Successfully reported this slideshow.
We use your LinkedIn profile and activity data to personalize ads and to show you more relevant ads. You can change your ad preferences anytime.
Team bi0s
Amrita Center for Cybersecurity,
Amritapuri
Selective Symbolic Execution
Shivkrishna Anil
1
Team bi0s
Amrita Center for Cybersecurity,
Amritapuri
Agenda
● Introduction
● S2E
● Analysing a simple program
● Demo Vide...
Team bi0s
Amrita Center for Cybersecurity,
Amritapuri
@shivnambiar1
● Member of Team bi0s
● Final Year Computer Science st...
Team bi0s
Amrita Center for Cybersecurity,
Amritapuri
Symbolic??
● Analyzing a program to determine inputs that cause a pa...
Team bi0s
Amrita Center for Cybersecurity,
Amritapuri
Path Constraints
5Example of Symbolic Execution : https://goo.gl/qqv...
Team bi0s
Amrita Center for Cybersecurity,
Amritapuri
S2E
● Selective Symbolic Execution
● Automated path explorer with mo...
Team bi0s
Amrita Center for Cybersecurity,
Amritapuri
Why S2E?
● A technique for creating the illusion of full system symb...
Team bi0s
Amrita Center for Cybersecurity,
Amritapuri
Comparison
● Works for very large programs like a whole windows stac...
Team bi0s
Amrita Center for Cybersecurity,
Amritapuri
The Working of Transition
Multi-path / Single-path execution : http:...
Team bi0s
Amrita Center for Cybersecurity,
Amritapuri
S2E Architecture
S2E Architecture : http://s2e.epfl.ch/images/s2e-vm...
Team bi0s
Amrita Center for Cybersecurity,
Amritapuri
Code Walkthrough
11
Team bi0s
Amrita Center for Cybersecurity,
Amritapuri
12
Code Walkthrough (contd)
Team bi0s
Amrita Center for Cybersecurity,
Amritapuri
Tree Diagram
13
Input Set
of all
characters
Team bi0s
Amrita Center for Cybersecurity,
Amritapuri
Live Demo
14
Team bi0s
Amrita Center for Cybersecurity,
Amritapuri
Limitations
● Exhausts memory when state forking increases considera...
Team bi0s
Amrita Center for Cybersecurity,
Amritapuri
Further Reading
● S2E: A Platform for In-Vivo Multi-Path Analysis of...
Team bi0s
Amrita Center for Cybersecurity,
Amritapuri
Questions??
17
Upcoming SlideShare
Loading in …5
×

S2 e (selective symbolic execution) -shivkrishna a

357 views

Published on

S2 e (selective symbolic execution) by shivkrishna a

More info : https://cysinfo.com/10th-quarterly-meetup-29th-july-2017/

Published in: Technology
  • Be the first to comment

  • Be the first to like this

S2 e (selective symbolic execution) -shivkrishna a

  1. 1. Team bi0s Amrita Center for Cybersecurity, Amritapuri Selective Symbolic Execution Shivkrishna Anil 1
  2. 2. Team bi0s Amrita Center for Cybersecurity, Amritapuri Agenda ● Introduction ● S2E ● Analysing a simple program ● Demo Video 2
  3. 3. Team bi0s Amrita Center for Cybersecurity, Amritapuri @shivnambiar1 ● Member of Team bi0s ● Final Year Computer Science student at Amrita University ● Focuses on Memory Forensics, Disk Forensics and Steganography ● Working on a plugin for S2E 3
  4. 4. Team bi0s Amrita Center for Cybersecurity, Amritapuri Symbolic?? ● Analyzing a program to determine inputs that cause a part of a program to execute ● S2E, Angr, Mayhem, Triton, KLEE ● Useful for generating test cases with exhaustive code coverage ● Works on obfuscated binaries 4
  5. 5. Team bi0s Amrita Center for Cybersecurity, Amritapuri Path Constraints 5Example of Symbolic Execution : https://goo.gl/qqv6Pw
  6. 6. Team bi0s Amrita Center for Cybersecurity, Amritapuri S2E ● Selective Symbolic Execution ● Automated path explorer with modular path analyzers ● S2E - A platform for developing multi-path in-vivo analysis tools ● Contender for CGC 2016 ● Emulates an entire virtual machine instead of an executable ● Random path selection and DFS 6
  7. 7. Team bi0s Amrita Center for Cybersecurity, Amritapuri Why S2E? ● A technique for creating the illusion of full system symbolic execution, while symbolically running only the code that is of interest to the developer ● Can interact with the environment ● Input can switch from symbolic to concrete domain and vice versa 7
  8. 8. Team bi0s Amrita Center for Cybersecurity, Amritapuri Comparison ● Works for very large programs like a whole windows stack frame ● Implemented at the Kernel level ● Does not exhaust System resources as compared to other Symbolic engines 8
  9. 9. Team bi0s Amrita Center for Cybersecurity, Amritapuri The Working of Transition Multi-path / Single-path execution : http://s2e.epfl.ch/images/s2e-sel.png 9
  10. 10. Team bi0s Amrita Center for Cybersecurity, Amritapuri S2E Architecture S2E Architecture : http://s2e.epfl.ch/images/s2e-vm.png 10
  11. 11. Team bi0s Amrita Center for Cybersecurity, Amritapuri Code Walkthrough 11
  12. 12. Team bi0s Amrita Center for Cybersecurity, Amritapuri 12 Code Walkthrough (contd)
  13. 13. Team bi0s Amrita Center for Cybersecurity, Amritapuri Tree Diagram 13 Input Set of all characters
  14. 14. Team bi0s Amrita Center for Cybersecurity, Amritapuri Live Demo 14
  15. 15. Team bi0s Amrita Center for Cybersecurity, Amritapuri Limitations ● Exhausts memory when state forking increases considerably ● Maximum of 2 arguments can only be passed ● S2E can only run on a shared-memory architecture ● Code coverage is low as it doesn't consider under constrained and over constrained symbols 15
  16. 16. Team bi0s Amrita Center for Cybersecurity, Amritapuri Further Reading ● S2E: A Platform for In-Vivo Multi-Path Analysis of Software Systems ● Selective Symbolic Execution ● A Survey of Symbolic Execution Techniques 16
  17. 17. Team bi0s Amrita Center for Cybersecurity, Amritapuri Questions?? 17

×