Eli Kobrin, Vlada Logunova, Pavel Belecky, Shamil Kurmangaleev

Аннотация

The security development lifecycle (SDL) is becoming an industry standard. Dynamic symbolic execution (DSE) has enormous amount of applications in computer security (fuzzing, vulnerability discovery, reverse-engineering, etc.). We propose several performance and accuracy improvements for dynamic symbolic execution. Skipping non-symbolic instructions allows to build a path predicate 1.2--3.5 times faster. Symbolic engine simplifies formulas during symbolic execution. Path predicate slicing eliminates irrelevant conjuncts from solver queries. We handle each jump table (switch statement) as multiple branches and describe the method for symbolic execution of multi-threaded programs. The proposed solutions were implemented in Sydr tool. Sydr performs inversion of branches in path predicate. Sydr combines DynamoRIO dynamic binary instrumentation tool with Triton symbolic engine. We evaluated Sydr features on 64-bit Linux executables.

Полный текст статьи в формате pdf

Ключевые слова

symbolic execution, concolic execution, dynamicanalysis, binary analysis, dynamic binary instrumentation, com-puter security, security development lifecycle, DSE, SMT, DBI, SDL

Издание

Cryptography and Security (cs.CR)

Научная группа

Компиляторные технологии

Все публикации за 2020 год Все публикации