Abstract:
In view of military message structure and characteristics of its software, an intelligent brute Fuzzing test approach for construction of abnormality data is proposed. According to the principles and ideas of Fuzzing, military message software security vulnerability discovery system named MTSFuzzer is developed. Meanwhile, software architecture, modules and key techniques are analyzed. Test result shows that MTSFuzzer improves the efficiency of military message software vulnerability exploiting, and it has good expansibility.
Key words:
Fuzzing technique,
military message software,
vulnerability exploiting,
system architecture,
abnormality data
摘要: 分析军用报文格式及其软件特点,给出一种智能强制性Fuzzing测试的畸形数据构造方法。根据Fuzzing技术的原理,设计军用报文软件漏洞发掘系统MTSFuzzer,并对其构架、模块以及关键技术进行描述。测试结果表明,MTSFuzzer能提高军用报文软件漏洞的发掘效率,并且具有较好的可扩展性。
关键词:
Fuzzing技术,
军用报文软件,
漏洞发掘,
系统构架,
畸形数据
CLC Number:
WANG Hai-Chao, LI Yun, QIN Xiao-Yan, HONG Yu-Mei. Military Message Software Vulnerability Exploiting Technology Based on Fuzzing[J]. Computer Engineering, 2012, 38(18): 61-64.
王海涛, 李云, 秦晓燕, 汪玉美. 基于Fuzzing的军用报文软件漏洞发掘技术[J]. 计算机工程, 2012, 38(18): 61-64.