| Fuzzing过程中的若干优化方法 |
| 马金鑫1, 张涛1, 李舟军2, 张江霄3 |
| 1. 中国信息安全测评中心, 北京 100085; 2. 北京航空航天大学 计算机学院, 北京 100191; 3. 邢台学院 数学与信息技术学院, 邢台 054001 |
| Improved fuzzy analysis methods |
| MA Jinxin1, ZHANG Tao1, LI Zhoujun2, ZHANG Jiangxiao3 |
| 1. China Information Technology Security Evaluation Center, Beijing 100085, China; 2. School of Computer Science and Engineering, Beihang University, Beijing 100191, China; 3. Mathematics and Information Technology Institute, Xingtai University, Xingtai 054001, China |
摘要:
| |||
| 摘要在软件漏洞挖掘领域, Fuzzing测试是使用最广泛、最有效的方法之一。传统Fuzzing测试方法存在工作效率低、盲目性强等不足。该文提出一种样本集精简算法和一种加权的测试时间模型, 能够在保证代码覆盖率不变的情况下减少测试样本的数量, 同时使优质的样本得到更多的测试时间片; 设计了一种基于污点传播的异常分析方法, 可评估异常信息的危害程度, 有助于提高漏洞分析的效率。实验结果表明: 与Peach实验进行对比, 该文提出的方法有效地改进了传统的Fuzzing测试方法。 | |||
| 关键词 :模糊测试,精简集,漏洞分析 | |||
| Abstract:Fuzzing testing is one of the most widely used and most effective methods for vulnerability detection. However, the traditional fuzzy analysis method is inefficient and works blindly. This paper describes a refining method that reduces the test sample size with the same code coverage. A weighted testing time model is used to give the better sample more time. A taint based exception analysis method is used to evaluate the severity of exceptions and to improve the vulnerability analysis efficiency. Comparisons with Peach show that this method improves the traditional fuzzy analysis method. | |||
| Key words:Fuzzingrefining setvulnerability analysis | |||
| 收稿日期: 2016-01-22 出版日期: 2016-05-19 | |||
| |||
| 引用本文: |
| 马金鑫, 张涛, 李舟军, 张江霄. Fuzzing过程中的若干优化方法[J]. 清华大学学报(自然科学版), 2016, 65(5): 478-483. MA Jinxin, ZHANG Tao, LI Zhoujun, ZHANG Jiangxiao. Improved fuzzy analysis methods. Journal of Tsinghua University(Science and Technology), 2016, 65(5): 478-483. |
| 链接本文: |
| http://jst.tsinghuajournals.com/CN/10.16511/j.cnki.qhdxxb.2016.25.004或 http://jst.tsinghuajournals.com/CN/Y2016/V65/I5/478 |
图表:
 |
| 图1 精简集算法 |
 |
| 表1 异常分类 |
 |
| 图2 系统结构图 |
 |
| 表2 精简集处理的实验数据 |
 |
| 表3 动态样本策略调整选取的实验数据 |
 |
| 表4 异常分析与分类实验数据 |
参考文献:
| [1] 李红辉, 齐佳, 刘峰, 等. 模糊测试技术研究[J]. 中国科学:信息科学, 2014,44(10):1305-1322. LI Honghui, QI Jia, LIU Feng, et al. The research progress of fuzz testing technology[J].SCIENCE CHINA:Information Sciences, 2014,44(10):1305-1322. (in Chinese) [2] 李伟明, 张爱芳, 刘建财, 等. 网络协议的自动化模糊测试漏洞挖掘方法[J]. 计算机学报, 2011, 2:242-255. LI Weiming, ZHANG Aifang, LIU Jiancai, et al. An automatic network protocol fuzz testing and vulnerability discover method[J].Chinese Journal of Computers, 2011, 2:242-255. (in Chinese) [3] 李舟军, 张俊贤, 廖湘科, 等. 软件安全漏洞检测技术[J]. 计算机学报, 2015,4:717-732. LI Zhoujun, ZHANG Junxian, LIAO Xiangke, et al. Survey of software vulnerability detection techniques[J].Chinese Journal of Computers, 2015,4:717-732. (in Chinese) [4] 杨丁宁, 肖晖, 张玉清. 基于Fuzzing的ActiveX控件漏洞挖掘技术研究[J]. 计算机研究与发展, 2012,49(7):1525-1532. YANG Dingning, XIAO Hui, ZHANG Yuqing. Vulnerability detection in activex controls based on fuzzing technology[J].Journal of Computer Research and Development, 2012,49(7):1525-1532. (in Chinese) [5] 欧阳永基, 魏强, 王清贤, 等. 基于异常分布导向的智能Fuzzing方法[J]. 电子与信息学报, 2015,37(1):143-149. OUYANG Yongji, WEI Qiang, WANG Qingxian, et al. Intelligent fuzzing based on exception distribution steering[J].Journal of Electronics and Information Technology, 2015,37(1):143-149. (in Chinese) [6] Rebert A, Cha S, Avgerinos T, et al. Optimizing seed selection for fuzzing[C]//Proceedings of the 23rd USENIX Conference on Security Symposium. San Diego, USA:USENIX Association, 2014:861-875. [7] Wang T, Wei T, Gu G, et al. TaintScope:A checksum-aware directed fuzzing tool for automatic software vulnerability[C]//Proceedings of the 2010 IEEE Symposium on Security and Privacy. Washington D C, USA:IEEE, 2010:497-512. [8] Wang T, Wei T, Lin Z, et al. IntScope:Automatically detecting integer overflow vulnerability in x86 binary using symbolic execution[C]//Proceedings of the 16th Network and Distributed System Security Symposium. San Diego, USA:Internet Society, 2010. [9] 忽朝俭, 李舟军, 郭涛, 等. 写污点值到污点地址漏洞模式检测[J]. 计算机研究与发展, 2011,48(8):1455-1463. HU Chaojian, LI Zhoujun, GUO Tao, et al. Detecting the vulnerability pattern of writing tainted value to tainted address[J]. Journal of Computer Research and Development, 2011,48(8):1455-1463. (in Chinese) [10] Christakis M, Godefroid P. Proving memory safety of the ANI windows image parser using compositional exhaustive testing[J].Lecture Notes in Computer Science, 2015,8931:373-392. [11] Barr E T, Vo T, Le V, et al. Automatic detection of floating-point exceptions[C]//Proceedings of the 40th Annual ACM SIGPLAN-SIGACT Symposium on Principles of Programming Languages. New York, USA:ACM Press, 2013:549-560. [12] Luk C, Cohn R, Muth R, et al. Pin:Building customized program analysis tools with dynamic instrumentation[C]//Proceedings of the ACM Conference on Programming Language Design and Implementation. New York, USA:ACM Press, 2005:190-200. [13] Lueck G, Patil H, Pereira C. PinADX:An interface for customizable debugging with dynamic instrumentation[C]//Proceedings of the IEEE/ACM International Symposium on Code Generation and Optimization. New York, USA:ACM Press, 2012:114-123. [14] Roy A, Hand S, Harris T. Hybrid binary rewriting for memory access instrumentation[C]//Proceedings of the ACM International Conference on Virtual Execution Environments. New York, USA:ACM Press, 2011:227-238. [15] Skaletsky A, Devor T, Chachmon N, et al. Dynamic program analysis of microsoft windows applications[C]//Proceedings of the International Symposium on Performance Analysis of Software and Systems. New York, USA:IEEE Computer Society, 2010:2-12. [16] Patil H, Pereira C, Stallcup M, et al. PinPlay:A framework for deterministic replay and reproducible analysis of parallel programs[C]//Proceedings of the IEEE/ACM International Symposium on Code Generation and Optimization. New York, USA:IEEE Computer Society, 2010:2-11. [17] Bach M, Charney M, Cohn R, et al. Analyzing parallel programs with pin[J].Journal of Computer, 2010,43(3):34-41. |
相关文章:
|
