基于动态污点分析的二进制程序导向性模糊测试方法  被引量:2

Method of binary oriented fuzzy testing based on dynamic taint analysis

在线阅读下载全文

作  者:张斌[1] 李孟君[1] 吴波[1] 唐朝京[1] 

机构地区:[1]国防科学技术大学电子科学与工程学院,湖南长沙410073

出  处:《现代电子技术》2014年第19期89-94,共6页Modern Electronics Technique

摘  要:传统模糊测试中,由于不同的输入可能重复测试相同的状态空间,导致其效率严重低下。提出一种基于动态污点分析与输入分域技术相结合的二进制程序导向性模糊测试技术,可以对典型安全敏感操作与一般模块函数进行导向性模糊测试,很好地解决了传统模糊测试效率低下的问题。实现了二进制导向性模糊测试的原型系统TaintedFuzz,实验证明,该系统能够对二进制程序中存在的典型安全漏洞进行高效地发掘。Since traditional fuzzy testing may test the same state space repeatedly due to the different input,and lead to a low efficiency,a binary oriented fuzzy testing technique based on dynamic taint analysis combined with input field classification technology is presented in this paper,which can perform the oriented fuzzy testing for typical security-sensitive operation and general module function,and serve as a good solution to the problem of low efficiency of the traditional fuzzy testing. The proto-type system TaintedFuzz was also realized for binary oriented fuzzy testing. The experiment proves that the method is capable of exploring the typical security vulnerabilities in the binary program efficiently.

关 键 词:安全漏洞 导向性模糊测试 动态污点分析 输入分域 

分 类 号:TP391.7[自动化与计算机技术—计算机应用技术]

 

参考文献:

正在载入数据...

 

二级参考文献:

正在载入数据...

 

耦合文献:

正在载入数据...

 

引证文献:

正在载入数据...

 

二级引证文献:

正在载入数据...

 

同被引文献:

正在载入数据...

 

相关期刊文献:

正在载入数据...

相关的主题
相关的作者对象
相关的机构对象