○ 저자 : 박영기(고려대 정보보호대학원), 이희원(고려대 정보보호대학원), 정진호(국방부), 구형준(성균관대), 김휘강(고려대 정보보호대학원) 

○ 논문명 : BENZENE: A Practical Root Cause Analysis System with an Under-Constrained State Mutation 

○ 학회명 : 2024 IEEE Symposium on Security and Privacy (S&P 2024)

○ 학회 일시/장소 : 2024. 5. 20~23, 미국 샌프란시스코 

○ 수상내역 : Distinguished Paper Award 

○ DOI Bookmark: 10.1109/SP54263.2024.00074 

○ 초록

Fuzzing has demonstrated great success in bug discovery, and plays a crucial role in software testing today. Despite the increasing popularity of fuzzing, automated root cause analysis (RCA) has drawn less attention. One of the recent advances in RCA is crash-based statistical debugging, which leverages the behavioral differences in program execution between crash-triggered and non-crashing inputs. Hence, obtaining non-crashing behaviors close to the original crash is crucial but challenging with previous approaches (e.g., fuzzing). In this paper, we present BENZENE, a practical end-to-end RCA system that facilitates an automated crash diagnosis. To this end, we introduce a novel technique, called under-constrained state mutation, that generates both crashing and non-crashing behaviors for effective and efficient RCA. We design and implement the BENZENE prototype, and evaluate it with 60 vulnerabilities in the wild. Our empirical results demonstrate that BENZENE not only surpasses in performance (i.e., root cause ranking), but also achieves superior results in both speed (4.6 times faster) and memory footprint (31.4 times less) on average than prior approaches.