| 基于污点跟踪的黑盒fuzzing测试 |
| |
| 引用本文: | 朱贯淼,曾凡平,袁园,武飞.基于污点跟踪的黑盒fuzzing测试[J].小型微型计算机系统,2012,33(8):1736-1739. |
| |
| 作者姓名: | 朱贯淼 曾凡平 袁园 武飞 |
| |
| 作者单位: | 1. 中国科学技术大学计算机科学与技术学院,合肥,230026
2. 中国科学技术大学计算机科学与技术学院,合肥230026;安徽省计算与通讯软件重点实验室,合肥230026 |
| |
| 基金项目: | 安徽省自然科学基金项目 |
| |
| 摘 要: | 针对传统fuzzing测试中的低效率问题,提出一种基于污点跟踪的黑盒fuzzing测试方法.通过将合法输入标记为污染源,并记录污点在应用程序中的传播过程,提取关键的污点信息,用以指导新的测试用例的生成.这样生成的测试用例,具有更好的针对性,以及能够达到较深的代码深度,有良好的代码覆盖率,能更好的挖掘出潜在的漏洞和安全脆弱点.采用这种方法对几款图形处理软件和图形库进行了测试,发现了一个漏洞,并提交SecurityFocus通过.
|
| 关 键 词: | fuzzing 污点跟踪 黑盒 漏洞挖掘 |
Blackbox Fuzzing Testing Based on Taint Check |
| |
| ZHU Guan-miao
,
ZENG Fan-ping
,
YUAN Yuan
,
WU Fei.Blackbox Fuzzing Testing Based on Taint Check[J].Mini-micro Systems,2012,33(8):1736-1739. |
| |
| Authors: | ZHU Guan-miao ZENG Fan-ping YUAN Yuan WU Fei |
| |
| Affiliation: | 1(School of Computer Science and Technology,University of Science and Technology of China,Hefei 230026,China) 2(Anhui Province Key Lab of Software in Computing and Communication,Hefei 230026,China) |
| |
| Abstract: | For the low effectiveness of traditional fuzzing test,we propose a blackbox fuzzing test method based on taint check.To extract the taint information which directs the generation of new test cases,we mark the tainted input file and track how the tainted attribute propagates.The advantages of our method are better targeted,have high probability to test code within the entire program and have a better performance in detecting potential bugs and vulnerabilities.We do experiments on several graphics software and graphics library and find a new security vulnerability which has been admitted by SecurityFocus. |
| |
| Keywords: | fuzzing taint trace blackbox vulnerability detection |
| 本文献已被 CNKI 万方数据 等数据库收录! |
|
