首页|A Systematic Literature Review of Software Vulnerability Mining Approaches Based on Symbolic Execution
A Systematic Literature Review of Software Vulnerability Mining Approaches Based on Symbolic Execution
扫码查看
点击上方二维码区域,可以放大扫码查看
原文链接
NETL
NSTL
World Scientific
With the rapid development of the software industry, the escalating issue of software vulnerabilities has posed significant risks to users. Symbolic execution as a vulnerability mining technology offers a high-test coverage. The existing reviews of symbolic execution methods focus on summarizing various techniques and tools. While some studies have analyzed the technical challenges, classification frameworks and development trends of these methods, they lack a comprehensive and systematic review. This study aims to address the gap in existing reviews by providing a comprehensive, systematic analysis of symbolic execution techniques for vulnerability mining. We conducted a detailed review of 60 peer-reviewed papers published between 2005 and 2024, focusing on symbolic execution techniques for vulnerability mining. First, we reviewed the main techniques used in the symbolic execution process, including program instrumentation, path selection strategy and constraint-solving techniques. Second, we extracted the main information from the selected papers, and the detailed information on the symbolic execution tools is in the form of a table. Compared and analyzed the research object, the execution process at the same time, the software architecture and the application on different system platforms. Finally, we present a comprehensive and systematic summary of current challenges and corresponding solutions in the field. This study provides an in-depth analysis of vulnerability detection technologies based on symbolic execution, serving as a valuable guide for researchers in this domain.
College of Computer Science and Technology Nanjing University of Aeronautics and Astronautics, Nanjing, P. R. China
School of Information Science and Engineering, Yanshan University Qinhuangdao, P. R. China||The Key Laboratory of Software Engineering, Yanshan University Qinhuangdao, P. R. China
School of Information Science and Engineering Yanshan University, Qinhuangdao, P. R. China||China University of Petroleum-Beijing at Karamay College of Petroleum, P. R. China
NETL
NSTL
World Scientific
