检索规则说明:AND代表“并且”;OR代表“或者”;NOT代表“不包含”;(注意必须大写,运算符两边需空一格)
检 索 范 例 :范例一: (K=图书馆学 OR K=情报学) AND A=范并思 范例二:J=计算机应用与软件 AND (U=C++ OR U=Basic) NOT M=Visual
作 者:严飞[1] 瞿铸枫 张立强[1] YAN Fei;QU Zhufeng;ZHANG Liqiang(Key Laboratory of Aerospace Information Security and Trusted Computing of Ministry of Education,School of Cyber Science and Engineering,Wuhan University,Wuhan 430072,China)
机构地区:[1]武汉大学国家网络安全学院空天信息安全与可信计算教育部重点实验室,湖北武汉430072
出 处:《郑州大学学报(理学版)》2023年第1期1-7,共7页Journal of Zhengzhou University:Natural Science Edition
基 金:国家自然科学基金项目(61272452);国家重点基础研究发展计划(973计划)项目(2014CB340601);湖北省重点研发计划项目(2020BAA003);苏州市前瞻性应用研究项目(SYG201845)。
摘 要:使用模糊测试对HDF5文件格式的相关程序与工具集进行漏洞检测,并对模糊测试在HDF5输入上的性能优化方案进行研究。通过轻量级文件结构分析,精简模糊测试的确定性变异阶段,从而将模糊测试的注意力集中在更有价值的区域,减少无意义的变异与执行尝试次数;提出一系列HDF5文件格式敏感的变异策略,在模糊测试的随机变异阶段,使变异生成的输入更可能被程序的解析逻辑所接受,从而探索更深层代码。相比传统模糊测试框架,实现的原型框架HDFL可以保证极小的覆盖率与崩溃数量损耗,提高模糊测试的效率。The fuzz testing was used to detect the vulnerabilities of related programs and toolsets of the HDF5 file format.And the performance optimization strategies of fuzz testing on HDF5 input was studied.Through lightweight analysis of the file structure,the deterministic variation stage of fuzzy test was simplified,so as to focus the attention of fuzz testing on the more valuable areas,and to reduce the number of meaningless mutations and execution attempts.A series of HDF5 file format sensitive mutation strategies were proposed,which made the input generated by the mutation more likely to be accepted by the checking logic of the program during the havoc mutation stage of the fuzz testing,so as to explore deeper code.Compared with the traditional fuzz testing framework,the realized prototype framework HDFL could guarantee extremely small coverage and crash loss,and improve the efficiency of fuzz testing.
分 类 号:TN915.08[电子电信—通信与信息系统]
正在载入数据...
正在载入数据...
正在载入数据...
正在载入数据...
正在载入数据...
正在载入数据...
正在载入数据...
正在链接到云南高校图书馆文献保障联盟下载...
云南高校图书馆联盟文献共享服务平台 版权所有©
您的IP:216.73.216.177
