基于程序分析的二进制软件模糊测试  

Fuzzing for Binary Software Based on Program Analysis

在线阅读下载全文

作  者:王文婷[1,3] 孙嘉珺 万逸峰 王文杰 田东海[2] WANG Wen-Ting;SUN Jia-Jun;WAN Yi-Feng;WANG Wen-Jie;TIAN Dong-Hai(College of Control Science and Engineering,Zhejiang University,Hangzhou 310027,China;Beijing Key Laboratory of Software Security Engineering Technique,Beijing Institute of Technology,Beijing 100081,China;State Grid Shandong Electric Power Institute,Jinan 250003,China)

机构地区:[1]浙江大学控制科学与工程学院,杭州310027 [2]北京理工大学软件安全工程技术北京市重点实验室,北京100081 [3]国网山东省电力公司电力科学研究院,济南250003

出  处:《计算机系统应用》2025年第1期294-307,共14页Computer Systems & Applications

基  金:国家电网有限公司科技项目(5700-202316312A-1-1-ZN)。

摘  要:针对现有二进制模糊测试难以深入程序内部发现漏洞这一问题,提出一种融合硬件程序追踪、静态分析和混合执行3种技术的多角度优化方案.首先,利用静态分析和硬件追踪评估程序路径复杂度及执行概率;之后,根据路径复杂度与执行概率进行种子选择和变异能量分配;同时,利用混合执行辅助种子生成并记录关键字节用于针对性变异.实验结果表明,相比现有模糊测试方案,该方案在多数情况下能发现更多的程序路径和crash.Existing methods for binary fuzzing are difficult to dive into programs to find vulnerabilities.To address this problem,this study proposes a multi-angle optimization method integrating hardware-assisted program tracing,static analysis,and concolic execution.Firstly,static analysis and hardware-assisted tracing are used to calculate program path complexity and execution probability.Then,seed selection and mutation energy allocation are performed according to the path complexity and execution probability.Meanwhile,concolic execution is leveraged to assist seed generation and record key bytes for targeted variations.Experimental results show that this method finds more program paths as well as crashes in most cases,compared to other fuzzing methods.

关 键 词:模糊测试 硬件程序追踪 静态分析 混合执行 二进制软件 

分 类 号:TP3[自动化与计算机技术—计算机科学与技术]

 

参考文献:

正在载入数据...

 

二级参考文献:

正在载入数据...

 

耦合文献:

正在载入数据...

 

引证文献:

正在载入数据...

 

二级引证文献:

正在载入数据...

 

同被引文献:

正在载入数据...

 

相关期刊文献:

正在载入数据...

相关的主题
相关的作者对象
相关的机构对象