检索
E-mail
RSS
作者投稿和查稿 主编审稿 专家审稿 编委审稿 远程编辑

计算机工程 ›› 2011, Vol. 37 ›› Issue (6): 44-45.doi: 10.3969/j.issn.1000-3428.2011.06.016

• 软件技术与数据库 • 上一篇    下一篇

基于动态输入追踪的模糊技术

黄 奕 1,曾凡平 1,2,张美超 1   

  1. (1. 中国科学技术大学计算机学院,合肥 230026;2. 安徽省计算与通讯软件重点实验室,合肥 230026)
  • 出版日期:2011-03-20 发布日期:2011-03-29
  • 作者简介:黄 奕(1980-),男,硕士研究生,主研方向:软件安全;曾凡平,副教授、博士;张美超,硕士研究生

Fuzzing Technique Based on Dynamic Input Tracking

HUANG Yi 1, ZENG Fan-ping 1,2, ZHANG Mei-chao 1   

  1. (1. School of Computer Science, University of Science and Technology of China, Hefei 230026, China; 2. Anhui Key Laboratory of Computation and Communication Software, Hefei 230026, China)
  • Online:2011-03-20 Published:2011-03-29

PDF

1813

被引次数

2

摘要: 在基于反汇编的输入路径追踪技术的基础上,结合基于代码覆盖的测试数据生成和基于快照恢复的错误注入技术,将其应用于模糊测试中。提出一种软件安全漏洞自动化挖掘的方法,较好地解决传统模糊技术存在的若干局限。设计并实现一个基于此方法的测试系统,通过对实例软件的漏洞挖掘实验,验证该方法的有效性。

关键词: 漏洞挖掘, 模糊测试, 输入追踪

Abstract: This paper proposes a new fuzzing technique based on input path tracking technology on disassembly code, which is combined with code-coverage-based test data generation and snapshot-recovery-based fault injection techniques. It is a new method for automatic software security vulnerability discovering and solves a number of limitations of traditional fuzzing techniques. A test system based on this method is designed and implemented and the method is validated by vulnerabilities discovering experiment on example software.

Key words: vulnerability mining, fuzzing test, input tracking

中图分类号: