Security testing is an important phase in secure software development. The goal of security testing is to detect software vulnerabilities that could be exploited by attackers. Security testing approaches include white-box testing and black-box testing. Dynamic symbolic execution is a type of white-box testing method that performs concrete and symbolic execution of a program on as many paths as possible. This method has the path explosion issue, and it is challenging to develop test cases that cover paths that might contain security vulnerabilities.

The authors of this paper propose a distributed demand-driven security testing system that has a client-server architecture. Each software copy is shipped with a client module of the security testing system. The client site module monitors the program execution at the client side under a user input to detect paths on which security vulnerabilities have already been detected, and new execution paths. New execution path information will be sent to the testing site for vulnerability testing using symbolic execution. If a vulnerability is detected on the new path at the testing site, a signature for this vulnerability will be created and sent to all client sites.

The contribution of this paper is that it proposes a novel distributed demand-driven security system that monitors how end users use the software, and uses such information to discover new execution paths for security testing based on dynamic symbolic execution. Such an approach can increase the coverage of program paths. However, this system causes some computation overhead and may still miss some vulnerabilities.