Execution Path Detection through Dynamic Analysis in Black-Box Testing Environments

Execution Path Detection through Dynamic Analysis in Black-Box Testing Environments

연구 분야: Analysis

학회: ASE '22: Proceedings of the 37th IEEE/ACM International Conference on Automated Software Engineering

Path coverage is the process of measuring the fraction of execution paths that are taken during run-time in a software by a given set of inputs. It is commonly used to assess the stability, security, and functionality of an application; therefore, this is closely associated with software testing. Path coverage requires knowledge of the software’s source code (white-box testing), specifically the software’s potential execution paths; however, the problem becomes more challenging when the source code is not available and path coverage must be done using only the software’s binary code. This can occur if the software is a product, the software is a legacy system, or the source code is not available (e.g. contracted software or permission-less). This paper investigates how black-box path detection and discovery can be achieved using execution fingerprints that are a concise frequency representation of a software’s executed assembly instructions. Execution fingerprints can be used to identify which inputs exercised different sections of code, thus revealing execution paths. Experimental results show that clustering execution fingerprints can be used to differentiate the execution paths of software and provide a method to detect these different paths all inside a true black-box testing environment