Litcius/Paper detail

Automated Bug Hunting With Data-Driven Symbolic Root Cause Analysis

Carter Yagemann, Simon P. Chung, Brendan Saltaformaggio, Wenke Lee

202117 citationsDOIOpen Access PDF

Abstract

The increasing cost of successful cyberattacks has caused a mindset shift, whereby defenders now employ proactive defenses, namely software bug hunting, alongside existing reactive measures (firewalls, IDS, IPS) to protect systems. Unfortunately the path from hunting bugs to deploying patches remains laborious and expensive, requires human expertise, and still misses serious memory corruptions. Motivated by these challenges, we propose bug hunting using symbolically reconstructed states based on execution traces to achieve better detection and root cause analysis of overflow, use-after-free, double free, and format string bugs across user programs and their imported libraries. We discover that with the right use of widely available hardware processor tracing and partial memory snapshots, powerful symbolic analysis can be used on real-world programs while managing path explosion. Better yet, data can be captured from production deployments of live software on end-host systems transparently, aiding in the analysis of user clients and long-running programs like web servers.

Topics & Concepts

Computer scienceRoot causeSymbolic executionSoftware bugServerSoftwareRoot (linguistics)Host (biology)MindsetRoot cause analysisComputer securityPath (computing)Operating systemArtificial intelligenceEngineeringForensic engineeringEcologyReliability engineeringLinguisticsPhilosophyBiologyAdvanced Malware Detection TechniquesSoftware Testing and Debugging TechniquesSecurity and Verification in Computing
Automated Bug Hunting With Data-Driven Symbolic Root Cause Analysis | Litcius