检索规则说明:AND代表“并且”;OR代表“或者”;NOT代表“不包含”;(注意必须大写,运算符两边需空一格)
检 索 范 例 :范例一: (K=图书馆学 OR K=情报学) AND A=范并思 范例二:J=计算机应用与软件 AND (U=C++ OR U=Basic) NOT M=Visual
名 称:
注 释:
作 者:李伟明 郭瑾仪 唐娜 LI Weiming;GUO Jinyi;TANG Na(Network and Computing Center,Huazhong University of Science and Technology,Wuhan 430074,China;School of Computer Science,Huazhong University of Science and Technology,Wuhan 430074,China)
机构地区:[1]华中科技大学网络与计算中心,湖北武汉430074 [2]华中科技大学计算机学院,湖北武汉430074
出 处:《武汉大学学报(工学版)》2023年第9期1146-1153,共8页Engineering Journal of Wuhan University
基 金:国家重点基础研发计划(编号:2017YFB0802205)。
摘 要:提出了一种利用程序控制流图和符号化执行来指导生成模糊测试初始用例的方法。首先通过动态计算上下文敏感度级别和增加函数返回边优化符号化执行效率,构建出准确的二进制程序的控制流图,得到主要的程序执行路径;在此基础上,提出基于分支覆盖率和基于基本块执行次数的优化策略,用符号化执行对这些路径进行约束求解;最终生成了更好的模糊测试初始用例。所提方法缓解了符号化求解中常见的路径爆炸问题,降低了模糊测试初始用例的盲目性,把模糊测试和符号化执行的优点相结合,将相同执行时间内漏洞挖掘的路径覆盖率提高了3~4倍。The paper presents a method of using program control flow graph and symbolic execution to generate the initial test case of fuzzy testing.Firstly,by dynamically calculating the context sensitivity level and increasing the function return edge,the symbolic execution efficiency is optimized,the accurate binary program control flow diagram is constructed,and the main program execution paths are obtained.On this basis,an optimization strategy based on branch coverage and basic block execution times is proposed,and these paths are solved by using symbolic execution.Finally,better initial fuzzy test cases are generated.This method alleviates the common problem of path explosion in symbolic solution,reduces the blindness of the initial use case of fuzzy test,combines the advantages of fuzzy test and symbolic execution,and increases the path coverage rate of vulnerability mining by 3 to 4 times in the same execution time.
分 类 号:TP393[自动化与计算机技术—计算机应用技术]
正在载入数据...
正在载入数据...
正在载入数据...
正在载入数据...
正在载入数据...
正在载入数据...
正在载入数据...
正在链接到云南高校图书馆文献保障联盟下载...
云南高校图书馆联盟文献共享服务平台 版权所有©
您的IP:3.142.219.125