Please wait a minute...
 首页  期刊介绍 期刊订阅 联系我们
 
最新录用  |  预出版  |  当期目录  |  过刊浏览  |  阅读排行  |  下载排行  |  引用排行  |  百年期刊
Journal of Tsinghua University(Science and Technology)    2017, Vol. 57 Issue (9) : 903-908     DOI: 10.16511/j.cnki.qhdxxb.2017.26.038
COMPUTER SCIENCE AND TECHNOLOGY |
Guided software safety testing based on vulnerability characteristics
OUYANG Yongji1, WEI Qiang1, WANG Jiajie2, WANG Qingxian1
1. State Key Laboratory of Mathematical Engineering and Advanced Computing, The PLA Information Engineering University, Zhengzhou 450002, China;
2. China Information Technology Security Evaluation Center, Beijing 100085, China
Download: PDF(1188 KB)  
Export: BibTeX | EndNote | Reference Manager | ProCite | RefWorks    
Abstract  Fuzzy testing software is random with low coverage while symbolic execution can result in the explosion of the variable space. This paper presents a guided software safety testing method based on vulnerability characteristics that combines fuzzy and symbolic execution. This study analyzed the codes associated with buffer overflow for use as targets to make testing more targeted. Then, new test data was generated using the path traversal patterns of domain convergence. Tests show that the identification rate for potentially vulnerable buffer overflows is at least 41% better than with fuzzy testing, the space size explosion with CUTE greatly reduced with vulnerabilities in common software products such as OpenSSL accurately identified.
Keywords software security      characteristic guided      region convergence      space explosion     
ZTFLH:  TP311.1  
Issue Date: 15 September 2017
Service
E-mail this article
E-mail Alert
RSS
Articles by authors
OUYANG Yongji
WEI Qiang
WANG Jiajie
WANG Qingxian
Cite this article:   
OUYANG Yongji,WEI Qiang,WANG Jiajie, et al. Guided software safety testing based on vulnerability characteristics[J]. Journal of Tsinghua University(Science and Technology), 2017, 57(9): 903-908.
URL:  
http://jst.tsinghuajournals.com/EN/10.16511/j.cnki.qhdxxb.2017.26.038     OR     http://jst.tsinghuajournals.com/EN/Y2017/V57/I9/903
  
  
  
  
  
  
  
  
  
  
  
  
[1] 李红辉, 齐佳, 刘峰, 等. 模糊测试技术研究[J]. 中国科学:信息科学, 2014, 44(10):1305-1322.LI Honghui, QI Jia, LIU Feng, et al. The research progress of fuzz testing technology[J]. Science China:Information Sciences, 2014, 44(10):1305-1322. (in Chinese)
[2] 李舟军, 张俊贤, 廖湘科, 等. 软件安全漏洞检测技术[J]. 计算机学报, 2015, 4:717-732.LI Zhoujun,ZHANG Junxian, LIAO Xiangke, et al. Survey of software vulnerability detection techniques[J]. Chinese Journal of Computers, 2015, 4:717-732. (in Chinese)
[3] 杨丁宁, 肖晖, 张玉清. 基于Fuzzing的ActiveX控件漏洞挖掘技术研究[J]. 计算机研究与发展, 2012, 49(7):1525-1532.YANG Dingning, XIAO Hui, ZHANG Yuqing. Vulnerability detection in ActiveX controls based on fuzzing technology[J]. Journal of Computer Research and Development, 2012, 49(7):1525-1532. (in Chinese)
[4] 李伟明, 张爱芳, 刘建财, 等. 网络协议的自动化模糊测试漏洞挖掘方法[J]. 计算机学报, 2011, 2:242-255.LI Weiming, ZHANG Aifang, LIU Jiancai, et al. An automatic network protocol fuzz testing and vulnerability discover method[J]. Chinese Journal of Computers, 2011, 2:242-255. (in Chinese)
[5] 欧阳永基, 魏强, 王清贤, 等. 基于异常分布导向的智能Fuzzing方法[J]. 电子与信息学报, 2015, 37(1):143-149.OUYANG Yongji, WEI Qiang, WANG Qingxian, et al. Intelligent fuzzing based on exception distribution steering[J]. Journal of Electronics and Information Technology, 2015, 37(1):143-149. (in Chinese)
[6] 马金鑫, 张涛, 李舟军, 等. Fuzzing过程中的若干优化方法[J]. 清华大学学报(自然科学版). 2016, 56(5):478-483.MA Jinxin, ZHANG Tao, LI Zhoujun, et al. Improved fuzzy analysis methods[J]. Journal of Tsinghua University (Science and Technology) 2016, 56(5):478-483. (in Chinese)
[7] Cadar C, Dunbar D, Engler D R. KLEE:Unassisted and automatic generation of high-coverage tests for complex systems programs[C]//Proceedings of OSDI'08. San Diego, CA, USA:USENIX Association, 2008:209-224.
[8] Sen K, Agha G. CUTE and jCUTE:Concolic unit testing and explicit path model-checking tools[C]//Proceedings of Computer Aided Verification. Berlin Heidelberg, Germany:Springer, 2006:419-423.
[9] Chipounov V, Kuznetsov V, Candea G. S2E:A platform for in-vivo multi-path analysis of software systems[J]. ACM SIGARCH Computer Architecture News, 2011, 39(1):265-278.
[10] Godefroid P, Levin M Y, Molnar D. SAGE:Whitebox fuzzing for security testing[J]. Queue, 2012, 10(1):20.
[11] 崔宝江, 梁晓兵, 王禹, 等. 基于回溯与引导的关键代码区域覆盖的二进制程序测试技术研究[J]. 电子与信息学报, 2012, 34(1):108-114.CUI Baojiang, LIANG Xiaobing, WANG Yu, et al. The study of binary program test techniques based on backtracking and leading for covering key code area[J]. Journal of Electronics & Information Technology, 2012, 34(1):108-114. (in Chinese)
url: http://dx.doi.org/al of Electronics
[12] Haller I, Slowinska A, Neugschwandtner M, et al. Dowsing for overflows:A guided fuzzer to find buffer boundary violations[C]//Proceedings of 22nd USENIX Security Symposium. Washington DC, USA:USENIX Association, 2013:49-64.
[13] Patrice G. Compositional dynamic test generation[C]//Proceedings of ACM Sigplan Notices. New York, NY, USA:ACM Press, 2007:47-54.
[14] Mitchell N, Carter L, Ferrante J. A modal model of memory[C]//Proceedings of International Conference on Computational Science. Berlin Heidelberg, Germany:Springer, 2001:81-96.
[15] Edsger W D. A Discipline of Programming[M]. Upper Saddle River:Prentice Hall, 1997.
[1] Hongliang LIANG, Xiaoyu YANG, Yu DONG, Puhan ZHANG, Shuchang LIU. Parallel smart fuzzing test[J]. Journal of Tsinghua University(Science and Technology), 2014, 54(1): 14-19.
Viewed
Full text


Abstract

Cited
  Shared   
  Discussed   
Copyright © Journal of Tsinghua University(Science and Technology), All Rights Reserved.
Powered by Beijing Magtech Co. Ltd