距离与权重相结合的导向式灰盒模糊测试方法

doi:10.19678/j.issn.1000-3428.0057510

摘要/Abstract

摘要： 导向式灰盒模糊测试是一种能够快速对程序指定位置进行测试的技术。通过对当前导向式灰盒模糊测试技术导向不够精确的问题进行分析，提出一种新的导向式灰盒模糊测试方法，并引入基本块权重与函数路径长度的概念。通过对被测程序的静态分析，构建被测程序的函数调用图和控制流程图，计算更准确的基本块距离并插桩到被测程序中。在模糊测试时通过插桩追踪并计算每个测试用例到指定目标的距离，模糊测试器依据该距离计算种子能量以实现对目标区域的导向，并基于该方法实现原型系统Afl-guide。实验结果表明，与现有的导向式模糊测试方法相比，该方法对目标区域导向更精确、路径覆盖更广，能够更快地生成覆盖程序指定位置的测试用例。

关键词: 灰盒模糊测试, 距离向量, 基本块, 种子能量分配, 漏洞检测

Abstract: Guided grey-box fuzzing test is a technique that can quickly test a specified location of a program.By analyzing the problem that the existing guided grey-box fuzzing test techniques are not accurate enough in guidance, this paper proposes a guided grey-box fuzzing test method.The method introduces the concepts of basic block weight and function path length.Through the static analysis of the program under test,the function call graph and control flow chart of the program under test are constructed,and the more accurate basic block distance is calculated and inserted into the program.By instrumentation,the distance from each test case to the specified target is tracked and calculated in the fuzzing test.The fuzzing tester calculates the seed energy based on this distance to achieve the guidance of the target area.Based on this method,the prototype system Afl-guide is implemented.The experimental results show that compared with the existing guided fuzzing test methods,the proposed method is more accurate in the guidance of the target area,provides wider path coverage,and can generate test cases covering the specified position of the program faster.

Key words: grey-box fuzzing test, distance vector, basic block, seed energy allocation, vulnerability detection

中图分类号:

TP309

李明磊, 陆余良, 黄晖, 朱凯龙. 距离与权重相结合的导向式灰盒模糊测试方法[J]. 计算机工程, 2021, 47(3): 147-154.

LI Minglei, LU Yuliang, HUANG Hui, ZHU Kailong. Guided Grey-Box Fuzzing Test Method Combining Distance and Weight[J]. Computer Engineering, 2021, 47(3): 147-154.

http://www.ecice06.com/CN/Y2021/V47/I3/147

图/表 11

20210322171524

20210322171534

20210322171538

20210322171541

20210322171544

20210322171548

20210322171552

20210322171555

20210322171558

20210322171601

20210322171604

参考文献

[1] CHEN Hongxu,XUE Yinxing,LI Yuekang,et al.Hawkeye:towards a desired directed grey-box fuzzer[C]//Proceedings of 2018 ACM SIGSAC Conference on Computer and Communications Security.Toronto,Canada:ACM Press,2018:2095-2108.
[2] CRAWFORD J B.A survey of some free fuzzing tools[EB/OL].(2018-01-17)[2020-01-20].https://lwn.net/Articles/744269/.
[3] MILLER B P,FREDRIKSEN L,SO B.An empirical study of the reliability of UNIX utilities[J].Communications of the ACM,1990,33(12):32-44.
[4] GODEFROID P,LEVIN M Y,MOLNAR D.SAGE:Whitebox fuzzing for security testing[J].Communications of the ACM,2012,55(3):40-44.
[5] ZOU Quanchen,ZHANG Tao,WU Runpu,et al.From automation to intelligence:software vulnerabilities mining technology progress[J].Journal of Tsinghua University(Science and Technology),2018,58(12):1079-1094.(in Chinese)邹权臣,张涛,吴润浦,等.从自动化到智能化:软件漏洞挖掘技术进展[J].清华大学学报(自然科学版),2018,58(12):1079-1094.
[6] REN Yuzhu,ZHANG Youwei,AI Chengwei.Review of stain analysis technology research[J].Journal of Computer Applications,2019,39(8):2302-2309.(in Chinese)任玉柱,张有为,艾成炜.污点分析技术研究综述[J].计算机应用,2019,39(8):2302-2309.
[7] CHEN Jianmin,SHU Hui,XIONG Xiaobing.Fuzzing test method based on symbolic execution[J].Computer Engineering,2009,35(21):33-35.(in Chinese)陈建敏,舒辉,熊小兵.基于符号化执行的Fuzzing测试方法[J].计算机工程,2009,35(21):33-35.
[8] ZHANG Lin,ZENG Qingkai.Static detection technology of software security vulnerabilities[J].Computer Engineering,2008,34(12):157-159.(in Chinese)张林,曾庆凯.软件安全漏洞的静态检测技术[J].计算机工程,2008,34(12):157-159.
[9] WANG Tielei,WEI Tao,GU Guofei,et al.TaintScope:a checksum-aware directed fuzzing tool for automatic software vulnerability detection[C]//Proceedings of 2010 IEEE Symposium on Security and Privacy.Berkeley/Oakland,USA:IEEE Press,2010:497-512.
[10] HALLER I,SLOEINSKA A,NEUGSCHWANDTNER M,et al.Dowsing for over flows:a guided fuzzer to find buffer boundary violations[C]//Proceedings of the 22nd USENIX Conference on Security.Washington D.C.,USA:USENIX Association,2013:49-64.
[11] NEUGSCHWANDTNER M,MILANI C P,Haller I,et al.The BORG:nanoprobing binaries for buffer overreads[C]//Proceedings of the 5th ACM Conference on Data and Application Security and Privacy.New York,USA:ACM Press,2015:87-97.
[12] BOHME M,PHAM V T,ROYCHOUDHURY A.Coverage-based greybox fuzzing as Markov chain[J].IEEE Transactions on Software Engineering,2017,45(5):489-506.
[13] WANG J,CHEN B,WEI L,et al.Skyfire:data-driven seed generation for fuzzing[C]//Proceedings of IEEE Symposium on Security and Privacy.San Jose,USA:IEEE Press,2017:579-594.
[14] RAWAT S,JAIN V,KUMAR A,et al.VUzzer:application aware evolutionary fuzzing[C]//Proceedings of NDSS'17.San Diego,USA:[s.n.],2017:1-14.
[15] BOHME M,PHAM V T,NGUYEN M D,et al.Directed greybox fuzzing[C]//Proceedings of 2017 ACM SIGSAC Conference on Computer and Communications Security.Dallas,USA:ACM Press,2017:2329-2344.
[16] DAI Wei,LU Yuliang,ZHU Kailong.Guided grey box fuzzy testing technology combined with mixed symbol execution[J].Computer Engineering,2020,46(8):190-196.(in Chinese)戴渭,陆余良,朱凯龙.结合混合符号执行的导向式灰盒模糊测试技术[J].计算机工程,2020,46(8):190-196.
[17] MARINESCU P D,CADAR C.KATCH:high-coverage testing of software patches[C]//Proceedings of the 9th Joint Meeting on Foundations of Software Engineering.Saint Petersburg,Russian Federation:[s.n.],2013:235-245.
[18] ZALEWSKI M.American fuzzy lop[EB/OL].[2020-01-20].https://www.cnblogs.com/0xHack/p/9414444.html.
[19] LATTNER C,ADVE V.LLVM:a compilation framework for lifelong program analysis & transformation[C]//Proceedings of International Symposium on Code Generation and Optimization.San Jose,USA:[s.n.],2004:75-86.
[20] BOHME M,PHAM V T,ROYCHOUDHURY A.Coverage based greybox fuzzing as Markov chain[C]//Proceedings of ACM SIGSAC Conference on Computer and Communications Security.New York,USA:ACM Press,2016:1032-1043.
[21] LEMIEUX C,SEN K.FairFuzz:targeting rare branches to rapidly increase greybox fuzz testing coverage[EB/OL].[2020-01-20].https://arxiv.org/pdf/1709.07101.pdf.

选择文件类型/文献管理软件名称

选择包含的内容