混合模糊测试中混合符号执行优化策略评估与分析  

作　　者：陶静[1] 糜娴雅 王宝生[1] 王鹏飞[1] TAO Jing;MI Xianya;WANG Baosheng;WANG Pengfei(College of Computer Science and Technology,National University of Defense Technology,Changsha 410073,China;Intelligent Game and Decision Lab,Academy of Military Sciences,Beijing 100071,China)

机构地区：[1]国防科技大学计算机学院,湖南长沙410073 [2]军事科学院智能博弈与决策实验室,北京100071

出　　处：《国防科技大学学报》2023年第2期45-54,共10页Journal of National University of Defense Technology

基　　金：国防科技大学校科研计划基金资助项目(ZK20-17)。

摘　　要：针对传统混合模糊测试提升技术多聚焦于利用多种动静态分析手段辅助而忽略了混合符号执行自身性能的问题,提出一种混合模糊测试平衡点模型,并基于该模型对主流混合符号执行方案进行剖析,包括污点分析辅助模糊测试、混合模糊测试以及混合符号执行,归纳了6种符号执行方案,基于混合符号执行引擎Triton复现了6种符号执行方案,并通过10个典型真实程序进行了测试评估。从效率、内存、覆盖率三个维度对各个方案进行性能对比与影响因素分析。实验证明,优化方案都可以消除不必要的约束并减少时间和空间开销,但约束缩减会造成信息丢失,造成覆盖率降低。基于实验数据分析,提出了一个优化方案的性能序列,并提出三种针对不同测试需求的优化方案。Aiming at the problem that the traditional hybrid fuzzy test promotion technology focuses more on the use of multiple dynamic and static analysis methods to assist and ignores the performance of concolic execution,a hybrid fuzzing balance-point model was proposed.Based on the model,the popular concolic execution tools were analyzed,including taint-assist fuzzing,hybrid fuzzing and concolic execution,and 6 symbol execution schemes were summarized.Based on the hybrid symbol execution engine Triton,6 symbol execution schemes were reproduced,and tested and evaluated through 10 typical real programs.Performance comparison and impact factor analysis of each scheme were conducted from three dimensions of efficiency,memory consumption and coverage.Experiment results show that all of the optimization patterns can basically reduce the unnecessary constraints and thus reduce time and space consumption.However,the reduction of constraints can cause information loss and lead to coverage decrease.Based on the analysis of experimental data,the performance sequence of an optimization scheme was proposed,and three optimization schemes for different test requirements were proposed.

关 键 词：软件安全 软件漏洞挖掘 混合符号执行 混合模糊测试 

分 类 号：TP311[自动化与计算机技术—计算机软件与理论]