Prof. Oh Hak Joos research team develops world’s first search heuristics auto generation technology for software testing

Technology accepted by prestigious International Conference on Software Engineering

▲ From left to right: Prof. Hak Joo Oh, Soo Young Cha, Jun Hee Lee, Seong Joon Hong

In the era of the Fourth Industrial Revolution, software is the brains of a smart world where everything is connected by IT. With all industries dependent on software, there is an ever-increasing demand for flawless software. For example, Microsoft’s software testing tool SAGE succeeded in detecting 30% of the Windows 7 OS security vulnerabilities, saving the company millions of dollars.

Concolic testing (a portmanteau of concrete and symbolic) is an effective software testing method which improves search range and vulnerability detection rate and thus has a large range of applications.

Since existing concolic testing technology’s performance is greatly influenced by search heuristics, testing experts have had to personally generate search strategies suitable for individual software. However, the problem is that such manually-generated search heuristics cannot show equally high performance for all software.

To overcome such challenges, Professor Hak Joo Oh of Korea University (College of Informatics, Department of Computer Science and Engineering) and his research team developed a technology to automatically generate search heuristics optimized for each subject software. Their paper on this topic was accepted at the International Conference on Software Engineering (ICSE), a top software engineering conference.

More than 500 papers were submitted to ICSE 2018, which took place in Gothenburg, Sweden from May 27th to June 3rd. Among them, Korea University’s paper, titled Automatically Generating Search Heuristics for Concolic Testing, was complimented for describing “a very new and interesting technology which enables auto control of search heuristics depending on the different properties of various subject programs.”

In particular, this technology achieved higher statement coverage when compared to five existing search heuristics. Moreover, the search range for software vulnerabilities can be improved by up to 20 times using this technology. Thus, the technology could soon be in demand by software companies across the globe.

This technology, named ParaDySE, is currently in service and open to the public through a security vulnerability auto analysis platform called IoT cube (https://iotcube.net), and has also been uploaded as an open source at https://github.com/kupl/ParaDySE.

Soo Young Cha, a member of Korea University’s research team and presenter at the conference, said “I hope this search heuristics auto generation technology is practically applied for detecting more diverse software vulnerabilities.”