Abstract:
Aiming at the defects of low effectiveness and function missing of traditional file test, this paper proposes a file fuzzy test method based on file format description. It gives file deduced rules which show the relationship between structure variables based on file format description, generates different kinds of files according to one special file format and performs fuzzing tests on them. Experimental results show that software vulnerability can be found by the method effectively.
Key words:
file fuzzing test,
file format description,
vulnerability test
摘要:
针对传统文件测试效率不高、存在功能遗漏的缺点,提出一种基于文件规范描述的文件模糊测试方法。给出基于文件规范的文件推导规则,用于描述文件中结构的组织形式、结构与结构之间的依赖关系,生成同一格式下不同类型的文件并对每类文件进行模糊测试。实验结果表明,该方法能有效找到文件处理软件的脆弱点。
关键词:
文件模糊测试,
文件规范描述,
脆弱性测试
CHEN E-Nan, DIAO Rong-Cai, WANG Xiao-Qin, LIN Hua, LU Hai-Jun, ZHANG Xin-Yu, LI Feng-Fei. File Fuzzing Test Based on File Format Description[J]. Computer Engineering, 2010, 36(16): 52-53.
沈亚楠, 赵荣彩, 王小芹, 任华, 鲁海军, 张新宇, 李鹏飞. 基于文件规范描述的文件模糊测试[J]. 计算机工程, 2010, 36(16): 52-53.