SymFuzz:一种复杂路径条件下的漏洞检测技术  被引量：5

作　　者：李明磊 黄晖 陆余良 朱凯龙 LI Ming-lei;HUANG Hui;LU Yu-liang;ZHU Kai-long(College of Electronic Engineering,National University of Defense Technology,Hefei 230037,China;Anhui Key Laboratory of Cyberspace Security Situation Awareness and Evaluation,Hefei 230037,China)

机构地区：[1]国防科技大学电子对抗学院,合肥230037 [2]网络空间安全态势感知与评估安徽省重点实验室,合肥230037

出　　处：《计算机科学》2021年第5期25-31,共7页Computer Science

基　　金：国家重点研发计划项目(2017YFB0802905);2020年度重庆市出版专项资金资助项目。

摘　　要：当前漏洞检测技术可以实现对小规模程序的快速检测,但对大型或路径条件复杂的程序进行检测时其效率低下。为实现复杂路径条件下的漏洞快速检测,文中提出了一种复杂路径条件下的漏洞检测技术SymFuzz。SymFuzz将导向式模糊测试技术与选择符号执行技术相结合,通过导向式模糊测试技术对程序路径进行过滤,利用选择符号执行技术对可能触发漏洞的路径进行求解。该技术首先通过静态分析获取程序漏洞信息;然后使用导向式模糊测试技术,快速生成可以覆盖漏洞函数的测试用例;最后对漏洞函数内可以触发漏洞的路径进行符号执行,生成触发程序漏洞的测试用例。文中基于AFL与S2E等开源项目实现了SymFuzz的原型系统。实验结果表明,SymFuzz与现有的模糊测试技术相比,在复杂路径条件下的漏洞检测效果提高显著。The current vulnerability detection technology can realize the rapid detection of small-scale programs,but it is inefficient when performing vulnerability detection on programs with large or complex path conditions.In order to achieve a rapid detection of vulnerabilities under complex path conditions,this paper proposes a vulnerability detection technology SymFuzz under complex path conditions.SymFuzz combines guided fuzzing technology and selected symbolic execution technology,filters program paths through guided fuzzing technology,and uses selected symbolic execution technology to solve paths that may trigger vulnerabilities.This technology first obtains program vulnerability information through static analysis.Then it uses guided fuzzy test technology to quickly generate test cases that can cover the vulnerability function.Finally,it executes symbolic execution on the path that can trigger the vulnerability within the vulnerability function to generate a test case that triggers the program vulnerability.This paper implements the prototype system of SymFuzz based on open source projects such as AFL and S2E.The comparison experiments show that SymFuzz significantly improves the effectiveness of vulnerability detection under complex path conditions compared with existing fuzzy testing techniques.

关 键 词：模糊测试 符号执行 静态分析 污点分析 漏洞检测 

分 类 号：TP309[自动化与计算机技术—计算机系统结构]