Facial reconstruction

Search LJMU Research Online

Browse Repository | Browse E-Theses

Function Exclusion in Automated Security Patch Testing Using Chopped Symbolic Execution

Ninh, TP, Hung Nguyen, V, Shone, N and Babenko, M Function Exclusion in Automated Security Patch Testing Using Chopped Symbolic Execution. In: 2021 8th NAFOSTED Conference on Information and Computer Science (NICS), 21 December 2021 - 22 December 2021, Hanoi, Vietnam. (Accepted)

[img]
Preview
Text
1570773935 stamped.pdf - Accepted Version

Download (216kB) | Preview

Abstract

Patch testing is a core component of patch management and is used to verify that modified software modules (i.e. an update or patch) work as expected (functional testing) and do not contain any known vulnerabilities (security testing). Security patch testing requires a lot of time and a professional security knowledge from the tester. In recent years, chopped symbolic execution has been successfully applied in automatic or semiautomatic program testing, to reduce the amount of testing work. Chopped symbolic execution (Chopper) allows users to specify “uninteresting” functions to ignore during analysis, therefore allowing the testing of software modules without running all functions of the program. It is an effective solution for path explosion (one of the main problems of symbolic execution). The effectiveness of the chopped symbolic execution method in patch testing depends on how well the ignored functions are initially chosen. In this paper, we propose a novel method to automatically exclude functions for chopped symbolic execution in patch testing, using a control flow graph. Moreover, we use cyclomatic complexity to optimize the speed of the testing process. Experimental results show that our method can automatically choose the ignored functions and reduce the required testing time, in comparison to typical Chopper techniques.

Item Type: Conference or Workshop Item (Paper)
Additional Information: © 2021 IEEE. Personal use of this material is permitted. Permission from IEEE must be obtained for all other uses, in any current or future media, including reprinting/republishing this material for advertising or promotional purposes, creating new collective works, for resale or redistribution to servers or lists, or reuse of any copyrighted component of this work in other works.
Subjects: Q Science > QA Mathematics > QA75 Electronic computers. Computer science
Q Science > QA Mathematics > QA76 Computer software
Divisions: Computer Science & Mathematics
Publisher: IEEE
Date Deposited: 12 Jan 2022 12:17
Last Modified: 12 Jan 2022 12:17
URI: https://researchonline.ljmu.ac.uk/id/eprint/16037

Actions (login required)

View Item View Item