Completed
QSYM can generate test cases that fuzzing is hard to find
Class Central Classrooms beta
YouTube videos curated by Class Central.
Classroom Contents
QSYM - A Practical Concolic Execution Engine Tailored for Hybrid Fuzzing
Automatically move to the next video in the Classroom when playback concludes
- 1 Intro
- 2 Two popular ways to find security bugs: Fuzzing & Concolic execution
- 3 Fuzzing and Concolic execution have their own pros and cons
- 4 Hybrid fuzzing can address their problems
- 5 Hybrid fuzzing has achieved great success in small- scale study
- 6 However, current hybrid fuzzing suffers from problems to scale to real-world applications
- 7 Our system, QSYM, addresses these issues by introducing several key ideas
- 8 Overview: Hybrid fuzzing in general
- 9 Intermediate representations (IR) are good to make implementations easier
- 10 Execute instructions directly without using intermediate layer
- 11 QSYM reduces the number of instructions to execute symbolically
- 12 State forking can reduce re-execution overhead for constraint generation
- 13 Re-execute to use concrete environment instead of kernel state forking
- 14 Models minimal system calls and uses concrete values
- 15 incomplete constraints
- 16 Solve constraints optimistically
- 17 Our decision: Solve only the last constraint in the path
- 18 In hybrid fuzzing, generating incorrect inputs are fine due to fuzzing
- 19 Evaluation questions
- 20 QSYM scales to real-world software
- 21 QSYM can generate test cases that fuzzing is hard to find
- 22 Compare QSYM with Driller, a state-of-the-art hybrid fuzzing
- 23 QSYM achieved more code coverage due to its better performance
- 24 Driller achieved more code coverage if nested branches exist