摘要： 在基于反汇编的输入路径追踪技术的基础上，结合基于代码覆盖的测试数据生成和基于快照恢复的错误注入技术，将其应用于模糊测试中。提出一种软件安全漏洞自动化挖掘的方法，较好地解决传统模糊技术存在的若干局限。设计并实现一个基于此方法的测试系统，通过对实例软件的漏洞挖掘实验，验证该方法的有效性。

关键词: 漏洞挖掘, 模糊测试, 输入追踪

Abstract: This paper proposes a new fuzzing technique based on input path tracking technology on disassembly code, which is combined with code-coverage-based test data generation and snapshot-recovery-based fault injection techniques. It is a new method for automatic software security vulnerability discovering and solves a number of limitations of traditional fuzzing techniques. A test system based on this method is designed and implemented and the method is validated by vulnerabilities discovering experiment on example software.

Key words: vulnerability mining, fuzzing test, input tracking

中图分类号: 

• TP309