Abstract
We present a binary analysis framework based on symbolic execution with the distinguishing capability to execute stepwise forward and also backward through the execution tree. It was developed internally at Bitdefender and code-named RIVER. The framework provides components such as a taint engine, a dynamic symbolic execution engine, and integration with Z3 for constraint solving.
This is a preview of subscription content, log in via an institution to check access.
Access this chapter
Tax calculation will be finalised at checkout
Purchases are for personal use only
References
European-Commission: Commission signs agreement with industry on cybersecurity and steps up efforts to tackle cyber-threats. http://europa.eu/rapid/press-release_IP-16-2321_en.htm. Accessed July 2016
DARPA-US: Cyber grand challenge (2016). http://cgc.darpa.mil
Cadar, C., Sen, K.: Symbolic execution for software testing: three decades later. Commun. ACM 56(2), 82–90 (2013)
Pasareanu, C.S., Visser, W.: A survey of new trends in symbolic execution for software testing and analysis. STTT 11(4), 339–353 (2009)
Sen, K., Marinov, D., Agha, G.: CUTE: a concolic unit testing engine for C. In: Proceedings of ESEC/FSE, pp. 263–272. ACM (2005)
Cadar, C., et al.: KLEE: unassisted and automatic generation of high-coverage tests for complex systems programs. In: Proceedings of OSDI, pp. 209–224. USENIX (2008)
Luckow, K.S., Pasareanu, C.S.: Symbolic PathFinder v7. ACM SIGSOFT Softw. Eng. Notes 39(1), 1–5 (2014)
Song, D., et al.: BitBlaze: a new approach to computer security via binary analysis. In: Sekar, R., Pujari, A.K. (eds.) ICISS 2008. LNCS, vol. 5352, pp. 1–25. Springer, Heidelberg (2008). doi:10.1007/978-3-540-89862-7_1
Cha, S.K., Avgerinos, T., Rebert, A., Brumley, D.: Unleashing Mayhem on binary code. In: Proceedings of SP 2012, pp. 380–394. IEEE (2012)
Salwan, J., Saudel, F.: Triton: a dynamic symbolic execution framework. In: Proceedings of SSTIC, pp. 31–54 (2015). http://triton.quarkslab.com
Bitdefender (2016). http://www.bitdefender.com/business/awards.html
de Moura, L., Bjørner, N.: Z3: an efficient SMT solver. In: Ramakrishnan, C.R., Rehof, J. (eds.) TACAS 2008. LNCS, vol. 4963, pp. 337–340. Springer, Heidelberg (2008). doi:10.1007/978-3-540-78800-3_24
Chipounov, V., Kuznetsov, V., Candea, G.: The S2E platform: design, implementation, and applications. ACM Trans. Comput. Syst. 30(1), 2 (2012)
Rizzi, E.F., et al.: On the techniques we create, the tools we build, and their misalignments: a study of KLEE. In: Proceedings of ICSE 2016, pp. 132–143. ACM (2016)
Ciortea, L., Zamfir, C., Bucur, S., Chipounov, V., Candea, G.: Cloud9: a software testing service. Oper. Syst. Rev. 43(4), 5–10 (2009)
Stephens, N., et al.: Driller: augmenting fuzzing through selective symbolic execution. In: Proceedings of NDSS 2016, pp. 1–16. The Internet Society (2016)
Acknowledgements
We thank Sorin Baltateanu and Traian Serbanuta for fruitful discussions and acknowledge partial support from MuVeT and MEASURE projects (PN-II-ID-PCE-2011-3-0688 and PN-III-P3-3.5-EUK-2016-0020).
Author information
Authors and Affiliations
Corresponding author
Editor information
Editors and Affiliations
Rights and permissions
Copyright information
© 2016 Springer International Publishing AG
About this paper
Cite this paper
Stoenescu, T., Stefanescu, A., Predut, S., Ipate, F. (2016). RIVER: A Binary Analysis Framework Using Symbolic Execution and Reversible x86 Instructions. In: Fitzgerald, J., Heitmeyer, C., Gnesi, S., Philippou, A. (eds) FM 2016: Formal Methods. FM 2016. Lecture Notes in Computer Science(), vol 9995. Springer, Cham. https://doi.org/10.1007/978-3-319-48989-6_50
Download citation
DOI: https://doi.org/10.1007/978-3-319-48989-6_50
Published:
Publisher Name: Springer, Cham
Print ISBN: 978-3-319-48988-9
Online ISBN: 978-3-319-48989-6
eBook Packages: Computer ScienceComputer Science (R0)