Directed Grey-box Fuzzing Test Technology Combining Mixed Symbolic Execution

doi:10.19678/j.issn.1000-3428.0055782

Computer Engineering ›› 2020, Vol. 46 ›› Issue (8): 190-196. doi: 10.19678/j.issn.1000-3428.0055782

• Computer Architecture and Software Technology • Previous Articles Next Articles

Directed Grey-box Fuzzing Test Technology Combining Mixed Symbolic Execution

DAI Wei, LU Yuliang, ZHU Kailong

College of Electronic Engineering, National University of Defense Technology, Hefei 230037, China

Received:2019-08-22 Revised:2019-10-08 Published:2019-10-21

结合混合符号执行的导向式灰盒模糊测试技术

戴渭, 陆余良, 朱凯龙

国防科技大学电子对抗学院, 合肥 230037

作者简介:戴渭(1995-),男,硕士研究生,主研方向为软件漏洞挖掘、网络空间安全;陆余良,教授、博士生导师;朱凯龙,博士研究生。
基金资助:
国家重点研发计划（2017YFB0802900）。

Abstract

Abstract: Directed Gray-box Fuzzing(DGF) test is a kind of fuzzing test technique which can quickly generate test cases to reach a given target area of the program and find vulnerabilities,but the existing DGF technique often fail to pass the checking statements such as magic bytes,and their path coverage of the target area is not high.To address the problems,this paper proposes a DGF technique combining mixed symbolic execution.By tracking the execution path of seeds,the genetic variation of seeds is assisted by the constraint solver to generate test cases that can pass checking statements,so as to test the target area more deeply and effectively.Experimental results show that the proposed test technique can improve the coverage of the target area,and it is of high application value in patch testing and high-risk code area detection.

Key words: Directed Gray-box Fuzzing(DGF) test, dynamic energy regulation, mixed symbolic execution, genetic variation, constraint solver

摘要： 导向式灰盒模糊测试是一种能够快速生成测试用例，达到给定程序目标区域并且发现漏洞的模糊测试技术。针对当前导向式模糊测试难以通过魔术字节等检查语句，且对目标区域路径覆盖率较低的问题，提出结合混合符号执行的导向式灰盒模糊测试方法。通过跟踪种子的执行路径，使用约束求解器对种子的遗传变异加以辅助，生成能够通过检查语句的测试用例，从而对目标区域进行有效测试。实验结果表明，该测试方法能够提高导向式模糊测试对目标区域的覆盖率。

关键词: 导向式灰盒模糊测试, 动态能量调控, 混合符号执行, 遗传变异, 约束求解器

CLC Number:

TP391

DAI Wei, LU Yuliang, ZHU Kailong. Directed Grey-box Fuzzing Test Technology Combining Mixed Symbolic Execution[J]. Computer Engineering, 2020, 46(8): 190-196.

戴渭, 陆余良, 朱凯龙. 结合混合符号执行的导向式灰盒模糊测试技术[J]. 计算机工程, 2020, 46(8): 190-196.

/ / Recommend / Download Citations

URL: http://www.ecice06.com/EN/10.19678/j.issn.1000-3428.0055782

http://www.ecice06.com/EN/Y2020/V46/I8/190

Figures/Tables 4

References

[1] ZHANG Xiong,LI Zhoujun.Survey of fuzz testing technology[J].Computer Science,2015,43(5):1-8.(in Chinese)张雄,李舟军.模糊测试技术研究综述[J].计算机科学,2015,43(5):1-8.
[2] BOHME M,PHAM V T,NGUYEN M D,et al.Directed greybox fuzzing[C]//Proceedings of 2017 ACM SIGSAC Conference on Computer and Communications Security.New York,USA,ACM Press,2017:2329-2344.
[3] ZALEWSKI M.American fuzzy lop[EB/OL].[2019-07-20].http://lcamtuf.coredump.cx/afl/.
[4] YE Zhibin,YAN Bo.Survey of symbolic execution[J].Computer Science,2018,45(Sup):41-48.(in Chinese)叶志斌,严波.符号执行研究综述[J].计算机科学,2018,45(增刊):41-48.
[5] HUANG Qi.Research on source code vulnerability mining technology based on mixed symbol execution and genetic algorithm[D].Chengdu:University of Electronic Science and Technology of China,2016.(in Chinese)黄琦.基于混合符号执行和遗传算法的源代码漏洞挖掘技术研究[D].成都:电子科技大学,2016.
[6] BALDONI R,COPPA E,CONO D D,et al.A survey of symbolic execution techniques[J].ACM Computing Surveys,2018,51(3):1-39.
[7] WANG Weiguan,ZENG Qingkai,SUN Hao.Dynamic symbolic execution method oriented to critical operation[J].Journal of Software,2016,27(5):1230-1245.(in Chinese)王伟光,曾庆凯,孙浩.面向危险操作的动态符号执行方法[J].软件学报,2016,27(5):1230-1245.
[8] ZHANG Shuqi.Research on fuzz testing technology based on genetic algorithm[D].Wuhan:Huazhong University of Science and Technology,2011.(in Chinese)章淑琴.基于遗传算法的模糊检测技术研究[D].武汉:华中科技大学,2011.
[9] HALLER I,SLOWINSKA A,NEUGSCHWANDTNER M,et al.Dowsing for overflows:a guided fuzzer to find buffer boundary violations[C]//Proceedings of the 22nd USENIX Conference on Security.Amsterdam,the Netherlands:[s.n.],2013:49-64.
[10] BOHME M,OLIVEIRA B C D S,ROYCHOUDHURY A.Partition-based regression verification[C]//Proceedings of IEEE International Conference on Software Engineering.Washington D.C.,USA:IEEE Press,2013:302-311.
[11] MARINESCU P D,CADAR C.KATCH:high-coverage testing of software patches[C]//Proceedings of the 9th Joint Meeting on Foundations of Software Engineering.London,UK:[s.n.],2013:235-245.
[12] JIN W,ORSO A.BugRedux:reproducing field failures for in-house debugging[C]//Proceedings of the 34th IEEE International Conference on Software Engineering.Washington D.C.,USA:IEEE Press,2011:474-484.
[13] MEHLHORN K.Data structures and algorithms:searching and sorting[EB/OL].[2019-07-20].https://link.springer.com/content/pdf/.
[14] Lib Fuzzer:a library for coverage-guided fuzz testing[EB/OL].[2019-07-20].http://llvm.org/docs/LibFuzzer.html.
[15] DORIGO M,GAMBARDELLA L M.A study of some properties of ant-q[C]//Proceedings of International Conference on Parallel Problem Solving from Nature.Berlin,Germany:Springer,1996:199-208.
[16] SEN K.Concolic testing[C]//Proceedings of International IEEE/ACM Conference on Automated Software Engineering.New York,USA:ACM Press,2007:571-572.
[17] STEPHENS N,GROSEN J,SALLS C,et al.Driller:augmenting fuzzing through selective symbolic execution[C]//Proceedings of IEEE International Conference on Network and Distributed System Security Symposium.Washington D.C.,USA:IEEE Press,2016:322-335.
[18] SEREBRYANY K,BRUENING D,POTABENKO A,et al.AddressSanitizer:a fast address sanity checker[C]//Proceedings of 2012 USENIX Conference on Annual Technical Conference.Washington D.C.,USA:IEEE Press,2012:28-38.
[19] SHOSHITAISHVILI Y,WANG R,HAUSER C,et al.Firmalice-tomatic detection of authentication bypass vulnerabilities in binary firmware[C]//Proceedings of the Symposium on Network and Distributed System Security.Santa Barbara,USA:[s.n.],2015:1-11
[20] CHA S K,AVGERINOS T,REBERT A,et al.Unleashing mayhem on binary code[C]//Proceedings of IEEE Symposium on Security and Privacy.Washington D.C.,USA:IEEE Press,2012:342-351.
[21] CHIPOUNOV V,KUZNETSOV V,CANDEA G.S2E:a platform for in-vivo multi-path analysis of software systems[C]//Proceedings of the 16th International Conference on Architectural Support for Programming Languages and Operating Systems.New York,USA:ACM Press,2011:145-156.
[22] GNUbinutils[EB/OL].[2019-07-20].https://www.gnu.org/software/binutils/.

Please choose a citation manager

Content to export