Divide and conquer based symbolic vulnerability detection

Scherb, Christopher; Heitz, Luc; Grieder, Hermann

Divide and conquer based symbolic vulnerability detection

Files

Divide and Conquer based Symbolic Vulnerability Detection.pdf(1.03 MB)

Authors

Scherb, Christopher

Heitz, Luc

Grieder, Hermann

Author (Corporation)

Publication date

26.09.2025

Typ of student thesis

Course of study

Collections

Institute of Mobile and Distributed Systems

Full item page

Type

05 - Research report or working paper

Editors

Editor (Corporation)

Supervisor

Parent work

Special issue

DOI of the original publication

https://doi.org/10.48550/arXiv.2409.13478

URI

https://irf.fhnw.ch/handle/11654/53207
https://doi.org/10.26041/fhnw-13919

Link

Series

Series number

Volume

Issue / Number

Pages / Duration

Patent number

Publisher / Publishing institution

arxiv

Place of publication / Event location

Ithaca

Edition

Version

Programming language

Assignee

Practice partner / Client

Abstract

In modern software development, vulnerability detection is crucial due to the inevitability of bugs and vulnerabilities in complex software systems. Effective detection and elimination of these vulnerabilities during the testing phase are essential. Current methods, such as fuzzing, are widely used for this purpose. While fuzzing is efficient in identifying a broad range of bugs and vulnerabilities by using random mutations or generations, it does not guarantee correctness or absence of vulnerabilities. Therefore, non-random methods are preferable for ensuring the safety and security of critical infrastructure and control systems. This paper presents a vulnerability detection approach based on symbolic execution and control flow graph analysis to identify various types of software weaknesses. Our approach employs a divide-and-conquer algorithm to eliminate irrelevant program information, thus accelerating the process and enabling the analysis of larger programs compared to traditional symbolic execution and model checking methods.

Keywords

Subject (DDC)

004 - Computer Wissenschaften, Internet
005 - Computer Programmierung, Programme und Daten

Project

Event

Exhibition start date

Exhibition end date

Conference start date

Conference end date

Date of the last check

ISBN

ISSN

Language

English

Created during FHNW affiliation

Yes

Strategic action fields FHNW

Publication status

Published

Review

No peer review

Open access category

License

Citation

Scherb, C., Heitz, L., & Grieder, H. (2025). Divide and conquer based symbolic vulnerability detection. arxiv. https://doi.org/10.48550/arXiv.2409.13478

Full item page