[Research] Prof. Hyung Joon Koo's Research Lab Publishes a paper in IEEE Symposium on Security and Privacy 2024
- 소프트웨어융합대학
- Hit1466
- 2023-07-18
SecAI 연구실 (지도교수: 구형준)과 고려대학교 김휘강 교수 연구실에서 공동연구한 논문이 컴퓨터 보안 분야에서 최우수 학술대회(IF=4)인 IEEE Symposium on Security and Privacy 2024에 게재 승인되었습니다!
Abstract.
Fuzzing has demonstrated great success in bug discovery and plays a crucial role in software testing today. Despite the increasing popularity of fuzzing, automated root cause analysis (RCA) has drawn less attention. One of the recent advances in RCA is crash-based statistical debugging, which leverages the behavioral differences in program execution between crash-triggered and non-crashing inputs. Hence, obtaining non-crashing behaviors close to the original crash is crucial but challenging with previous approaches (e.g., fuzzing). In this paper, we present BENZENE, a practical end-to-end RCA system that facilitates a fully automated crash diagnosis. To this end, we introduce a novel technique, called under-constrained state mutation, that generates both crashing and
non-crashing behaviors for effective and efficient RCA. We design and implement the BENZENE prototype, and evaluate it with 60 vulnerabilities in the wild. Our empirical results demonstrate that BENZENE not only surpasses in performance (i.e., root cause ranking), but also achieves superior results in both speed (4.6 times faster) and memory footprint (31.4 times less) on average than prior approaches.