《计算机应用研究》|Application Research of Computers

一种fuzzing策略评价方法

Evaluation method for fuzzing strategy

免费全文下载 (已被下载 次)  
获取PDF全文
作者 张海涛,陈光宣,王斌君
机构 中国人民公安大学,北京 100038
统计 摘要被查看 次,已被下载
文章编号 1001-3695(2013)12-3804-03
DOI 10.3969/j.issn.1001-3695.2013.12.074
摘要 鉴于当前fuzzing技术发展中出现的各种策略的性能无法形式化衡量的问题, 设计一种评价框架, 通过基于跟踪器生成的污点数据图与解析器生成的语义树之间的映射关系, 计算某种策略的效能值与熵值来对此策略性能进行量化, 根据评价结果从策略集中筛选出较优策略。通过实例的测试, 证明了方法的可行性。对测试目标实施最优策略将能提高对测试目标的代码覆盖率与漏洞检测能力。
关键词 fuzzing;污点数据图;映射;语义树;回溯;策略评价
基金项目 中国人民公安大学博士生创新基金资助项目
本文URL http://www.arocmag.com/article/01-2013-12-074.html
英文标题 Evaluation method for fuzzing strategy
作者英文名 ZHANG Hai-tao, CHEN Guang-xuan, WANG Bin-jun
机构英文名 People's Public Security University of China, Beijing 100038, China
英文摘要 Considering the lack of evaluation methods aiming to evaluate the performance of many kinds of fuzzing strategies in the developing of fuzzing techniques at present, this paper proposed an evaluation framework, which showed the mapping between tainted data graph and syntax tree based tracer developed. According to the relation of mappings, it proposed an evaluation method to calculate the power and entropy values of a strategy and the optimal one would be chosen from strategy sets. Compared with the results on the current fuzzing platform, it proves the validity and effectiveness of method. The application of optimal strategy on the SUT will improve the capability of code coverage and vulnerability detection.
英文关键词 fuzzing; tainted data graph; mapping; syntax tree; backtrace; strategy evaluation
参考文献 查看稿件参考文献
  [1] MILLER C, PETERSONZN J. Analysis of mutation and generation-based fuzzing[EB/OL] . 2007-03-01(2009-07). http://securityevaluators. com/files/papers/analysis fuzzing. pdf.
[2] Peach[EB/OL] . (2009-06). http://www. peachFuzzer. com.
[3] 邵林, 张小松, 苏恩标. 一种基于fuzzing技术的漏洞发掘新思路[J] . 计算机应用研究, 2009, 26(3):1086-1088.
[4] WU Zhi-yong, WANG Hong-chuan. Survey on fuzzing[J] . Application Research of Computers, 2010, 27(3):829-832.
[5] VUAGNOUX M. Autodafé:an act of software torture[EB/OL] . 2006-08-05(2009-06). http://autodafe. sourceforge. net/docs/autodafe. pdf.
[6] SPIKE proxy[EB/OL] . (2009-06). http://www. immunitysec. com/resources-freesoftware. shtml.
[7] 吴志勇, 夏建军, 孙乐昌, 等. 多维fuzzing技术综述[J] . 计算机应用研究, 2010, 27(8):2811-2812.
[8] LANZI A, MARTIGNONI L, MONGA M, et al. A smart fuzzer for x86 executables[C] //Proc of the 3rd International Workshop on Software Engineering for Secure Systems. Washington DC:IEEE Computer Society, 2007:7.
[9] XU Hai-zhi, CHAPIN S J. Address-space layout randomization using code islands[J] . Journal of Computer Security, 2009, 17(3):331-362.
[10] HO A, FETTERMAN M, CLARK C, et al. Practical taint-based protection using demand emulation[C] //Proc of the 1st ACM SIGOPS/EuroSys European Conference on Computer Systems. New York:ACM Press, 2006:29-41.
[11] BROOKS C H, MONTANEZ N. Improved annotation of the blogosphere via autotagging and hierarchical clustering[C] //Proc of the 15th International Conference on World Wide Web. New York:ACM Press, 2006:625-632.
[12] HOWARD M, LIPNER S. Inside the windows security push[J] . IEEE Security & Privacy, 2003, 1(1):57-61.
[13] KAKSONEN R. A functional method for assessing protocol implementation security[D] . Oulu, Finland:University of Oulu, 2001.
[14] Home FTP server′SITE INDEX′ command remote denial of service vulnerability[EB /OL] . (2009-11-16). http://www. securityfocus. com /bid/37033.
[15] XM easy personal FTP server file/folder remote denial of service vulnerability [ EB /OL ] . (2009-11-24). http://www. securityfocus. com/bid/37112.
[16] GODEFROID P, KIEZUN A, LEVIN M Y. Grammar-based white box fuzzing[C] //Proc of ACM SIGPLAN Conference on Programming Language Design and Implementation. New York:ACM Press, 2008:206-215.
收稿日期
修回日期
页码 3804-3806
中图分类号 TP311
文献标志码 A