Abstract:
This paper proposes a new fuzzing technique based on input path tracking technology on disassembly code, which is combined with code-coverage-based test data generation and snapshot-recovery-based fault injection techniques. It is a new method for automatic software security vulnerability discovering and solves a number of limitations of traditional fuzzing techniques. A test system based on this method is designed and implemented and the method is validated by vulnerabilities discovering experiment on example software.
Key words:
vulnerability mining,
fuzzing test,
input tracking
摘要: 在基于反汇编的输入路径追踪技术的基础上,结合基于代码覆盖的测试数据生成和基于快照恢复的错误注入技术,将其应用于模糊测试中。提出一种软件安全漏洞自动化挖掘的方法,较好地解决传统模糊技术存在的若干局限。设计并实现一个基于此方法的测试系统,通过对实例软件的漏洞挖掘实验,验证该方法的有效性。
关键词:
漏洞挖掘,
模糊测试,
输入追踪
CLC Number:
HUANG Yi, CENG Fan-Beng, ZHANG Mei-Chao. Fuzzing Technique Based on Dynamic Input Tracking[J]. Computer Engineering, 2011, 37(6): 44-45.
黄奕, 曾凡平, 张美超. 基于动态输入追踪的模糊技术[J]. 计算机工程, 2011, 37(6): 44-45.