Change search
ReferencesLink to record
Permanent link

Direct link
Finding vulnerabilities using automatic test generation
Uppsala University, Disciplinary Domain of Science and Technology, Mathematics and Computer Science, Department of Information Technology.
2014 (English)Independent thesis Basic level (degree of Bachelor), 10 credits / 15 HE creditsStudent thesis
Abstract [en]

Software bugs are still present in modern software, and they are a major concern for every user, specially security related bugs. Classical approaches for bug detection fall short to uncover some of them, as it has been proved on several occasions when a hidden bug has been used to compromise the security of many systems. In this report  an approach for automatic bug detection is presented and analysed.  Using KLEE, a tool that can explore all the possible paths in a piece of code, bugs can be discovered. As an example for bug detection in a security software, the Heartbleed bug that affected the OpenSSL library is analysed. The behaviour of this bug is explained here, and KLEE is used to expose this bug. If this worked, it would be useful for developers in order to prevent dangerous bugs from staying undetected.

The results show that the tool is not ready to be used in real software due to its limitations. However, despite the difficulties these limitations pose, KLEE proves to be useful in a controlled scenario. As long as the software is kept simple, the tool can be used toeffectively execute all the code. With some improvements, it could be a major step for a future without bugs.

Place, publisher, year, edition, pages
IT, 14 044
National Category
Engineering and Technology
URN: urn:nbn:se:uu:diva-229586OAI: diva2:737077
Educational program
Freestanding course
Available from: 2014-08-11 Created: 2014-08-11 Last updated: 2014-11-04Bibliographically approved

Open Access in DiVA

fulltext(436 kB)147 downloads
File information
File name FULLTEXT01.pdfFile size 436 kBChecksum SHA-512
Type fulltextMimetype application/pdf

By organisation
Department of Information Technology
Engineering and Technology

Search outside of DiVA

GoogleGoogle Scholar
Total: 147 downloads
The number of downloads is the sum of all downloads of full texts. It may include eg previous versions that are now no longer available

Total: 348 hits
ReferencesLink to record
Permanent link

Direct link