首页 | 本学科首页   官方微博 | 高级检索  
     

基于动态输入追踪的模糊技术
引用本文:黄奕,曾凡平,张美超.基于动态输入追踪的模糊技术[J].计算机工程,2011,37(6):44-45.
作者姓名:黄奕  曾凡平  张美超
作者单位:1. 中国科学技术大学计算机学院,合肥,230026
2. 中国科学技术大学计算机学院,合肥,230026;安徽省计算与通讯软件重点实验室,合肥,230026
摘    要:在基于反汇编的输入路径追踪技术的基础上,结合基于代码覆盖的测试数据生成和基于快照恢复的错误注入技术,将其应用于模糊测试中。提出一种软件安全漏洞自动化挖掘的方法,较好地解决传统模糊技术存在的若干局限。设计并实现一个基于此方法的测试系统,通过对实例软件的漏洞挖掘实验,验证该方法的有效性。

关 键 词:漏洞挖掘  模糊测试  输入追踪

Fuzzing Technique Based on Dynamic Input Tracking
HUANG Yi,ZENG Fan-ping,ZHANG Mei-chao.Fuzzing Technique Based on Dynamic Input Tracking[J].Computer Engineering,2011,37(6):44-45.
Authors:HUANG Yi  ZENG Fan-ping  ZHANG Mei-chao
Affiliation:1(1.School of Computer Science,University of Science and Technology of China,Hefei 230026,China;2.Anhui Key Laboratory of Computation and Communication Software,Hefei 230026,China)
Abstract:This paper proposes a new fuzzing technique based on input path tracking technology on disassembly code,which is combined with code-coverage-based test data generation and snapshot-recovery-based fault injection techniques.It is a new method for automatic software security vulnerability discovering and solves a number of limitations of traditional fuzzing techniques.A test system based on this method is designed and implemented and the method is validated by vulnerabilities discovering experiment on example software.
Keywords:vulnerability mining  fuzzing test  input tracking
本文献已被 CNKI 维普 万方数据 等数据库收录!
点击此处可从《计算机工程》浏览原始摘要信息
点击此处可从《计算机工程》下载全文
设为首页 | 免责声明 | 关于勤云 | 加入收藏

Copyright©北京勤云科技发展有限公司  京ICP备09084417号