| Popis: |
The effectiveness of many dynamic program analysis techniques depends heavily on the completeness of the test suite applied during the analysis process. Test suites are often composed by developers and aim at testing all of the functionality of a software system. However, test suites may not be complete, if they exist at all. To date, only two methods exist for automatically generating test input for closed binaries: fuzzing and symbolic execution. Despite previous successes of these methods in identifying bugs, both techniques have limitations. In this paper, we propose a new method for autonomously generating valid input and identifying protocols for closed x86 binaries. The method presented can be used as a standalone tool or can be combined with other techniques for improved results. To assess its effectiveness, we test InputFinder, the implementation of our method, against binaries from the DARPA Cyber Grand Challenge example set. Our evaluations show that our method is not only effective in finding input and determining whether a protocol is expected but can also find unexpected control flow paths. |
