Conference proceeding
I Can SE Clearly Now: Investigating the Effectiveness of GUI-based Symbolic Execution for Software Vulnerability Discovery
Proceedings of the 2026 CHI Conference on Human Factors in Computing Systems, pp 1-17
13 Apr 2026
Featured in Collection : Drexel's Newest Publications
Abstract
While symbolic execution (SE) can discover software vulnerabilities, it has received limited practical adoption. A key barrier is that SE requires human expertise to understand the program’s state and prioritize paths to analyze. Traditionally, users controlled SE through programmatic API calls, but recent tooling now implements graphical user interfaces (GUI). However, it is unclear how these new features affect human-SE performance. To understand this impact, we conducted a controlled experiment where 24 vulnerability discovery experts were tasked with analyzing a binary using an SE tool with either API or GUI-based features. From this study, we identify (1) experts’ SE process, and (2) the impact of GUI-based features on human-SE performance. Then we propose recommendations to improve SE tool design.
Metrics
1 Record Views
Details
- Title
- I Can SE Clearly Now: Investigating the Effectiveness of GUI-based Symbolic Execution for Software Vulnerability Discovery
- Creators
- Yi Jou Li - Arizona State UniversityZeming Yu - Arizona State UniversityJames A Mattei - Tufts UniversityAnanta Soneji - Arizona State UniversityZhibo Sun - Drexel UniversityRuoyu Wang - Arizona State UniversityJaron Mink - Arizona State UniversityDaniel Votipka - Tufts UniversityTiffany Bao - Arizona State University
- Publication Details
- Proceedings of the 2026 CHI Conference on Human Factors in Computing Systems, pp 1-17
- Conference
- CHI 2026: CHI Conference on Human Factors in Computing Systems
- Series
- ACM Conferences
- Publisher
- Association for Computing Machinery (ACM)
- Number of pages
- 17
- Resource Type
- Conference proceeding
- Language
- English
- Academic Unit
- Computer Science
- Other Identifier
- 991022173529504721