SYMBION: Interleaving Symbolic with Concrete Execution

Fabio Gritti, Lorenzo Fontana, Eric Gustafson, Fabio Pagani, Andrea Continella, Christopher Kruegel, Giovanni Vigna

Research output: Chapter in Book/Report/Conference proceedingConference contributionAcademicpeer-review

Abstract

Symbolic execution is a powerful technique for exploring programs and generating inputs that drive them into specific states. However, symbolic execution is also known to suffer from severe limitations, which prevent its application to real-world software. For example, symbolically executing programs requires modeling their interactions with the surrounding environment (e.g., libraries, operating systems). Unfortunately, models are usually created manually, introducing considerable approximations of the programs behaviors and significant imprecision in the analysis. In addition, as the complexity of the system
under analysis grows, additional models are needed, making this process unsustainable. For these reasons, in this paper we propose a novel technique that allows interleaving symbolic execution with concrete execution, focusing the symbolic exploration only on interesting portions of code. We call this approach interleaved symbolic execution. The key idea of our approach is to re-use the concrete environment to run the input program, and then synchronize the results of the environment interactions with the symbolic execution engine. As a consequence, our approach does not make any assumption about such interactions, and it is agnostic with respect to the concrete environment. We implement a prototype for this technique, SYMBION, and we demonstrate its effectiveness by analyzing real-world malware, showing that it allows us to effectively skip complex portions of code that do not need to be analyzed symbolically.
Original languageEnglish
Title of host publicationProceedings of the 8th IEEE Conference on Communications and Network Security (CNS '20)
PublisherIEEE
Number of pages10
ISBN (Electronic)978-1-7281-4760-4
ISBN (Print)978-1-7281-4760-4, 978-1-7281-4761-1
DOIs
Publication statusPublished - 1 Jun 2020
Event8th IEEE Conference on Communications and Network Security (CNS '20) - Online conference, Avignon, France
Duration: 29 Jun 20201 Jul 2020
Conference number: 8
https://cns2020.ieee-cns.org/

Publication series

Name2020 IEEE Conference on Communications and Network Security, CNS 2020

Conference

Conference8th IEEE Conference on Communications and Network Security (CNS '20)
Abbreviated titleCNS '20
CountryFrance
CityAvignon
Period29/06/201/07/20
Internet address

Keywords

  • Computer Security
  • Malware
  • Reverse engineering

Fingerprint Dive into the research topics of 'SYMBION: Interleaving Symbolic with Concrete Execution'. Together they form a unique fingerprint.

Cite this