Please wait a minute...
 首页  期刊介绍 期刊订阅 联系我们 横山亮次奖 百年刊庆
 
最新录用  |  预出版  |  当期目录  |  过刊浏览  |  阅读排行  |  下载排行  |  引用排行  |  横山亮次奖  |  百年刊庆
清华大学学报(自然科学版)  2016, Vol. 56 Issue (5): 478-483    DOI: 10.16511/j.cnki.qhdxxb.2016.25.004
  信息安全 本期目录 | 过刊浏览 | 高级检索 |
Fuzzing过程中的若干优化方法
马金鑫1, 张涛1, 李舟军2, 张江霄3
1. 中国信息安全测评中心, 北京 100085;
2. 北京航空航天大学 计算机学院, 北京 100191;
3. 邢台学院 数学与信息技术学院, 邢台 054001
Improved fuzzy analysis methods
MA Jinxin1, ZHANG Tao1, LI Zhoujun2, ZHANG Jiangxiao3
1. China Information Technology Security Evaluation Center, Beijing 100085, China;
2. School of Computer Science and Engineering, Beihang University, Beijing 100191, China;
3. Mathematics and Information Technology Institute, Xingtai University, Xingtai 054001, China
全文: PDF(965 KB)  
输出: BibTeX | EndNote (RIS)      
摘要 在软件漏洞挖掘领域, Fuzzing测试是使用最广泛、最有效的方法之一。传统Fuzzing测试方法存在工作效率低、盲目性强等不足。该文提出一种样本集精简算法和一种加权的测试时间模型, 能够在保证代码覆盖率不变的情况下减少测试样本的数量, 同时使优质的样本得到更多的测试时间片; 设计了一种基于污点传播的异常分析方法, 可评估异常信息的危害程度, 有助于提高漏洞分析的效率。实验结果表明: 与Peach实验进行对比, 该文提出的方法有效地改进了传统的Fuzzing测试方法。
服务
把本文推荐给朋友
加入引用管理器
E-mail Alert
RSS
作者相关文章
马金鑫
张涛
李舟军
张江霄
关键词 模糊测试精简集漏洞分析    
Abstract:Fuzzing testing is one of the most widely used and most effective methods for vulnerability detection. However, the traditional fuzzy analysis method is inefficient and works blindly. This paper describes a refining method that reduces the test sample size with the same code coverage. A weighted testing time model is used to give the better sample more time. A taint based exception analysis method is used to evaluate the severity of exceptions and to improve the vulnerability analysis efficiency. Comparisons with Peach show that this method improves the traditional fuzzy analysis method.
Key wordsFuzzing    refining set    vulnerability analysis
收稿日期: 2016-01-22      出版日期: 2016-05-15
ZTFLH:  TP311.1  
引用本文:   
马金鑫, 张涛, 李舟军, 张江霄. Fuzzing过程中的若干优化方法[J]. 清华大学学报(自然科学版), 2016, 56(5): 478-483.
MA Jinxin, ZHANG Tao, LI Zhoujun, ZHANG Jiangxiao. Improved fuzzy analysis methods. Journal of Tsinghua University(Science and Technology), 2016, 56(5): 478-483.
链接本文:  
http://jst.tsinghuajournals.com/CN/10.16511/j.cnki.qhdxxb.2016.25.004  或          http://jst.tsinghuajournals.com/CN/Y2016/V56/I5/478
  图1 精简集算法
  表1 异常分类
  图2 系统结构图
  表2 精简集处理的实验数据
  表3 动态样本策略调整选取的实验数据
  表4 异常分析与分类实验数据
[1] 李红辉, 齐佳, 刘峰, 等. 模糊测试技术研究[J]. 中国科学:信息科学, 2014,44(10):1305-1322. LI Honghui, QI Jia, LIU Feng, et al. The research progress of fuzz testing technology[J].SCIENCE CHINA:Information Sciences, 2014,44(10):1305-1322. (in Chinese)
[2] 李伟明, 张爱芳, 刘建财, 等. 网络协议的自动化模糊测试漏洞挖掘方法[J]. 计算机学报, 2011, 2:242-255. LI Weiming, ZHANG Aifang, LIU Jiancai, et al. An automatic network protocol fuzz testing and vulnerability discover method[J].Chinese Journal of Computers, 2011, 2:242-255. (in Chinese)
[3] 李舟军, 张俊贤, 廖湘科, 等. 软件安全漏洞检测技术[J]. 计算机学报, 2015,4:717-732. LI Zhoujun, ZHANG Junxian, LIAO Xiangke, et al. Survey of software vulnerability detection techniques[J].Chinese Journal of Computers, 2015,4:717-732. (in Chinese)
[4] 杨丁宁, 肖晖, 张玉清. 基于Fuzzing的ActiveX控件漏洞挖掘技术研究[J]. 计算机研究与发展, 2012,49(7):1525-1532. YANG Dingning, XIAO Hui, ZHANG Yuqing. Vulnerability detection in activex controls based on fuzzing technology[J].Journal of Computer Research and Development, 2012,49(7):1525-1532. (in Chinese)
[5] 欧阳永基, 魏强, 王清贤, 等. 基于异常分布导向的智能Fuzzing方法[J]. 电子与信息学报, 2015,37(1):143-149. OUYANG Yongji, WEI Qiang, WANG Qingxian, et al. Intelligent fuzzing based on exception distribution steering[J].Journal of Electronics and Information Technology, 2015,37(1):143-149. (in Chinese)
[6] Rebert A, Cha S, Avgerinos T, et al. Optimizing seed selection for fuzzing[C]//Proceedings of the 23rd USENIX Conference on Security Symposium. San Diego, USA:USENIX Association, 2014:861-875.
[7] Wang T, Wei T, Gu G, et al. TaintScope:A checksum-aware directed fuzzing tool for automatic software vulnerability[C]//Proceedings of the 2010 IEEE Symposium on Security and Privacy. Washington D C, USA:IEEE, 2010:497-512.
[8] Wang T, Wei T, Lin Z, et al. IntScope:Automatically detecting integer overflow vulnerability in x86 binary using symbolic execution[C]//Proceedings of the 16th Network and Distributed System Security Symposium. San Diego, USA:Internet Society, 2010.
[9] 忽朝俭, 李舟军, 郭涛, 等. 写污点值到污点地址漏洞模式检测[J]. 计算机研究与发展, 2011,48(8):1455-1463. HU Chaojian, LI Zhoujun, GUO Tao, et al. Detecting the vulnerability pattern of writing tainted value to tainted address[J]. Journal of Computer Research and Development, 2011,48(8):1455-1463. (in Chinese)
[10] Christakis M, Godefroid P. Proving memory safety of the ANI windows image parser using compositional exhaustive testing[J].Lecture Notes in Computer Science, 2015,8931:373-392.
[11] Barr E T, Vo T, Le V, et al. Automatic detection of floating-point exceptions[C]//Proceedings of the 40th Annual ACM SIGPLAN-SIGACT Symposium on Principles of Programming Languages. New York, USA:ACM Press, 2013:549-560.
[12] Luk C, Cohn R, Muth R, et al. Pin:Building customized program analysis tools with dynamic instrumentation[C]//Proceedings of the ACM Conference on Programming Language Design and Implementation. New York, USA:ACM Press, 2005:190-200.
[13] Lueck G, Patil H, Pereira C. PinADX:An interface for customizable debugging with dynamic instrumentation[C]//Proceedings of the IEEE/ACM International Symposium on Code Generation and Optimization. New York, USA:ACM Press, 2012:114-123.
[14] Roy A, Hand S, Harris T. Hybrid binary rewriting for memory access instrumentation[C]//Proceedings of the ACM International Conference on Virtual Execution Environments. New York, USA:ACM Press, 2011:227-238.
[15] Skaletsky A, Devor T, Chachmon N, et al. Dynamic program analysis of microsoft windows applications[C]//Proceedings of the International Symposium on Performance Analysis of Software and Systems. New York, USA:IEEE Computer Society, 2010:2-12.
[16] Patil H, Pereira C, Stallcup M, et al. PinPlay:A framework for deterministic replay and reproducible analysis of parallel programs[C]//Proceedings of the IEEE/ACM International Symposium on Code Generation and Optimization. New York, USA:IEEE Computer Society, 2010:2-11.
[17] Bach M, Charney M, Cohn R, et al. Analyzing parallel programs with pin[J].Journal of Computer, 2010,43(3):34-41.
[1] 张明远, 武威, 宋宇波, 胡爱群. 面向无线局域网接入设备的安全等级评估系统[J]. 清华大学学报(自然科学版), 2020, 60(5): 371-379.
[2] 赵刚, 于悦, 黄敏桓, 王玉迎, 王嘉捷, 孙晓霞. PDF阅读器字体解析引擎的测试方法[J]. 清华大学学报(自然科学版), 2018, 58(3): 266-271.
[3] 邹权臣, 张涛, 吴润浦, 马金鑫, 李美聪, 陈晨, 侯长玉. 从自动化到智能化:软件漏洞挖掘技术进展[J]. 清华大学学报(自然科学版), 2018, 58(12): 1079-1094.
[4] 伊胜伟, 张翀斌, 谢丰, 熊琦, 向憧, 梁露露. 基于Peach的工业控制网络协议安全分析[J]. 清华大学学报(自然科学版), 2017, 57(1): 50-54.
[5] 崔宝江, 王福维, 郭涛, 柳本金. 基于污点信息的函数内存模糊测试技术研究[J]. 清华大学学报(自然科学版), 2016, 56(1): 7-13.
[6] 肖奇学, 陈渝, 戚兰兰, 郭世泽, 史元春. 堆分配大小可控的检测与分析[J]. 清华大学学报(自然科学版), 2015, 55(5): 572-578.
[7] 梁洪亮, 阳晓宇, 董钰, 张普含, 刘书昌. 并行化智能模糊测试[J]. 清华大学学报(自然科学版), 2014, 54(1): 14-19.
Viewed
Full text


Abstract

Cited

  Shared   
  Discussed   
版权所有 © 《清华大学学报(自然科学版)》编辑部
本系统由北京玛格泰克科技发展有限公司设计开发 技术支持:support@magtech.com.cn