Rapidly generate program inputs that drive a program to a desired location and state. Employed to automatically produce exploiting inputs of a vulnerability to aid vulnerability research, understanding, mitigation, and testing.
DIODE is an advanced dynamic analysis tool designed to synthesize inputs that trigger specific vulnerabilities in software binaries. By employing targeted runtime instrumentation and constraint-driven input mutation, DIODE explores program execution paths with precision, efficiently identifying and exercising vulnerabilities.
DIODE operates by embedding lightweight instrumentation into binaries at compile time, which collects essential data during execution. This data generates symbolic expressions describing the transformations applied to inputs as they propagate through the program. DIODE then uses these expressions to enforce constraints and produce inputs that drive execution toward vulnerable code paths. Unlike traditional concolic execution or fuzzing techniques, DIODE’s guided approach minimizes the computational overhead associated with path explosion, enabling it to handle complex control and data flow scenarios.
Generate proof-of-vulnerability (PoV) inputs to exercise specific vulnerabilities in software binaries, enabling precise and actionable validation of potential security flaws.
Produce inputs that trigger vulnerable execution paths, supporting researchers and developers in creating and testing patches to ensure comprehensive vulnerability mitigation.
Used in research presented at ASPLOS, DIODE synthesizes inputs to uncover integer overflow vulnerabilities, driving advancements in software safety.
Demonstrated at PLDI, DIODE facilitates patch transplantation by identifying critical execution paths and generating inputs for testing and validation.
Successfully applied in the DARPA HACCS program to automatically generate memory-corruption exploits, showcasing its capability to address high-assurance cybersecurity challenges.
Employed in the Aikido SBIR program to automatically inject vulnerabilities into software binaries, enabling controlled testing and validation scenarios.
DIODE provides Aarno Labs with a unique capability for rapidly producing inputs that drive a program to a desired location and state. Aarno Labs employs DIODE for client deliverables related to vulnerability understanding and reachability analysis. DIODE has an open-source license, and is available upon request.