FuSeBMC: An Energy-Efficient Verifier for Finding Security Vulnerabilities in C Programs

EasyChair Preprint no. 5128

Abstract

We describe and evaluate a novel approach FuSeBMC that exploits fuzzing and BMC engines to detect security vulnerability in C programs. It explores and analyzes the target C program by injecting labels that guide those engines to produce test-cases. FuSeBMC also exploits selective fuzzer to produce test-cases for the labels that fuzzing and BMC engines could not produce test-cases. Lastly, we manage each engine's execution time to improve FuSeBMC's energy consumption. As a result, FuSeBMC guides the fuzzing and BMC engines to explore more profound in the target C programs and then produce test-cases that achieve higher coverage with lower energy consumption to detect bugs efficiently. We evaluated FuSeBMC by participating in Test-Comp 2021 to test the ability of the tool in two categories of the competition, which are code coverage and bug detection. The competition results show that FuSeBMC performs well if compared to the state-of-the-art software testing tools. FuSeBMC achieved 3 awards in the Test-Comp 2021: first place in the Cover-Error category, second place in the Overall category, and third place in the Low Energy Consumption.

Keyphrases: automated test generation, Bounded Model Checking, Fuzzing, Security

@Booklet{EasyChair:5128,
  author = {Kaled Alshmrany and Mohannad Aldughaim and Ahmed Bhayat and Lucas Cordeiro},
  title = {FuSeBMC: An Energy-Efficient Verifier for Finding Security Vulnerabilities in C Programs},
  howpublished = {EasyChair Preprint no. 5128},

  year = {EasyChair, 2021}}