Finding vulnerabilities using automatic test generation

• Main Author: Bueno Dominguez, Jordi
• Format: Others
• Language: English
• Published: Uppsala universitet, Institutionen för informationsteknologi 2014
• Online Access: http://urn.kb.se/resolve?urn=urn:nbn:se:uu:diva-229586

Software bugs are still present in modern software, and they are a major concern for every user, specially security related bugs. Classical approaches for bug detection fall short to uncover some of them, as it has been proved on several occasions when a hidden bug has been used to compromise the security of many systems. In this report  an approach for automatic bug detection is presented and analysed.  Using KLEE, a tool that can explore all the possible paths in a piece of code, bugs can be discovered. As an example for bug detection in a security software, the Heartbleed bug that affected the OpenSSL library is analysed. The behaviour of this bug is explained here, and KLEE is used to expose this bug. If this worked, it would be useful for developers in order to prevent dangerous bugs from staying undetected. The results show that the tool is not ready to be used in real software due to its limitations. However, despite the difficulties these limitations pose, KLEE proves to be useful in a controlled scenario. As long as the software is kept simple, the tool can be used toeffectively execute all the code. With some improvements, it could be a major step for a future without bugs.