首页 | 本学科首页   官方微博 | 高级检索  
     检索      

可编程模糊测试技术的研究
引用本文:杨梅芳,霍玮,邹燕燕,尹嘉伟,刘宝旭,龚晓锐,贾晓启,邹维.可编程模糊测试技术的研究[J].软件学报,2018,29(5).
作者姓名:杨梅芳  霍玮  邹燕燕  尹嘉伟  刘宝旭  龚晓锐  贾晓启  邹维
作者单位:中国科学院信息工程研究所中国科学院网络测评技术重点实验室网络安全防护技术北京市重点实验室, 北京 100195;中国科学院大学网络空间安全学院, 北京 100049,中国科学院信息工程研究所中国科学院网络测评技术重点实验室网络安全防护技术北京市重点实验室, 北京 100195;中国科学院大学网络空间安全学院, 北京 100049,中国科学院信息工程研究所中国科学院网络测评技术重点实验室网络安全防护技术北京市重点实验室, 北京 100195;中国科学院大学网络空间安全学院, 北京 100049,中国科学院信息工程研究所中国科学院网络测评技术重点实验室网络安全防护技术北京市重点实验室, 北京 100195;中国科学院大学网络空间安全学院, 北京 100049,中国科学院信息工程研究所中国科学院网络测评技术重点实验室网络安全防护技术北京市重点实验室, 北京 100195;中国科学院大学网络空间安全学院, 北京 100049,中国科学院信息工程研究所中国科学院网络测评技术重点实验室网络安全防护技术北京市重点实验室, 北京 100195;中国科学院大学网络空间安全学院, 北京 100049,中国科学院信息工程研究所中国科学院网络测评技术重点实验室网络安全防护技术北京市重点实验室, 北京 100195;中国科学院大学网络空间安全学院, 北京 100049,中国科学院信息工程研究所中国科学院网络测评技术重点实验室网络安全防护技术北京市重点实验室, 北京 100195;中国科学院大学网络空间安全学院, 北京 100049
基金项目:本论文获得中国科学院网络测评技术重点实验室和网络安全防护技术北京市重点实验室资助.获得了北京市科委(D161100001216001、Z161100002616032),国家自然基金(61572481、61602470)课题资助.
摘    要:模糊测试是一种有效的漏洞挖掘技术.为改善模糊测试因盲目变异而导致的效率低下的问题,需要围绕输入特征、变异策略、种子样本筛选、异常样本发现与分析等方面不断定制模糊测试器,从而花费了大量的定制成本.针对通用型模糊测试器(即支持多类输入格式及目标软件的模糊测试器)的低成本定制和高可扩展性需求,本文首次提出了一种可编程模糊测试框架,基于该框架漏洞挖掘人员仅需编写模糊测试制导程序即可完成定制化模糊测试,在不降低模糊测试效果的基础上可大幅提高模糊测试器开发效率.该框架包含一组涉及变异、监控、反馈等环节的模糊测试原语,作为制导程序的基本语句;还包含一套编程规范(FDS)及FDS解析器,支持制导程序的编写、解析和模糊测试器的生成.基于实现的可编程模糊测试框架原型Puzzer,在26个模糊测试原语的支持下,漏洞挖掘人员平均编写54行代码即可实现当前主流的5款万级代码模糊测试器的核心功能,并可覆盖总计87.8%的基本操作.基于Puzzer实现的AFL等价模糊测试器,仅用51行代码即可达到与AFL相当的模糊测试效果,具有良好的有效性.

关 键 词:模糊测试|漏洞挖掘|可编程|制导程序|抽象语法树
收稿时间:2017/7/1 0:00:00
修稿时间:2017/8/29 0:00:00

Research on Programmable Fuzzing Technology
YANG Mei-Fang,HUO Wei,ZOU Yan-Yan,YIN Jia-Wei,LIU Bao-Xu,GONG Xiao-Rui,JIA Xiao-Qi and ZOU Wei.Research on Programmable Fuzzing Technology[J].Journal of Software,2018,29(5).
Authors:YANG Mei-Fang  HUO Wei  ZOU Yan-Yan  YIN Jia-Wei  LIU Bao-Xu  GONG Xiao-Rui  JIA Xiao-Qi and ZOU Wei
Institution:Key Laboratory of Network Assessment Technology(Chinese Academy of Science), Beijing Key Laboratory of Network Security and Protection Technology, Institute of Information Engineering(Chinese Academy of Science), Beijing 1000195, China;School of Cyber Security, University of Chinese Academy of Sciences, Beijing 100049, China,Key Laboratory of Network Assessment Technology(Chinese Academy of Science), Beijing Key Laboratory of Network Security and Protection Technology, Institute of Information Engineering(Chinese Academy of Science), Beijing 1000195, China;School of Cyber Security, University of Chinese Academy of Sciences, Beijing 100049, China,Key Laboratory of Network Assessment Technology(Chinese Academy of Science), Beijing Key Laboratory of Network Security and Protection Technology, Institute of Information Engineering(Chinese Academy of Science), Beijing 1000195, China;School of Cyber Security, University of Chinese Academy of Sciences, Beijing 100049, China,Key Laboratory of Network Assessment Technology(Chinese Academy of Science), Beijing Key Laboratory of Network Security and Protection Technology, Institute of Information Engineering(Chinese Academy of Science), Beijing 1000195, China;School of Cyber Security, University of Chinese Academy of Sciences, Beijing 100049, China,Key Laboratory of Network Assessment Technology(Chinese Academy of Science), Beijing Key Laboratory of Network Security and Protection Technology, Institute of Information Engineering(Chinese Academy of Science), Beijing 1000195, China;School of Cyber Security, University of Chinese Academy of Sciences, Beijing 100049, China,Key Laboratory of Network Assessment Technology(Chinese Academy of Science), Beijing Key Laboratory of Network Security and Protection Technology, Institute of Information Engineering(Chinese Academy of Science), Beijing 1000195, China;School of Cyber Security, University of Chinese Academy of Sciences, Beijing 100049, China,Key Laboratory of Network Assessment Technology(Chinese Academy of Science), Beijing Key Laboratory of Network Security and Protection Technology, Institute of Information Engineering(Chinese Academy of Science), Beijing 1000195, China;School of Cyber Security, University of Chinese Academy of Sciences, Beijing 100049, China and Key Laboratory of Network Assessment Technology(Chinese Academy of Science), Beijing Key Laboratory of Network Security and Protection Technology, Institute of Information Engineering(Chinese Academy of Science), Beijing 1000195, China;School of Cyber Security, University of Chinese Academy of Sciences, Beijing 100049, China
Abstract:Fuzzing is an effective vulnerability discovery technology. In order to solve the inefficient problem caused by blind mutation in fuzzing, safety engineers need to customize fuzzer from all aspects, such as input characteristics, mutation method, seed samples screening, abnormal samples found and analysis, which will result in huge expenditure. To meet the need of low cost customization and high scalability of the universal fuzzer (i.e.fuzzer supports multi-type input formats and softwares), this paper first proposes a programmable fuzzing framework. Based on the framework, the only thing safety engineers need to do is writting guidance programs when they want to customize fuzzing. It can sharply improve the efficiency of developing fuzzer without reducing effectiveness of fuzzing. The framework contains a set of fuzzing primitives, fuzzing directive specification (FDS) and FDS parser. Fuzzing primitives which involve mutation, monitoring and guidering are basicstatements of guidance program. FDS and FDS parser can support writing and parsing guidance programs, as well as generating fuzzers. Based on the implementation of a prototype framework called Puzzer, safety engineerscan accomplish core functionsand cover 87.8% of total basic operations of five mainstream fuzzers with onlyabout 54 lines of code.To accomplish a fuzzer which has equivalent function of AFL, it can reach the same effectiveness with only 51 lines of code using Puzzer.
Keywords:fuzzing|vulnerability discovery|programmable fuzzing|guidance program|abstract syntax tree
点击此处可从《软件学报》浏览原始摘要信息
点击此处可从《软件学报》下载免费的PDF全文
设为首页 | 免责声明 | 关于勤云 | 加入收藏

Copyright©北京勤云科技发展有限公司  京ICP备09084417号