uu.seUppsala University Publications
Change search
CiteExportLink to record
Permanent link

Direct link
Cite
Citation style
  • apa
  • ieee
  • modern-language-association
  • vancouver
  • Other style
More styles
Language
  • de-DE
  • en-GB
  • en-US
  • fi-FI
  • nn-NO
  • nn-NB
  • sv-SE
  • Other locale
More languages
Output format
  • html
  • text
  • asciidoc
  • rtf
Finding vulnerabilities using automatic test generation
Uppsala University, Disciplinary Domain of Science and Technology, Mathematics and Computer Science, Department of Information Technology.
2014 (English)Independent thesis Basic level (degree of Bachelor), 10 credits / 15 HE creditsStudent thesis
Abstract [en]

Software bugs are still present in modern software, and they are a major concern for every user, specially security related bugs. Classical approaches for bug detection fall short to uncover some of them, as it has been proved on several occasions when a hidden bug has been used to compromise the security of many systems. In this report  an approach for automatic bug detection is presented and analysed.  Using KLEE, a tool that can explore all the possible paths in a piece of code, bugs can be discovered. As an example for bug detection in a security software, the Heartbleed bug that affected the OpenSSL library is analysed. The behaviour of this bug is explained here, and KLEE is used to expose this bug. If this worked, it would be useful for developers in order to prevent dangerous bugs from staying undetected.

The results show that the tool is not ready to be used in real software due to its limitations. However, despite the difficulties these limitations pose, KLEE proves to be useful in a controlled scenario. As long as the software is kept simple, the tool can be used toeffectively execute all the code. With some improvements, it could be a major step for a future without bugs.

Place, publisher, year, edition, pages
2014.
Series
IT, 14 044
National Category
Engineering and Technology
Identifiers
URN: urn:nbn:se:uu:diva-229586OAI: oai:DiVA.org:uu-229586DiVA: diva2:737077
Educational program
Freestanding course
Supervisors
Examiners
Available from: 2014-08-11 Created: 2014-08-11 Last updated: 2014-11-04Bibliographically approved

Open Access in DiVA

fulltext(436 kB)230 downloads
File information
File name FULLTEXT01.pdfFile size 436 kBChecksum SHA-512
58f6c4a9eac68d1d8cd887ac2b55b7c5f71306a484788e207453d3bcad7a7d67cda9be1c5663b6f8f915f2acdc29fae64217ff391093c2d651cd316452b9e65c
Type fulltextMimetype application/pdf

By organisation
Department of Information Technology
Engineering and Technology

Search outside of DiVA

GoogleGoogle Scholar
Total: 230 downloads
The number of downloads is the sum of all downloads of full texts. It may include eg previous versions that are now no longer available

urn-nbn

Altmetric score

urn-nbn
Total: 571 hits
CiteExportLink to record
Permanent link

Direct link
Cite
Citation style
  • apa
  • ieee
  • modern-language-association
  • vancouver
  • Other style
More styles
Language
  • de-DE
  • en-GB
  • en-US
  • fi-FI
  • nn-NO
  • nn-NB
  • sv-SE
  • Other locale
More languages
Output format
  • html
  • text
  • asciidoc
  • rtf