计算机工程 ›› 2020, Vol. 46 ›› Issue (1): 216-221.doi: 10.19678/j.issn.1000-3428.0053800

• 体系结构与软件技术 • 上一篇    下一篇

白盒模糊测试中环境交互问题的解决方案

张婉莹, 曹晓梅, 陈伟   

  1. 南京邮电大学 计算机学院, 南京 210023
  • 收稿日期:2019-01-24 修回日期:2019-03-25 出版日期:2020-01-15 发布日期:2019-04-24
  • 作者简介:张婉莹(1995-),女,硕士研究生,主研方向为软件测试、软件安全;曹晓梅、陈伟,副教授、博士。
  • 基金项目:
    国家自然科学基金(61602258)。

Solution for Environment Interaction Problem in Whitebox Fuzz Testing

ZHANG Wanying, CAO Xiaomei, CHEN Wei   

  1. School of Computer Science, Nanjing University of Posts and Telecommunications, Nanjing 210023, China
  • Received:2019-01-24 Revised:2019-03-25 Online:2020-01-15 Published:2019-04-24

摘要: 针对白盒模糊测试中的环境交互问题,提出一种基于外部函数探测和校正的隐藏路径搜索方案HPSBEF。利用约束求解获取外部函数在执行新路径时的输出值,并将结果记录在链表中,在执行该路径时检测其中的外部函数,根据链表中的信息进行动态修正,以达到驱动该路径进而提高路径覆盖率的目的。实验结果表明,与FMM方案相比,HPSBEF方案的路径覆盖率和漏洞检测能力均得到提升,且时间开销较低。

关键词: 漏洞检测, 白盒模糊测试, 环境交互, 外部函数, 路径覆盖

Abstract: To address the environment interaction problem in whitebox fuzz testing,this paper proposes a hidden path search scheme HPSBEF based on external function detection and correction.In the proposed scheme,constraint solving is used to obtain the output value of external function when executing new path and the results are recorded in the linked list.The external function in the executed path is detected and dynamically modified according to the information in the linked list,so as to drive the path and further improve the path coverage rate.Experimental results show that compared with the FMM scheme,the coverage rate and vulnerability detection ability of the HPSBEF scheme are improved,and the time cost is lower.

Key words: vulnerability detection, whitebox fuzz testing, environment interaction, external function, path coverage

中图分类号: