Обзор методов динамического анализа программного обеспечения

Данная статья представляет собой обзор методов динамического анализа программного обеспечения (ПО), в котором основное внимание уделено методам, имеющим инструментальную поддержку, нацеленным на проверку безопасности и защищенности и применимым к системному ПО. Подробно рассмотрены техники фаззинга, верификационного мониторинга и динамической символьной интерпретации. Методы и средства динамического анализа помеченных данных исключены из обзора из-за трудностей сбора технической информации о них. При рассмотрении фаззинга и динамической символьной интерпретации больше внимания уделено не отдельным инструментам, которых известно уже более 100, а техникам решения различных задач, возникающих при их работе. Также рассмотрены техники снижения эффективности фаззинга.

1. M. Ozkan-Okay, R. Samet, Ö. Aslan, and D. Gupta. A Comprehensive Systematic Literature Review on Intrusion Detection Systems. IEEE Access, vol. 9, pp. 157727-157760, 2021, doi: 10.1109/ACCESS.2021.3129336

2. L. Santos, C. Rabadao, and R. Gonçalves. Intrusion Detection Systems in Internet of Things: A literature review. Proc. of 13-th Iberian Conference on Information Systems and Technologies (CISTI), Caceres, Spain, 2018, pp. 1-7, doi: 10.23919/CISTI.2018.8399291

3. H. Zhu, P. A. V. Hall, and J. H. R. May. Software Unit Test Coverage and Adequacy. ACM Computing Surveys, 29(4):366-427, 1997. doi: 10.1145/267580.267590

4. M. Sutton, A. Greene, and P. Amini. Fuzzing: Brute Force Vulnerability Discovery. Addison-Wesley, 2007. ISBN: 9780321446114

5. J. Newsome and D. Song. Dynamic Taint Analysis for Automatic Detection, Analysis, and Signature Generation of Exploits on Commodity Software. Proc. of Network and Distributed System Security Simposium, 2005. doi: 10.1184/R1/6468716.v1

6. E. J. Schwartz, T. Avgerinos, and D. Brumley. All You Ever Wanted to Know about Dynamic Taint Analysis and Forward Symbolic Execution (but Might Have Been Afraid to Ask). Proc. of IEEE Symposium on Security and Privacy, pp. 317-331, 2010. doi: 10.1109/SP.2010.26

7. T. Wang, T. Wei, G. Gu, and W. Zou. TaintScope: a Checksum-aware Directed Fuzzing Tool for Automatic Software Vulnerability Detection. Proc. of IEEE Symposium on Security and Privacy, pp. 497-512, 2010. doi: 10.1109/SP.2010.37

8. B. P. Miller, L. Fredriksen, and B. So. An Empirical Study of the Reliability of UNIX Utilities. Communications of the ACM, 33(12):32-44, 1990. doi: 10.1145/96267.96279

9. The Cyber Grand Challenge. URL: https://blogs.grammatech.com/the-cyber-grand-challenge (доступ 13.06.2023)

10. N. Stephens, J. Grosen, C. Salls, A. Dutcher, R. Wang, J. Corbetta, Y. Shoshitaishvili, C. Krügel, and G. Vigna. Driller: Augmenting Fuzzing Through Selective Symbolic Execution. Proc. of Network and Distributed System Security Symposium. 2016. doi: 10.14722/NDSS.2016.23368

11. P. Goodman and A. Dinaburg. The Past, Present, and Future of Cyberdyne. IEEE Security & Privacy, 16(2):61-69, 2018. doi: 10.1109/MSP.2018.1870859

12. Cisco Secure Development Lifecycle. URL: https://www.cisco.com/c/en/us/about/trust-center/technology-built-in-security.html#~trustworthysolutionsfeatures (доступ 13.06.2023)

13. Chromium Security. URL: https://www.chromium.org/Home/chromium-security/bugs/ (доступ 13.06.2023)

14. Clusterfuzz. Chrome Fuzzing Infrastructure. URL: https://code.google.com/archive/p/clusterfuzz/ (доступ 13.06.2023)

15. M. Aizatsky, K. Serebryany, O. Chang, A. Arya, and M. Whittaker. Announcing OSS-Fuzz: Continuous fuzzing for open source software. Google Open Source Blog, 2016. URL: https://opensource.googleblog.com/2016/12/announcing-oss-fuzz-continuous-fuzzing.html (доступ 13.06.2023)

16. Microsoft Security Development Lifecycle. URL: https://www.microsoft.com/en-us/securityengineering/sdl/practices (доступ 13.06.2023)

17. E. Bounimova, P. Godefroid, and D. Molnar. Billions and billions of constraints: Whitebox fuzz testing in production. Proc. of 35-th International Conference on Software Engineering (ICSE), San Francisco, USA, 2013, pp. 122-131, doi: 10.1109/ICSE.2013.6606558

18. Fuzzing Survey URL: https://fuzzing-survey.org/ (доступ 15.06.2023)

19. N. Rathaus, G. Evron. Open Source Fuzzing Tools. Syngress, 2007. ISBN: 9781597491952

20. A. Takanen, J. D. DeMott, C. Miller, and A. Kettunen. Fuzzing for Software Security Testing and Quality Assurance. 2-nd ed. Artech House, 2018. ISBN: 9781608078509

21. J. Li, B. Zhao, and C. Zhang. Fuzzing: a Survey. Cybersecurity 1, 6, 2018. doi: 10.1186/s42400-018-0002-y

22. C. Chen, B. Cui, J. Ma, R. Wu, J. Guo, and W. Liu. A Systematic Review of Fuzzing Techniques. Computers & Security, 75:118-137, 2018. doi: 10.1016/j.cose.2018.02.002

23. V. J. M. Manes, H. Han, C. Han, S. K. Cha, M. Egele, E. J. Schwartz, and M. Woo. The Art, Science, and Engineering of Fuzzing: A Survey. IEEE Transactions on Software Engineering, 47(11):2312-2331, 2021. doi: 10.1109/TSE.2019.2946563. URL: http://arxiv.org/abs/1812.00140

24. H. Liang, X. Pei, X. Jia, W. Shen, and J. Zhang. Fuzzing: State of the Art. IEEE Transactions on Reliability, 67(3):1199-1218, 2018. doi: 10.1109/TR.2018.2834476

25. А. В. Вишняков. Поиск ошибок в бинарном коде методами динамической символьной интерпретации. Диссертация на соискание учёной степени к. ф.-м.н., ИСП РАН, Москва, 2022.

26. A. Fioraldi, D. C. Maier, D. Zhang, and D. Balzarotti. LibAFL: a Framework to Build Modular and Reusable Fuzzers. Proc of ACM SIGSAC Conference on Computer and Communication Security, pp. 1051-1065, 2022. doi: 10.1145/3548606.3560602

27. C.-K. Luk, R. Cohn, R. Muth, H. Patil, A. Klauser, G. Lowney, S. Wallace, V. J. Reddi, and K. Hazelwood. Pin: Building Customized Program Analysis Tools with Dynamic Instrumentation. ACM SIGPLAN Notices, 40(6):190-200, 2005. doi: 10.1145/1064978.1065034

28. F. Bellard. QEMU, a Fast and Portable Dynamic Translator. Proc. of ATEC’05, USENIX Annual Technical Conference, pp. 41-46, 2005. doi: 10.5555/1247360.1247401

29. Dyninst. URL: https://dyninst.org/dyninst (доступ 05.12.2023)

30. Dyninst GitHub. URL: https://github.com/dyninst/dyninst (доступ 05.12.2023)

31. D. L. Bruening. Efficient, Transparent, and Comprehensive Runtime Code Manipulation. Ph.D. thesis, Massachusetts Institute of Technology, 2004.

32. DynamoRIO. URL: https://github.com/DynamoRIO/dynamorio (доступ 05.12.2023)

33. M. Zalewski. American Fuzzy Lop. URL: https://github.com/mirrorer/afl (доступ 14.06.2023)

34. AFL, supported by Google. URL: https://github.com/google/AFL (доступ 19.06.2023)

35. D. Oleksiuk. IOCTL Fuzzer. URL: https://github.com/Cr4sh/ioctlfuzzer (доступ 14.06.2023)

36. J. Chen, W. Diao, Q. Zhao, C. Zuo, Z. Lin, X. Wang, W. C. Lau, M. Sun, R. Yang, and K. Zhang. IoTFuzzer: Discovering Memory Corruptions in IoT through App-based Fuzzing. Proc. of the Network and Distributed System Security Symposium, 2018. doi:10.14722/ndss.2018.23159

37. D. Babić, S. Bucur, Y. Chen, F. Ivančić, T. King, M. Kusano, C. Lemieux, L. Szekeres, and W. Wang. FUDGE: Fuzz Driver Generation at Scale. Proc. of 27-th ACM Joint Meeting on European Software Engineering Conference and Symposium on the Foundations of Software Engineering, pp. 975-985, 2019. doi: 10.1145/3338906.3340456

38. K. K. Ispoglou, D. Austin, V. Mohan, and M. Payer. FuzzGen: Automatic Fuzzer Generation. Proc. of 29-th USENIX Security Symposium, pp. 2271-2287, 2020. doi: 10.5555/3489212.3489340

39. M. Zhang, J. Liu, F. Ma, H. Zhang, and Y. Jiang. IntelliGen: Automatic Driver Synthesis for Fuzz Testing. Proc. of IEEE/ACM 43-rd International Conference on Software Engineering: Software Engineering in Practice, pp. 318-327, 2021. doi: 10.1109/ICSE-SEIP52600.2021.00041. URL: https://arxiv.org/abs/2103.00862

40. GRR. URL: https://github.com/lifting-bits/grr (доступ 14.06.2023)

41. LibFuzzer – a Library for Coverage-guided Fuzz Testing. URL: https://llvm.org/docs/LibFuzzer.html (доступ 14.06.2023)

42. R. Swiecki and F. Gröbert. Honggfuzz. https://github.com/google/honggfuzz (доступ 16.06.2023)

43. K. Sen. Effective random testing of concurrent programs. Proc. of 22-th IEEE/ACM International Conference on Automated Software Engineering, pp. 323-332, 2007. doi: 10.1145/1321631.1321679

44. P. Joshi, C.-S. Park, K. Sen, and M. Naik. A Randomized Dynamic Program Analysis Technique for Detecting Real Deadlocks. ACM SIGPLAN Notices, 44(6):110-120, 2009. doi: 10.1145/1543135.1542489

45. Z. Lai, S. Cheung, and W. Chan. Detecting Atomic-set Serializability Violations in Multithreaded Programs through Active Randomized Testing. Proc. of 32-nd ACM/IEEE International Conference on Software Engineering, 1:235-244, 2010. doi: 10.1145/1806799.1806836

46. Y. Cai and W. K. Chan. MagicFuzzer: Scalable deadlock detection for large-scale applications. Proc. of 34-th International Conference on Software Engineering (ICSE), Zurich, Switzerland, pp. 606-616, 2012. doi: 10.1109/ICSE.2012.6227156

47. M. Samak, M. K. Ramanathan, and S. Jagannathan. Synthesizing racy tests. Proc. of 36-th ACM SIGPLAN Conference on Programming Language Design and Implementation, pp. 175–185, 2015. doi: 10.1145/2737924.2737998

48. V. Ganesh, T. Leek, and M. Rinard. Taint-based Directed Whitebox Fuzzing. Proc. of 31-st International Conference on Software Engineering (ICSE’09), pp. 474-484, 2009. doi: 10.1109/ICSE.2009.5070546

49. I. Haller, A. Slowinska, M. Neugschwandtner, and H. Bos. Dowsing for Overflows: a Guided Fuzzer to Find Buffer Boundary Violations. Proc. of 22-nd USENIX Security Symposium, pp. 49-64, 2013. doi: 10.5555/2534766.2534772

50. L. Ma, C. Artho, C. Zhang, H. Sato, J. Gmeiner, and R. Ramler. GRT: Program-Analysis-Guided Random Testing. Proc. of 30-th IEEE/ACM International Conference on Automated Software Engineering, pp. 212-223, 2015. doi: 10.1109/ASE.2015.49

51. S. Rawat, V. Jain, A. Kumar, L. Cojocar, C. Giuffrida, and H. Bos. VUzzer: Application-aware Evolutionary Fuzzing. Proc. of Network and Distributed System Security Symposium, 2017. doi: 10.14722/NDSS.2017.23404

52. H. Peng, Y. Shoshitaishvili and M. Payer. T-Fuzz: Fuzzing by Program Transformation. Proc. of IEEE Symposium on Security and Privacy, pp. 697-710, 2018. doi: 10.1109/SP.2018.00056

53. Репозиторий FFmpeg. URL: http://samples.ffmpeg.org/ (доступ 16.06.2023)

54. CERT BFF. URL: https://resources.sei.cmu.edu/library/asset-view.cfm?assetID=507974 (доступ 15.06.2023)

55. A. D. Householder and J. Foote. Probability-Based Parameter Selection for Black-Box Fuzz Testing. SEI Technical Note, CMU/SEI-2012-TN-019, 2012. doi:10.21236/ada610472

56. M. Woo, S. K. Cha, S. Gottlieb, and D. Brumley. Scheduling Black-box Mutational Fuzzing. Proc. of ACM SIGSAC Conference on Computer & Communications Security (CCS '13), pp. 511-522, 2013. doi: 10.1145/2508859.2516736

57. M. Böhme, V.-T. Pham, and A. Roychoudhury. Coverage-based Greybox Fuzzing as Markov Chain. Proc. of ACM SIGSAC Conference on Computer and Communications Security (CCS '16), pp. 1032-1043, 2016. doi: 10.1145/2976749.2978428

58. Syzkaller – kernel fuzzer. URL: https://github.com/google/syzkaller (доступ 15.06.2023)

59. D. Vyukov. go-fuzz. URL: https://github.com/dvyukov/go-fuzz (доступ 19.06.2023)

60. Y. Li, B. Chen, M. Chandramohan, S.-W. Lin, Y. Liu, and A. Tiu. Steelix: Program-State Based Binary Fuzzing. Proc. of 11-th Joint Meeting on Foundations of Software Engineering, pp. 627-637, 2017. doi: 10.1145/3106237.3106295

61. P. Chen and H. Chen. Angora: Efficient Fuzzing by Principled Search. Proc. of IEEE Symposium on Security and Privacy, pp. 711-725, 2018. doi: 10.1109/SP.2018.00046

62. M. Böhme, V.-T. Pham, M.-D. Nguyen, and A. Roychoudhury. Directed Greybox Fuzzing. Proc. of ACM SIGSAC Conference on Computer and Communications Security (CCS '17), pp. 2329-2344, 2017. doi: 10.1145/3133956.3134020

63. S. Wang, J. Nam, and L. Tan. QTEP: Quality-aware Test Case Prioritization. Proc. of 11-th Joint Meeting on Foundations of Software Engineering (ESEC/FSE 2017), pp. 523-534, 2017. doi: 10.1145/3106237.3106258

64. M. Eddington. Peach Fuzzer. URL: https://peachtech.gitlab.io/peach-fuzzer-community/ (доступ 13.06.2023)

65. C. Aschermann, T. Frassetto, T. Holz, P. Jauernig, A. Sadeghi, and D. Teuchert. NAUTILUS: Fishing for Deep Bugs with Grammars. Proc. of Network and Distributed System Security Symposium, 2019. doi: 10.14722/ndss.2019.23412

66. S. Bradshaw. Fuzzer Automation with SPIKE. URL: https://resources.infosecinstitute.com/topic/fuzzer-automation-with-spike/ (доступ 13.06.2023)

67. SPIKE Protocol Fuzzer Creation Kit. URL: https://github.com/guilhermeferreira/spikepp (доступ 13.06.2023)

68. P. Amini, A. Portnoy, and R. Sears. Sulley. URL: https://github.com/OpenRCE/sulley (доступ 15.06.2023)

69. R. Kaksonen, M. Laakso, and A. Takanen. Software security assessment through specification mutations and fault injection. In: R. Steinmetz, J. Dittman, M. Steinebach (eds). Communications and Multimedia Security Issues of the New Century. IFIP — The International Federation for Information Processing, vol 64. Springer, pp. 173-183, 2001. doi: 10.1007/978-0-387-35413-2_16

70. G. Banks, M. Cova, V. Felmetsger, K. Almeroth, R. Kemmerer, and G. Vigna. SNOOZE: Toward a Stateful NetwOrk prOtocol fuzZEr. In: S. K. Katsikas, J. López, M. Backes, S. Gritzalis, and B. Preneel (eds). Information Security, ISC 2006. Lecture Notes in Computer Science, 4176, pp. 343-358. Springer, 2006. doi: 10.1007/11836810_25

71. H. J. Abdelnur, R. State, and O. Festor. KiF: a Stateful SIP Fuzzer. Principles, Systems and Applications of IP Telecommunications, 2007. doi: 10.1145/1326304.1326313

72. W. Johansson, M. Svensson, U. E. Larson, M. Almgren, and V. Gulisano. T-Fuzz: Model-Based Fuzzing for Robustness Testing of Telecommunication Protocols. Proc. of IEEE 7-th International Conference on Software Testing, Verification and Validation, pp. 323-332, 2014. doi: 10.1109/ICST.2014.45

73. Trinity: Linux System Call Fuzzer. URL: https://github.com/kernelslacker/trinity (доступ 13.06.2023)

74. KernelFuzzer. URL: https://github.com/FSecureLABS/KernelFuzzer (доступ 15.06.2023)

75. P. Godefroid, A. Kiezun, and M. Y. Levin. Grammar-based Whitebox Fuzzing. Proc. of 29-th ACM SIGPLAN Conference on Programming Language Design and Implementation, pp. 206–215, 2008. doi: 10.1145/1375581.1375607

76. V.-T. Pham, M. Böhme, and A. Roychoudhury. Model-based Whitebox Fuzzing for Program Binaries. Proc. of 31-st IEEE/ACM International Conference on Automated Software Engineering, pp. 543-553, 2016. doi: 10.1145/2970276.2970316

77. S. Y. Kim, S. Lee, I. Yun, W. Xu, B. Lee, Y. Yun, and T. Kim. CAB-Fuzz: Practical Concolic Testing Techniques for COTS Operating Systems. Proc. of USENIX Annual Technical Conference, pp. 689-701, 2017. doi: 10.5555/3154690.3154755

78. DOMFuzz. URL: https://github.com/MozillaSecurity/domfuzz (доступ 16.06.2023)

79. Jzfunfuzz. URL: https://github.com/MozillaSecurity/funfuzz (доступ 16.06.2023)

80. C. Brubaker, S. Jana, B. Ray, S. Khurshid, V. Shmatikov. Using Frankencerts for Automated Adversarial Testing of Certificate Validation in SSL/TLS Implementations. Proc. of IEEE Symposium on Security and Privacy, pp. 114-129, 2014. doi: 10.1109/SP.2014.15

81. H. Kario. Tlfuzzer. URL: https://github.com/tlsfuzzer/tlsfuzzer (доступ 16.06.2023)

82. J. Somorovsky. Systematic Fuzzing and Testing of TLS Libraries. Proc. of ACM SIGSAC Conference on Computer and Communications Security, pp. 1492-1504, 2016. doi: 10.1145/2976749.2978411

83. J. Wang, B. Chen, L. Wei, and Y. Liu. Skyfire: Data-driven Seed Generation for Fuzzing. Proc. of the IEEE Symposium on Security and Privacy, pp. 579-594, 2017. doi: 10.1109/SP.2017.23

84. L. Della Toffola, C. A. Staicu, and M. Pradel. Saying ‘hi!’ is not Enough: Mining Inputs for Effective Test Generation. Proc. of 32-nd IEEE/ACM International Conference on Automated Software Engineering, pp. 44-49, 2017. doi: 10.5555/3155562.3155572

85. H. Han, D. Oh, and S. K. Cha. CodeAlchemist: Semantics-aware Code Generation to Find Vulnerabilities in Javascript Engines. Proc. of Network and Distributed System Security Symposium, 2019. doi: 10.14722/ndss.2019.23263

86. H. Han and S. K. Chaю IMF: Inferred Model-based Fuzzer. Proc. of ACM SIGSAC Conference on Computer and Communications Security, pp. 2345-2358, 2017. doi: 10.1145/3133956.3134103

87. P. Godefroid, H. Peleg, and R. Singh. Learn&Fuzz: Machine Learning for Input Fuzzing. Proc. of 32-nd IEEE/ACM International Conference on Automated Software Engineering, pp 50-59, 2017. doi: 10.48550/arXiv.1701.07232. URL: https://arxiv.org/abs/1701.07232

88. P. Liu, X. Zhang, M. Pistoia, Y. Zheng, M. Marques, and L. Zeng. Automatic Text Input Generation for Mobile Testing. Proc. of IEEE/ACM 39-th International Conference on Software Engineering (ICSE), pp. 643-653, 2017. doi: 10.1109/ICSE.2017.65

89. M. Höschele and A. Zeller. Mining Input Grammars from Dynamic Taints. Proc. of 31-st IEEE/ACM International Conference on Automated Software Engineering (ASE), pp. 720-725, 2016. doi: 10.1145/2970276.2970321

90. O. Bastani, R. Sharma, A. Aiken, and P. Liang. Synthesizing Program Input Grammars. Proc. of 38-th ACM SIGPLAN Conference on Programming Language Design and Implementation, pp. 95-110, 2017. doi: 10.1145/3062341.3062349. URL: https://arxiv.org/abs/1608.01723

91. A. Doupé, L. Cavedon, C. Kruegel, and G. Vigna. Enemy of the State: a State-aware Black-box Web Vulnerability Scanner. Proc. of 21-st USENIX Security Symposium, pp. 523–538, 2012. doi: 10.5555/2362793.2362819

92. H. Gascon, C. Wressnegger, F. Yamaguchi, D. Arp, and K. Rieck. PULSAR: Stateful Black-box Fuzzing of Proprietary Network Protocols. Proc. of International Conference on Security and Privacy in Communication Systems, pp. 330-347, 2015. doi: 10.1007/978-3-319-28865-9_18

93. A. Helin. Radamsa. URL: https://gitlab.com/akihe/radamsa (доступ 16.06.2023)

94. S. Hocevar. Zzuf. URL: https://github.com/samhocevar/zzuf (доступ 16.06.2023)

95. S. K. Cha, M. Woo, and D. Brumley. Program-Adaptive Mutational Fuzzing. Proc. of IEEE Symposium on Security and Privacy, pp. 725-741, 2015. doi: 10.1109/SP.2015.50

96. U. Kargén and N. Shahmehri. Turning Programs Against Each Other: High Coverage Fuzz Testing Using Binary-code Mutation and Dynamic Slicing. Proc. of 10-th Joint Meeting on Foundations of Software Engineering (ESEC/FSE 2015), pp. 782-792, 2015. doi: 10.1145/2786805.2786844

97. L. D. Moura and N. Bjørner. Satisfiability Modulo Theories: Introduction and Applications. Communications of the ACM, 54(9): 69-77, 2011. doi: 10.1145/1995376.1995394

98. S. Gan, C. Zhang, X. Qin, X. Tu, K. Li, Z. Pei, and Z. Chen. CollAFL: Path Sensitive Fuzzing. Proc. of IEEE Symposium on Security and Privacy, pp. 679-69677, 2018. doi: 10.1109/SP.2018.00040

99. F. Rustamov, J. Kim, J. Yu, and J. Yun. Exploratory Review of Hybrid Fuzzing for Automated Vulnerability Detection. IEEE Access, 9:131166-131190, 2021. doi: 10.1109/ACCESS.2021.3114202

100. K. Sen, D. Marinov, and G. Agha. CUTE: a Concolic Unit Testing Engine for C. ACM SIGSOFT Software Engineering Notes, 30(5):263–72, 2005. doi: 10.1145/1095430.1081750

101. P. Godefroid, N. Klarlund, and K. Sen. DART: Directed Automated Random Testing. ACM SIGPLAN Notices, 40(6): 213-223, 2005. doi: 10.1145/1064978.1065036

102. C. Cadar, D. Dunbar, and D. Engler. KLEE: Unassisted and automatic generation of high-coverage tests for complex systems programs. Proc. of the 8-th USENIX conference on Operating System Design and Implementation, pp. 209–224, 2008. doi: 10.5555/1855741.1855756

103. P. Godefroid, M. Y. Levin, and D. A. Molnar. Automated Whitebox Fuzz Testing. Proc. of Network and Distributed System Security Symposium, pp. 151-166, 2008.

104. P. Godefroid, M. Y. Levin, and D. Molnar. SAGE: Whitebox Fuzzing for Security Testing. Communications of ACM, 55(3):40-44, 2012. doi: 10.1145/2093548.2093564

105. V. Chipounov, V. Kuznetsov, G. Candea. S2E: a Platform for In-Vivo Multi-path Analysis of Software Systems. ACM SIGARCH Computer Architecture News Notices, 46(3):265–278, 2011. doi: 10.1145/1961295.1950396

106. S. K. Cha, T. Avgerinos, A. Rebert, and D. Brumley. Unleashing Mayhem on Binary Code. Proc. of IEEE Symposium on Security and Privacy, pp. 380-394, 2012. doi: 10.1109/SP.2012.31

107. M. Neugschwandtner, P. M. Comparetti, I. Haller, and H. Bos. The BORG: Nanoprobing Binaries for Buffer Overreads. Proc. of 5-th ACM Conference on Data and Application Security and Privacy (CODASPY '15), pp. 87-97, 2015. doi: 10.1145/2699026.2699098

108. I. Yun, S. Lee, M. Xu, Y. Jang, and T. Kim. QSYM: a Practical Concolic Execution Engine Tailored for Hybrid Fuzzing. Proc. of 27-th USENIX Security Symposium, pp. 745-761, 2018. doi: 10.5555/3277203.3277260

109. S. Sargsyan, J. Hakobyan, M. Mehrabyan, M. Mishechkin, V. Akozin, and S. Kurmangaleev. ISP-Fuzzer: Extendable Fuzzing Framework. Proc. of 2019 Ivannikov Memorial Workshop (IVMEM), pp. 68-71, 2019. doi: 10.1109/IVMEM.2019.00017

110. М. В. Мишечкин, В. В. Акользин, Ш. Ф. Курмангалеев. Архитектура и функциональные возможности инструмента ИСП Фаззер. Открытая конференция ИСП РАН им. В.П. Иванникова, 2020.

111. A. Vishnyakov, A. Fedotov, D. Kuts, A. Novikov, D. Parygina, E. Kobrin, V. Logunova, P. Belecky, S. Kurmangaleev. Sydr: Cutting Edge Dynamic Symbolic Execution. Ivannikov ISPRAS Open Conference (ISPRAS), pp. 46-54, 2020. doi: 10.1109/ISPRAS51486.2020.00014

112. C. Aschermann, S. Schumilo, T. Blazytko, R. Gawlik, and T. Holz. REDQUEEN: Fuzzing with Input-to-state Correspondence. Proc. of Network and Distributed System Security Symposium, 2019. doi: 10.14722/ndss.2019.23371

113. G. Savidov, A. Fedotov. Casr-Cluster: Crash Clustering for Linux Applications. 2021 Ivannikov ISPRAS Open Conference (ISPRAS), pp. 47-51, 2021. doi: 10.1109/ISPRAS53967.2021.00012

114. CASR: Crash Analysis and Severity Report. URL: https://github.com/ispras/casr (доступ 05.12.2023)

115. D. Molnar, X. C. Li, and D. A. Wagner. Dynamic Test Generation to Find Integer Bugs in x86 Binary Linux Programs. Proc. of 18-th USENIX Security Symposium, pp. 67-82, 2009. doi: 10.5555/1855768.1855773

116. W. Cui, M. Peinado, S. K. Cha, Y. Fratantonio, and V. P. Kemerlis. RETracer: Triaging Crashes by Reverse Execution from Partial Memory Dumps. Proc. of 38-th International Conference on Software Engineering, pp. 820-831, 2016. doi: 10.1145/2884781.2884844

117. J. Regehr, Y. Chen, P. Cuoq, E. Eide, C. Ellison, and X. Yang. Test-case Reduction for C Compiler Bugs. Proc. of ACM SIGPLAN Notices, 47(6):335-346, 2012. doi: 10.1145/2345156.2254104

118. J. Foote. GDB exploitable plugin. URL: https://github.com/jfoote/exploitable (доступ 19.06.2023)

119. C. Cadar, V. Ganesh, P. M. Pawlowski, D. L. Dill, and D. Engler. EXE: Automatically Generating Inputs of Death. Proc. of 13-th ACM Conference on Computer and Communications Security, pp 322-335, 2006. doi: 10.1145/1180405.1180445

120. KLEE Symbolic Virtual Machine. URL: https://github.com/klee/klee

121. A. Fioraldi, D. Maier, H. Eißfeldt, and M. Heuse. AFL++: Combining Incremental Steps of Fuzzing Research. Proc. of 14-th USENIX Conference on Offensive Technologies (WOOT'20), article 10. USENIX Association, 2020. doi: 10.5555/3488877.3488887

122. AFL++. URL: https://github.com/AFLplusplus/AFLplusplus (доступ 05.12.2023)

123. S. Schumilo, C. Aschermann, R. Gawlik, S. Schinzel, and T. Holz. kAFL: Hardware-Assisted Feedback Fuzzing for OS Kernels. Proc. of 26-th USENIX Security Symposium, pp. 167-182, 2017. doi: 10.5555/3241189.3241204

124. Boofuzz. URL: https://github.com/jtpereyda/boofuzz (доступ 19.06.2023)

125. Defensics. URL: https://www.synopsys.com/software-integrity/security-testing/fuzz-testing.html (доступ 05.12.2023)

126. P. Tsankov, M. T. Dashti, and D. Basin. SecFuzz: Fuzz-Testing Security Protocols. Proc. of 7-th International Workshop on Automation of Software Test (AST), pp. 1-7, 2012. doi: 10.1109/IWAST.2012.6228985

127. T. L. Munea, H. Lim, and T. Shon. Network Protocol Fuzz Testing for Information Systems and Applications: a Survey and Taxonomy. Multimedia Tools and Applications, 75:14745-14757, 2016. doi: 10.1007/s11042-015-2763-6

128. X. Yang, Y. Chen, E. Eide, and J. Regehr. Finding and Understanding Bugs in C Compilers. ACM SIGPLAN Notices, 46(6):283-294, 2011. doi: 10.1145/1993316.1993532

129. Csmith. URL: https://github.com/csmith-project/csmith (доступ 20.06.2023)

130. C. Holler, K. Herzig, and A. Zeller. Fuzzing with Code Fragments. Proc. of 21-th USENIX Security Symposium, pp. 445-458, 2012. doi: 10.5555/2362793.2362831

131. H. Ma. A Survey of Modern Compiler Fuzzing. 2023. doi: 10.48550/arXiv.2306.06884. URL: https://arxiv.org/abs/2306.06884

132. A. Henderson, H. Yin, G. Jin, H. Han, and H. Deng. VDF: Targeted Evolutionary Fuzz Testing of Virtual Devices. In: M. Dacier, M. Bailey, M. Polychronakis, M. Antonakakis (eds). Research in Attacks, Intrusions, and Defenses (RAID 2017). LNCS, 10453:3-25, Springer, 2017. doi: 10.1007/978-3-319-66332-6_1

133. M. Eceiza, J. L. Flores and M. Iturbe. Fuzzing the Internet of Things: a Review on the Techniques and Challenges for Efficient Vulnerability Discovery in Embedded Systems. IEEE Internet of Things Journal, 8(13):10390-10411, 2021. doi: 10.1109/JIOT.2021.3056179

134. M. Eisele, M. Maugeri, R. Shriwas, C. Huth, and G. Bella. Embedded Fuzzing: a Review of Challenges, Tools, and Solutions. Cybersecurity, 5, article 18, 2022. doi: 10.1186/s42400-022-00123-y

135. J. Yun, F. Rustamov, J. Kim, and Y. Shin. Fuzzing of Embedded Systems: A Survey. ACM Computing Surveys, 55(7):1-33, article 137, 2023. doi: 10.1145/3538644

136. O. Whitehouse. Introduction to Anti-fuzzing: a Defence in Depth Aid. 2014. URL: http://research.nccgroup.com/2014/01/02/introduction-to-anti-fuzzing-a-defence-in-depth-aid (доступ 05.12.2023)

137. E. Edholm, D. Göransson. Escaping the Fuzz – Evaluating Fuzzing Techniques and Fooling Them with Anti-fuzzing. M.S. thesis, Chalmers University of Technology, 2016.

138. C. Collberg, C. Thomborson, and D. Low. Manufacturing Cheap, Resilient, and Stealthy Opaque Constructs. Proc. of 25-th ACM SIGPLAN-SIGACT Symposium on Principles of Programming Languages, pp. 184-196, 1998. doi: 10.1145/268946.268962

139. P. Junod, J. Rinaldini, J. Wehrli and J. Michielin. Obfuscator-LLVM — Software Protection for the Masses. Proc. of 2015 IEEE/ACM 1-st International Workshop on Software Protection, pp. 3-9, 2015. doi: 10.1109/SPRO.2015.10

140. J. Zhang, Z. Li, Y. Liu, Z. Sun, and Z. Wang. SAFTE: a Self-injection Based Anti-fuzzing Technique. Computers and Electrical Enginerring, vol. 111, part B, 108980, 2023. doi: 10.1016/j.compeleceng.2023.108980

141. C. CC. Cheng, L. Lin, C. Shi, Y. Guan. An Anti-fuzzing Approach for Android Apps. In G. Peterson, S. Shenoi (eds), Digital Forensics 2023: Advances in Digital Forensics XIX, IFIP Advances in Information and communication Technology, Springer, vol. 687, pp. 37-53, 2023. doi: 10.1007/978-3-031-42991-0_3

142. Z. Zhou, C. Wang, and Q. Zhao. No-Fuzz: Efficient Anti-fuzzing Techniques. In: F. Li, K. Liang, Z. Lin, S. K. Katsikas. (eds). Security and Privacy in Communication Networks 2022. Lecture Notes of the Institute for Computer Sciences, Social Informatics and Telecommunications Engineering, vol. 462, pp. 731-751. Springer, 2023. doi: 10.1007/978-3-031-25538-0_38

143. Z. Zhou, and C. Wang. Practical Anti-fuzzing Techniques with Performance Optimization. IEEE Open Journal of the Computer Society, vol. 4, pp. 206-217, 2023. doi: 10.1109/OJCS.2023.3301883

144. J. Jung, H. Hu, D. Solodukhin, D. Pagan, K. H. Lee, and T. Kim. FUZZIFICATION: Anti-fuzzing Techniques. Proc. of 28-th USENIX Conference on Security Symposium (SEC'19), pp. 1913–1930, 2019. doi: 10.5555/3361338.3361471

145. E. Güler, C. Aschermann, A. Abbasi, and T. Holz. ANTIFUZZ: Impeding Fuzzing Audits of Binary Executables. Proc. of 28-th USENIX Conference on Security Symposium (SEC'19), pp. 1931-1947, 2019. doi: 10.5555/3361338.3361472

146. ANTIFUZZ. URL: https://github.com/RUB-SysSec/antifuzz (доступ 05.12.2023)

147. Y. Li, G. Meng, J. Xu, C. Zhang, H. Chen, X. Xie, H. Wang, and Y. Liu. Vall-nut: Principled Anti-grey Box – Fuzzing. Proc. of IEEE 32-nd International Symposium on Software Reliability Engineering, pp. 288-299, 2021. doi: 10.1109/ISSRE52982.2021.00039

148. Z. Hu, Y. Hu, and B. Dolan-Gavitt. Chaff Bugs: Deterring Attackers by Making Software Buggier, 2018, arXiv:1808.0065. URL: https://arxiv.org/abs/1808.00659 (доступ 05.12.2023)

149. D. R. Kaprekar. On Kaprekar Numbers. Journal of Recreational Mathematics, 13(2):81-82, 1980.

150. E. Bartocci, Y. Falcone (eds). Lectures on Runtime Verification. Introductory and Advanced Topics. LNCS 10457, Springer, 2018. ISBN: 9783319756318

151. D. Drusinsky. The Temporal Rover and the ATG Rover. In: K. Havelund, J. Penix, W. Visser. (eds). SPIN Model Checking and Software Verification (SPIN 2000). LNCS 1885:323-330, 2000, Springer. doi: 10.1007/10722468_19

152. K. Havelund and G. Roşu. Java PathExplorer – A Runtime Verification Tool. Proc. of 6-th International Symposium on Artificial Intelligence, Robotics and Automation in Space (i-SAIRAS'01), 2001.

153. M. Leucker and C. Schallhart. A Brief Account of Runtime Verification. Journal of Logic and Algebraic Programming, 78(5):293-303, 2009. doi: 10.1016/j.jlap.2008.08.004

154. Y. Falcone, S. Krstić, G. Reger, and D. Traytel. A Taxonomy for Classifying Runtime verification Tools. International Journal on Software Tools for Technology Transfer, 23:255-284, 2021. doi: 10.1007/s10009-021-00609-z

155. C. Sánchez, G. Schneider, W. Ahrendt, E. Bartocci, D. Bianculli, C. Colombo, Y. Falcone, A. Francalanza, S. Krstić, J. M. Lourenço, D. Nickovic, G. J. Pace, J. Rufino, J. Signoles, D. Traytel, and A. Weiss. A Survey of Challenges for Runtime Verification from Advanced Application Domains (beyond Software). Formal Methods in System Design, 54:279-335, 2019. doi: 10.1007/s10703-019-00337-w

156. A. R. Cavalli, T. Higashino, and M. Núñez. A Survey on Formal Active and Passive Testing with Applications to the Cloud. Annals of Telecommunications, 70:85-93, 2015. doi: 10.1007/s12243-015-0457-8

157. I. Itkin, R. Yavorskiy. Overview of Applications of Passive Testing Techniques. Modeling and Analysis of Complex Systems and Processes, 2019. URL: https://ceur-ws.org/Vol-2478/paper9.pdf (доступ 20.06.2023)

158. A. Edwards, T. Jaeger, and X. Zhang. Runtime Verification of Authorization Hook Placement for the Linux Security Modules Framework. Proc. of 9-th ACM Conference on Computer and Communications Security, pp. 225-234, 2002. doi: 10.1145/586110.586141

159. M. K. Sarrab. Policy-Based Runtime Verification of Information Flow. PhD Thesis, Software Technology Research Laboratory, De Monfort University, UK, 2011.

160. D. Efremov and I. Shchepetkov. Runtime Verification of Linux Kernel Security Module. Proc. of International Workshop on Formal Methods, LNCS 12233:185-199, Springer, 2020. doi: 10.1007/978-3-030-54997-8_12. URL: https://arxiv.org/pdf/2001.01442.pdf

161. Д. В. Ефремов, В. В. Копач, Е. В. Корныхин, В. В. Кулямин, А. К. Петренко, А. В. Хорошилов, И. В. Щепетков. Мониторинг и тестирование модулей операционных систем на основе абстрактных моделей поведения системы. Труды Института системного программирования РАН, 33(6):15-26б 2021. doi: 10.15514/ISPRAS-2021-33(6)-2

162. E. Bartocci, B. Bonakdarpour, and Y. Falcone. First International Competition on Runtime Verification. In: B. Bonakdarpour, S. A. Smolka (eds.). Runtime Verification 2014. LNCS 8734:1-9, Springer, 2014. doi: 10.1007/978-3-319-11164-3_1

163. Y. Falcone, D. Ničković, G. Reger, and D. Thoma. Second International Competition on Runtime Verification. In: E. Bartocci, R. Majumdar (eds). Runtime Verification 2015. LNCS 9333:405-422, Springer, 2015. doi: 10.1007/978-3-319-23820-3_27

164. G. Reger, S. Hallé, and Y. Falcone. Third International Competition on Runtime Verification. In: Y. Falcone, C. Sánchez (eds). Runtime Verification 2016. LNCS 10012:21-37, Springer, 2016. doi: 10.1007/978-3-319-46982-9_3

165. M. Delahaye, N. Kosmatov, and J. Signoles, Common Specification Language for Static and Dynamic Analysis of C Programs. Proc. of 28-th Annual ACM Symposium on Applied Computing, pp. 1230-1235, 2013. doi: 10.1145/2480362.2480593

166. E-ACSL. URL: https://frama-c.com/fc-plugins/e-acsl.html (доступ 21.06.2023)

167. Код E-ACSL. URL: https://github.com/evdenis/e-acsl (доступ 21.06.2023)

168. ANSI/ISO C Specification Language. https://frama-c.com/html/acsl.html (доступ 21.06.2023)

169. S. Navabpour, Y. Joshi, C. W. W. Wu, S. Berkovich, R. Medhat, B. Bonakdarpour, S. Fischmeister. RiTHM: a Tool for Enabling Time-Triggered Runtime Verification for C Programs. Proc. of 9-th Joint Meeting on Foundations of Software Engineering (ESEC/FSE 2013), pp. 603-606, 2013. doi: 10.1145/2491411.2494596

170. R. Medhat, Y. Joshi, B. Bonakdarpour, and S. Fischmeister. Accelerated Runtime Verification of LTL Specifications with Counting Semantics. In Y. Falcone, C. Sánchez (eds). Runtime Verification 2016, LNCS 10012:251-267, Springer, 2016. doi: 10.1007/978-3-319-46982-9_16. URL: https://arxiv.org/abs/1411.2239

171. С. Colombo, G. J. Pace, and G. Schneider. LARVA — Safer Monitoring of Real-Time Java Programs. Proc. of 7-th IEEE International Conference on Software Engineering and Formal Methods, pp. 33-37, 2009. doi: 10.1109/SEFM.2009.13

172. LARVA. URL: http://www.cs.um.edu.mt/~svrg/Tools/LARVA/ (доступ 21.06.2023)

173. Код LARVA. URL: https://github.com/ccol002/larva-rv-tool (доступ 21.06.2023)

174. С. Colombo, G. J. Pace, and G. Schneider. Dynamic Event-Based Runtime Monitoring of Real-Time and Contextual Properties. Proc. of Formal Methods for Industrial Critical Systems (FMICS 2008), LNCS 5596:135-149, Springer, 2008. doi: 10.1007/978-3-642-03240-0_13

175. Q. Luo, Y. Zhang, C. Lee, D. Jin, P. O’Neil Meredith, T.-F. Serbanuta, and G. Roşu. RV-Monitor: Efficient Parametric Runtime Verification with Simultaneous Properties. In: B. Bonakdarpour and A. Smolka (eds). Runtime Verification 2014, LNCS 8734:285-300, Springer, 2014. doi: 10.1007/978-3-319-11164-3_24

176. Код RV-Monitor. URL: https://github.com/runtimeverification/rv-monitor (доступ 21.06.2023)

177. Y. Falcone, P. Meredith, T. F. Şerbănuţă, S. Shiriashi, A. Iwai, and G. Roşu. RV-Android: Efficient Parametric Android Runtime Verification, a Brief Tutorial. In: E. Bartocci, R. Majumdar (eds). Runtime Verification 2015. LNCS 9333:342-357, Springer, 2015. doi: 10.1007/978-3-319-23820-3_24

178. G. Reger, H. C. Cruz, and D. E. Rydeheard. MarQ: Monitoring at Runtime with QEA. Proc. of 21-st International Conference on Tools and Algorithms for the Construction and Analysis of Systems (TACAS 2015), LNCS 9035:596-610, Sringer, 2015. doi: 10.1007/978-3-662-46681-0_55

179. N. Decker, J. Harder, T. Scheffel, M. Schmitz, and D. Thoma. Runtime Monitoring with Union-Find Structures. Proc. of 22-nd International Conference on Tools and Algorithms for the Construction and Analysis of Systems (TACAS 2016), LNCS 9636:868-884, Springer, 2016. doi: 10.1007/978-3-662-49674-9_54

180. Mufin Project. URL: https://www.isp.uni-luebeck.de/mufin (доступ 21.06.2023)

181. K. Serebryany, D. Bruening, A. Potapenko, and D. Vyukov. AddressSanitizer: a Fast Address Sanity Checker. Proc. of USENIX Annual Technical Conference, pp. 309-318, 2012. doi: 10.5555/2342821.2342849

182. AddressSanitizer. URL: https://github.com/google/sanitizers/wiki/AddressSanitizer (доступ 22.06.2023)

183. QASan (QEMU-AddressSanitizer). URL: https://github.com/andreafioraldi/qasan (доступ 22.06.2023)

184. W. Han, B. Joe, B. Lee, C. Song, and I. Shin. Enhancing Memory Error Detection for Large-Scale Applications and Fuzz Testing. Proc. of Network and Distributed System Security Symposium, 2018. doi: 10.14722/ndss.2018.23318.

185. S. Nagarakatte, J. Zhao, M. M. K. Martin, and S. Zdancewic. SoftBound: Highly Compatible and Complete Spatial Memory Safety for C. ACM SIGPLAN Notices, 44(6):245-258, 2009. doi: 10.1145/1543135.1542504

186. S. Nagarakatte, J. Zhao, M. M. K. Martin, and S. Zdancewic. CETS: Compiler Enforced Temporal Safety for C. ACM SIGPLAN Notices, 45(8):31-40, 2010. doi: 10.1145/1837855.1806657

187. B. Lee, C. Song, T. Kim, and W. Lee. Type Casting Verification: Stopping an Emerging Attack Vector. Proc. of 24-th USENIX Security Symposium, pp. 81-96, 2015. doi: 10.5555/2831143.2831149

188. I. Haller, Y. Jeon, H. Peng, M. Payer, C. Giuffrida, H. Bos, and E. van der Kouwe. TypeSan: Practical Type Confusion Detection. Proc. of ACM SIGSAC Conference on Computer and Communications Security, pp. 517-528, 2016. doi: 10.1145/2976749.2978405

189. Y. Jeon, P. Biswas, S. Carr, B. Lee, and M. Payer. HexType: Efficient Detection of Type Confusion Errors for C++. Proc. of ACM SIGSAC Conference on Computer and Communications Security, pp. 2373-2387, 2017. doi: 10.1145/3133956.3134062

190. X. Wang, N. Zeldovich, M. F. Kaashoek, and A. Solar-Lezama. Towards Optimization-Safe Systems: Analyzing the Impact of Undefined Behavior. Proc. of 24-th ACM Symposium on Operating System Principles, pp. 260-275, 2013. doi: 10.1145/2517349.2522728

191. Valgrind. URL: https://valgrind.org/ (доступ 21.06.2023)

192. J. Seward and N. Nethercote. Using Valgrind to Detect Undefined Value Errors with Bit-Precision. Proc. of USENIX Annual Technical Conference, pp. 2, 2005. doi: 10.5555/1247360.1247362

193. D. Bruening and Q. Zhao. Practical Memory Checking with Dr. Memory. Proc. of International Symposium on Code Generation and Optimization, pp. 213-223, 2011. doi: 10.1109/CGO.2011.5764689

194. E. Stepanov and K. Serebryany. MemorySanitizer: Fast Detector of Uninitialized Memory Use in C++. Proc. of IEEE/ACM International Symposium on Code Generation and Optimization, pp. 46-55, 2015. doi: 10.1109/CGO.2015.7054186

195. MemorySanitizer in LLVM/Clang. URL: https://clang.llvm.org/docs/MemorySanitizer.html (доступ 22.06.2023)

196. W. Dietz, P. Li, J. Regehr, and V. Adve. Understanding Integer Overflow in C/C++. ACM Transactions on Software Engineering and Methodology, 25(1):1-29, 2015. doi: 10.1145/2743019

197. UndefinedBehaviorSanitizer in LLVM/Clang. URL: https://clang.llvm.org/docs/UndefinedBehaviorSanitizer.html (доступ 22.06.2023)

198. K. Serebryany and T. Iskhodzhanov. ThreadSanitizer: Data Race Detection in Practice. Proc. of Workshop on Binary Instrumentation and Applications, pp. 62-71, 2009. doi: 10.1145/1791194.1791203

199. ThreadSanitizer in LLVM/Clang. URL: https://clang.llvm.org/docs/ThreadSanitizer.html (доступ 22.06.2023)

200. R. S. Boyer, B. Elspas, and K. N. Levitt. SELECT — a Formal System for Testing and Debugging Programs by Symbolic Execution. ACM SIGPLAN Notices, 10(6):234-245, 1975. doi: 10.1145/390016.808445

201. W. E. Howden. Methodology for the Generation of Program Test Data. IEEE Transactions on Computers, C-24(5):554-560, 1975. doi: 10.1109/T-C.1975.224259

202. J. C. King. A New Approach to Program Testing. Proc. of International Conference on Reliable Software, pp. 228-233, 1975. doi: 10.1145/800027.808444

203. J. C. King. Symbolic Execution and Program Testing. Communications of the ACM, 19(7):385-394, 1976. doi: 10.1145/360248.360252

204. C. Cadar and K. Sen. Symbolic Execution for Software Testing: Three Decades Later. Communications of ACM, 56(2):82-90, 2013. doi: 10.1145/2408776.2408795

205. R. Baldoni, E. Coppa, D. Cono D’Elia, C. Demetrescu, and I. Finocchi. A Survey of Symbolic Execution Techniques. ACM Computing Surveys. 51:3(1-39), art. 50, 2018. doi: 10.1145/3182657. URL: https://arxiv.org/abs/1610.00502

206. T. Avgerinos, S. K. Cha, B.T.H. Lim, and D. Brumley. AEG: Automatic Exploit Generation. Proc. of Network and Distributed System Security Symposium, pp. 283-300, 2011.

207. X. Mi, S. Rawat, C. Giuffrida, and H. Bos. LeanSym: Efficient Hybrid Fuzzing Through Conservative Constraint Debloating. Proc. of 24-th International Symposium on Research in Attacks, Intrusions and Defenses (RAID '21), pp. 62-77, 2012. doi: 10.1145/3471621.3471852

208. P. Godefroid. Compositional Dynamic Test Generation. ACM SIGPLAN Notices, 42(1):47-54, 2007. doi: 10.1145/1190215.1190226

209. P. Godefroid and D. Luchaup. Automatic Partial Loop Summarization in Dynamic Test Generation. Proc. of International Symposium on Software Testing and Analysis (ISSTA’11), pp. 23-33, 2011. doi: 10.1145/2001420.2001424

210. X. Xie, B. Chen, Y. Liu, W. Le, and X. Li. Proteus: Computing Disjunctive Loop Summary via Path Dependency Analysis. Proc. of 24-th ACM SIGSOFT International Symposium on Foundations of Software Engineering (FSE’16), pp. 61-72, 2016. doi: 10.1145/2950290.2950340

211. K. L. McMillan. Lazy Annotation for Program Testing and Verification. Proc. of 22-nd International Conference on Computer Aided Verification (CAV’10), LNCS 6174:104-118, 2010. doi: 10.1007/978-3-642-14295-6_10

212. Q. Yi, Z. Yang, S. Guo, C. Wang, J. Liu, and C. Zhao. Postconditioned Symbolic Execution. Proc. of IEEE 8-th International Conference on Software Testing, Verification and Validation (ICST), pp. 1-10, 2015. doi: 10.1109/ICST.2015.7102601

213. V. Kuznetsov, J. Kinder, S. Bucur, and G. Candea. Efficient State Merging in Symbolic Execution ACM SIGPLAN Notices, 47(6):193-204, 2012. doi: 10.1145/2345156.2254088

214. D. Song, D. Brumley, H. Yin, J. Caballero, I. Jager, M. G. Kang, Z. Liang, J. Newsome, P. Poosankam, and P. Saxena. BitBlaze: a New Approach to Computer Security via Binary Analysis. Proc. of 4-th International Conference on Information Systems Security ((ICISS’08), LNCS 5352:1-25, 2008. doi: 10.1007/978-3-540-89862-7_1

215. BitBlaze: Binary Analysis for Computer Security. URL: http://bitblaze.cs.berkeley.edu/ (доступ 27.06.2023)

216. D. Brumley, I. Jager, T. Avgerinos, and E. J. Schwartz. BAP: A Binary Analysis Platform. Proc. of 23-rd International Conference on Computer Aided Verification (CAV’11), LNCS 6806:463-469, 2011. doi: 10.1007/978-3-642-22110-1_37

217. D. Kus. Towards Symbolic Pointers Reasoning in Dynamic Symbolic Execution. arXiv 2109.03698, 2022. URL: https://arxiv.org/abs/2109.03698 (доступ 05.12.2023)

218. Y. Shoshitaishvili, R. Wang, C. Salls, N. Stephens, M. Polino, A. Dutcher, J. Grosen, S. Feng, C. Hauser, C. Kruegel, and G. Vigna. SOK: (State of) The Art of War: Offensive Techniques in Binary Analysis. Proc. of IEEE Symposium on Security and Privacy, pp. 138-157, 2016. doi: 10.1109/SP.2016.17

219. S. Poeplau and A. Francillon. Symbolic Execution with SymCC: Don’t Interpret, Compile! Proc. of 29-th USENIX Security Symposium, pp. 181-198, 2020. doi: 10.5555/3489212.3489223

220. L. Borzacchiello, E. Coppa, C. Demetrescu. FUZZOLIC: Mixing Fuzzing and Concolic Execution. Computers and Security, 108(C), art 102368, 2021. doi: 10.1016/j.cose.2021.102368

221. T. Wang, T. Wei, Z. Lin, and W. Zhou. IntScope: Automatically Detecting Integer Overflow Vulnerability in x86 Binary using Symbolic Execution. Proc of Network and Distributed System Security Simposium, 2009.

222. Y. Chen, P. Li, J. Xu, S. Guo, R. Zhou, Y. Zhang, T. Wei, and L. Lu. SAVIOR: Towards Bug-Driven Hybrid Testing. Proc. of IEEE Symposium on Security and Privacy, pp. 1580-1596, 2020. doi: 10.1109/SP40000.2020.00002. URL: https://arxiv.org/abs/1906.07327

223. S. Österlund, K. Razavi, H. Bos, and C. Giuffrida. ParmeSan: Sanitizer-Guided Greybox Fuzzing. Proc. of 29-th USENIX Conference on Security (SEC'20), article 129, pp. 2289-2306. doi: 10.5555/3489212.3489341

224. П.М. Довгалюк, М.А. Климушенкова, Н.И. Фурсова, В.М. Степанов, И.А. Васильев, А.А. Иванов, А.В. Иванов, М.Г. Бакулин, Д.И. Егоров. Natch: Определение поверхности атаки программ с помощью отслеживания помеченных данных и интроспекции виртуальных машин. Труды Института системного программирования РАН, 34(5):89-110, 2022. doi: 10.15514/ISPRAS-2022-34(5)-6

225. I. K. Isaev, D. V. Sidorov. The Use of Dynamic Analysis for Generation of Input Data that Demonstrates Critical Bugs and Vulnerabilities in Programs. Programming and Computer Software, 36(40):225-236, 2010. doi: 10.1134/S0361768810040055

226. М.К. Ермаков, А.Ю. Герасимов. Avalanche: применение параллельного и распределенного динамического анализа программ для ускорения поиска дефектов и уязвимостей. Труды Института системного программирования РАН, 25:29-38, 2013.