Successfully reported this slideshow.
We use your LinkedIn profile and activity data to personalize ads and to show you more relevant ads. You can change your ad preferences anytime.

화이트박스 테스팅

125 views

Published on

화이트박스 테스팅 Monsterz
symbolic execution, static analysis, blackbox testing, white box testing, concolic, smt solver

Published in: Data & Analytics
  • Be the first to comment

  • Be the first to like this

화이트박스 테스팅

  1. 1. 2015.05.29
  2. 2. Who am I • @dongsamb •BoB 1st •SW Maestro 4th •Korea Univ. M.S./Ph.D Integrated Course Student
  3. 3. Black-box Testing vs White-box Testing
  4. 4. 2014, HeartBleed, ShellShork
  5. 5. Symbolic Execution
  6. 6. Symbolic Execution PC: {True} [x1 = i1]
  7. 7. Symbolic Execution PC: {True} [x1 = i1, y1 = i2]
  8. 8. Symbolic Execution PC: { x1 > 80 ?} [x1 = i1, y1 = i2]
  9. 9. Symbolic Execution PC: { x1 > 80} [x2 = y1 * 2, y1 = i2]
  10. 10. Symbolic Execution PC: { x1 > 80} [x2 = y1 * 2, y2 = 0]
  11. 11. Symbolic Execution PC: { x1 > 80 ∧ x2 == 256 ?} [x2 = y1 * 2, y2 = 0]
  12. 12. Symbolic Execution PC: { x1 > 80 ∧ x2 == 256} [x2 = y1 * 2, y2 = 0]
 (x1 > 80) ∧ (x2 == 256)
  13. 13. Symbolic Execution PC: { x1 <= 80} [x1 = i1, y1 = i2]
  14. 14. Symbolic Execution PC: { x1 <= 80} [x2 = 0, y1 = i2]
  15. 15. Symbolic Execution PC: { x1 <= 80} [x2 = 0, y2 = 0]
  16. 16. Symbolic Execution PC: { (x1 <= 80) ∨ ((x1 > 80) ∧ (x2 != 256)) } [ (x2 = 0, y2 = 0) ∨ (x2 = y1 * 2, y2 = 0) ]
  17. 17. •CUTE ( 2005 ) •CONCrete + symbOLIC •dynamic symbolic execution • (Feasible) 
 ,
 - , , • , Concolic Testing
  18. 18. •KLEE ( Stanford, 2008 ) •LLVM •Constraint Solver Concolic Testing
  19. 19. •CREST (Heuristics for Dynamic Test Generation,2008) •Yices2 •Z3 - Microsoft Concolic Testing + SMT Solver
  20. 20. CREST-BV (2013, KAIST) Concolic Testing + SMT Solver
  21. 21. Concolic + @ Mayhem (2012, CMU)
  22. 22. •BitBlaze(2008, UC Berkeley) •BuzzFuzz(2009, MIT) •AEG:Automatic Exploit Generation(2011, CMU) •Enhancing Symbolic Execution with Veritesting(2014, CMU) Concolic + @
  23. 23. Concolic + @
  24. 24. Code Reuse
  25. 25. •Metadata analysis •Static source code analysis •Source code differencing and 
 analysis Software metrics •Visualization •Clone detection •Frequent-pattern mining •Social network analysis Code reuse ( code clone)
  26. 26. Products
  27. 27. Products
  28. 28. Products
  29. 29. Products
  30. 30. Thanks! •QnA?

×