FuSeBMC: An Energy-Efficient Test Generator for Finding Security Vulnerabilities in C Programs

Kaled Alshmrany; Mohannad Aldughaim; Ahmed Bhayat; Lucas Cordeiro

FuSeBMC: An Energy-Efficient Test Generator for Finding Security Vulnerabilities in C Programs

Kaled Alshmrany, Mohannad Aldughaim, Ahmed Bhayat, Lucas Cordeiro

Research output: Chapter in Book/Report/Conference proceeding › Conference contribution › peer-review

Abstract

We describe and evaluate a novel approach FuSeBMC that exploits fuzzing and BMC engines to detect security vulnerability in C programs. It explores and analyzes the target C program by injecting labels that guide those engines to produce test-cases. FuSeBMC also exploits selective fuzzer to produce test-cases for the labels that fuzzing and BMC engines could not produce test-cases. Lastly, we manage each engine's execution time to improve FuSeBMC's energy consumption. As a result, FuSeBMC guides the fuzzing and BMC engines to explore more profound in the target C programs and then produce test-cases that achieve higher coverage with lower energy consumption to detect bugs efficiently. We evaluated FuSeBMC by participating in Test-Comp 2021 to test the ability of the tool in two categories of the competition, which are code coverage and bug detection. The competition results show that FuSeBMC performs well if compared to the state-of-the-art software testing tools. FuSeBMC achieved 3 awards in the Test-Comp 2021: first place in the Cover-Error category, second place in the Overall category, and third place in the Low Energy Consumption.

Original language	English
Title of host publication	TAP: International Conference on Tests and Proofs
Publisher	Springer London
Publication status	Published - 18 Jun 2021
Event	15th International Conference on Tests and Proofs - Bergen, Norway Duration: 21 Jun 2021 → 25 Jun 2021

Publication series

Name	Lecture Notes in Computer Science
Publisher	Springer

Conference

Conference	15th International Conference on Tests and Proofs
Abbreviated title	TAP 2021
Country/Territory	Norway
City	Bergen
Period	21/06/21 → 25/06/21

UN SDGs

This output contributes to the following UN Sustainable Development Goals (SDGs)

Embargoed Document

TAP_2021_paper_12
Accepted author manuscript, 756 KB
Embargo ends: 1/01/31

Cite this

@inproceedings{fb65abf2c1434650bf93d4d61ee460b1,

title = "FuSeBMC: An Energy-Efficient Test Generator for Finding Security Vulnerabilities in C Programs",

abstract = "We describe and evaluate a novel approach FuSeBMC that exploits fuzzing and BMC engines to detect security vulnerability in C programs. It explores and analyzes the target C program by injecting labels that guide those engines to produce test-cases. FuSeBMC also exploits selective fuzzer to produce test-cases for the labels that fuzzing and BMC engines could not produce test-cases. Lastly, we manage each engine's execution time to improve FuSeBMC's energy consumption. As a result, FuSeBMC guides the fuzzing and BMC engines to explore more profound in the target C programs and then produce test-cases that achieve higher coverage with lower energy consumption to detect bugs efficiently. We evaluated FuSeBMC by participating in Test-Comp 2021 to test the ability of the tool in two categories of the competition, which are code coverage and bug detection. The competition results show that FuSeBMC performs well if compared to the state-of-the-art software testing tools. FuSeBMC achieved 3 awards in the Test-Comp 2021: first place in the Cover-Error category, second place in the Overall category, and third place in the Low Energy Consumption.",

author = "Kaled Alshmrany and Mohannad Aldughaim and Ahmed Bhayat and Lucas Cordeiro",

year = "2021",

month = jun,

day = "18",

language = "English",

series = "Lecture Notes in Computer Science",

publisher = "Springer London",

booktitle = "TAP: International Conference on Tests and Proofs",

address = "United Kingdom",

note = "15th International Conference on Tests and Proofs , TAP 2021 ; Conference date: 21-06-2021 Through 25-06-2021",

}

FuSeBMC: An Energy-Efficient Test Generator for Finding Security Vulnerabilities in C Programs. / Alshmrany, Kaled ; Aldughaim, Mohannad ; Bhayat, Ahmed et al.

TAP: International Conference on Tests and Proofs. Springer London, 2021. (Lecture Notes in Computer Science).

Research output: Chapter in Book/Report/Conference proceeding › Conference contribution › peer-review

TY - GEN

T1 - FuSeBMC: An Energy-Efficient Test Generator for Finding Security Vulnerabilities in C Programs

AU - Alshmrany, Kaled

AU - Aldughaim, Mohannad

AU - Bhayat, Ahmed

AU - Cordeiro, Lucas

PY - 2021/6/18

Y1 - 2021/6/18

N2 - We describe and evaluate a novel approach FuSeBMC that exploits fuzzing and BMC engines to detect security vulnerability in C programs. It explores and analyzes the target C program by injecting labels that guide those engines to produce test-cases. FuSeBMC also exploits selective fuzzer to produce test-cases for the labels that fuzzing and BMC engines could not produce test-cases. Lastly, we manage each engine's execution time to improve FuSeBMC's energy consumption. As a result, FuSeBMC guides the fuzzing and BMC engines to explore more profound in the target C programs and then produce test-cases that achieve higher coverage with lower energy consumption to detect bugs efficiently. We evaluated FuSeBMC by participating in Test-Comp 2021 to test the ability of the tool in two categories of the competition, which are code coverage and bug detection. The competition results show that FuSeBMC performs well if compared to the state-of-the-art software testing tools. FuSeBMC achieved 3 awards in the Test-Comp 2021: first place in the Cover-Error category, second place in the Overall category, and third place in the Low Energy Consumption.

AB - We describe and evaluate a novel approach FuSeBMC that exploits fuzzing and BMC engines to detect security vulnerability in C programs. It explores and analyzes the target C program by injecting labels that guide those engines to produce test-cases. FuSeBMC also exploits selective fuzzer to produce test-cases for the labels that fuzzing and BMC engines could not produce test-cases. Lastly, we manage each engine's execution time to improve FuSeBMC's energy consumption. As a result, FuSeBMC guides the fuzzing and BMC engines to explore more profound in the target C programs and then produce test-cases that achieve higher coverage with lower energy consumption to detect bugs efficiently. We evaluated FuSeBMC by participating in Test-Comp 2021 to test the ability of the tool in two categories of the competition, which are code coverage and bug detection. The competition results show that FuSeBMC performs well if compared to the state-of-the-art software testing tools. FuSeBMC achieved 3 awards in the Test-Comp 2021: first place in the Cover-Error category, second place in the Overall category, and third place in the Low Energy Consumption.

M3 - Conference contribution

T3 - Lecture Notes in Computer Science

BT - TAP: International Conference on Tests and Proofs

PB - Springer London

T2 - 15th International Conference on Tests and Proofs

Y2 - 21 June 2021 through 25 June 2021

ER -

FuSeBMC: An Energy-Efficient Test Generator for Finding Security Vulnerabilities in C Programs

Abstract

Publication series

Conference

UN SDGs

Embargoed Document

Fingerprint

Cite this