计算机科学 ›› 2021, Vol. 48 ›› Issue (5): 25-31.doi: 10.11896/jsjkx.200600128
李明磊, 黄晖, 陆余良, 朱凯龙
LI Ming-lei, HUANG Hui, LU Yu-liang, ZHU Kai-long
摘要: 当前漏洞检测技术可以实现对小规模程序的快速检测,但对大型或路径条件复杂的程序进行检测时其效率低下。为实现复杂路径条件下的漏洞快速检测,文中提出了一种复杂路径条件下的漏洞检测技术SymFuzz。SymFuzz将导向式模糊测试技术与选择符号执行技术相结合,通过导向式模糊测试技术对程序路径进行过滤,利用选择符号执行技术对可能触发漏洞的路径进行求解。该技术首先通过静态分析获取程序漏洞信息;然后使用导向式模糊测试技术,快速生成可以覆盖漏洞函数的测试用例;最后对漏洞函数内可以触发漏洞的路径进行符号执行,生成触发程序漏洞的测试用例。文中基于AFL与S2E等开源项目实现了SymFuzz的原型系统。实验结果表明,SymFuzz与现有的模糊测试技术相比,在复杂路径条件下的漏洞检测效果提高显著。
中图分类号:
[1]WU S Z,GUO T,DONG G W,et al.Advances in software vulnerability analysis techniques [J].Journal of Tsinghua University (Natural Science Edition),2012,52(10):1309-1319. [2]BARTON P M,LOUIS F,BRYAN S.An Empirical Study of the Reliability of UNIX Utilities[J].Communications of the ACM,1990,33(12):32-44. [3]GODEFROID P,LEVIN M Y,MOLNAR D.SAGE:whiteboxfuzzing for security testing[J].Communications of the ACM,2012,55(3):40-44. [4]LI J,ZHAO B,ZHANG C.Fuzzing:a survey[J].Cybersecurity,2018,1(1):6. [5]MANÈS V J M,HAN H S,HAN C,et al.The art,science,and engineering of fuzzing:A survey[J].IEEE Transactions on Software Engineering,2019,arXiv:1812.00140. [6]REN Y Z,ZHANG Y W,AI C W.Review of Stain Analysis Technology Research [J].Journal of Computer Applications.2019,39(8):2302-2309. [7]CHEN J M,SHU H,XIONGX B.Fuzzing test method based on symbolic execution [J].Computer Engineering,2009,35(21):33-35. [8]ZOU Q C,ZHANG T,WU R P,et al.From automation to intelligence:software vulnerabilities mining technology progress [J].Journal of Tsinghua University (Science and Technology),2018,58(12):1079-1094. [9]BÖHME M,PHAM V T,NGUYEN M D,et al.Directed Greybox Fuzzing[C]//Acm Sigsac Conference on Computer & Communications Security.2017:2329-2344. [10]CHEN H,XUE Y,LI Y,et al.Hawkeye:Towards a desired directed grey-box fuzzer[C]//Proceedings of the 2018 ACM SIGSAC Conference on Computer and Communications Security.2018:2095-2108. [11]CHIPOUNOV V,KUZNETSOV V,CANDEA G.S2E:A platorm for invivo multipath analysis of software systems [J].ACM SIGPLAN Notices,2011,47(4):265-278. [12]CHIPOUNOV V,GEORGESCU V,ZAMFIR C,et al.Selective symbolic execution[C]//The Workshop on Hot Topics in System Dependability.2009:1286-1299. [13]CADAR C,SEN K.Symbolic execution for software testing:Three decades later[J].Communications of the ACM,2013,56(2):82-90. [14]BALDONI R,COPPA E,D'ELIA D C,et al.A survey of symbolic execution techniques[J].ACM Computing Surveys (CSUR),2018,51(3):1-39. [15]MEHLHORN K.Data structures and algorithms:1.Searchingand sorting [J].Springer,1984,84:90. [16]HUANG H,LU Y L,LIU L T,et al.Research on the symbolicexecution technology of control flow stain information[J].Journal of University of Science and Technology of China,2016,46(1):21-27. [17]ZALEWSKIM.American Fuzzy Lop[OL].http://lcamtuf.coredump.cx/afl/. [18]DARPA.DARPA cyber grand challenge [EB/OL].[2017-02-01].https://github.com/CyberGrandChallenge. |
[1] | 黄松, 杜金虎, 王兴亚, 孙金磊. 以太坊智能合约模糊测试技术研究综述 Survey of Ethereum Smart Contract Fuzzing Technology Research 计算机科学, 2022, 49(8): 294-305. https://doi.org/10.11896/jsjkx.220500069 |
[2] | 张光华, 高天娇, 陈振国, 于乃文. 基于N-Gram静态分析技术的恶意软件分类研究 Study on Malware Classification Based on N-Gram Static Analysis Technology 计算机科学, 2022, 49(8): 336-343. https://doi.org/10.11896/jsjkx.210900203 |
[3] | 赵静文, 付岩, 吴艳霞, 陈俊文, 冯云, 董继斌, 刘嘉琪. 多线程数据竞争检测技术研究综述 Survey on Multithreaded Data Race Detection Techniques 计算机科学, 2022, 49(6): 89-98. https://doi.org/10.11896/jsjkx.210700187 |
[4] | 胡志濠, 潘祖烈. 基于QRNN的网络协议模糊测试用例过滤方法 Testcase Filtering Method Based on QRNN for Network Protocol Fuzzing 计算机科学, 2022, 49(5): 318-324. https://doi.org/10.11896/jsjkx.210300281 |
[5] | 张潆藜, 马佳利, 刘子昂, 刘新, 周睿. 以太坊Solidity智能合约漏洞检测方法综述 Overview of Vulnerability Detection Methods for Ethereum Solidity Smart Contracts 计算机科学, 2022, 49(3): 52-61. https://doi.org/10.11896/jsjkx.210700004 |
[6] | 周晟伊, 曾红卫. 进化算法与符号执行结合的程序复杂度分析方法 Program Complexity Analysis Method Combining Evolutionary Algorithm with Symbolic Execution 计算机科学, 2021, 48(12): 107-116. https://doi.org/10.11896/jsjkx.210200052 |
[7] | 李毅豪, 洪征, 林培鸿. 基于深度优先搜索的模糊测试用例生成方法 Fuzzing Test Case Generation Method Based on Depth-first Search 计算机科学, 2021, 48(12): 85-93. https://doi.org/10.11896/jsjkx.200800178 |
[8] | 陈晨, 周宇, 王永超, 黄志球. 基于情境感知的API个性化推荐 Context-aware Based API Personalized Recommendation 计算机科学, 2021, 48(12): 100-106. https://doi.org/10.11896/jsjkx.201000127 |
[9] | 涂良琼, 孙小兵, 张佳乐, 蔡杰, 李斌, 薄莉莉. 智能合约漏洞检测工具研究综述 Survey of Vulnerability Detection Tools for Smart Contracts 计算机科学, 2021, 48(11): 79-88. https://doi.org/10.11896/jsjkx.210600117 |
[10] | 龚扣林, 周宇, 丁笠, 王永超. 基于BiLSTM模型的漏洞检测 Vulnerability Detection Using Bidirectional Long Short-term Memory Networks 计算机科学, 2020, 47(5): 295-300. https://doi.org/10.11896/jsjkx.190800046 |
[11] | 赵赛, 刘昊, 王雨峰, 苏航, 燕季薇. Android组件间通信的模糊测试方法 Fuzz Testing of Android Inter-component Communication 计算机科学, 2020, 47(11A): 303-309. https://doi.org/10.11896/jsjkx.200100122 |
[12] | 黄钊,黄曙光,邓兆琨,黄晖. 基于SEH的漏洞自动检测与测试用例生成 Automatic Vulnerability Detection and Test Cases Generation Method for Vulnerabilities Caused by SEH 计算机科学, 2019, 46(7): 133-138. https://doi.org/10.11896/j.issn.1002-137X.2019.07.021 |
[13] | 方皓, 吴礼发, 吴志勇. 基于符号执行的Return-to-dl-resolve利用代码自动生成方法 Automatic Return-to-dl-resolve Exploit Generation Method Based on Symbolic Execution 计算机科学, 2019, 46(2): 127-132. https://doi.org/10.11896/j.issn.1002-137X.2019.02.020 |
[14] | 谢念念, 曾凡平, 周明松, 秦晓霞, 吕成成, 陈钊. 多维敏感特征的Android恶意应用检测 Android Malware Detection with Multi-dimensional Sensitive Features 计算机科学, 2019, 46(2): 95-101. https://doi.org/10.11896/j.issn.1002-137X.2019.02.015 |
[15] | 帕尔哈提江·斯迪克, 马建峰, 孙聪. 一种面向二进制的细粒度控制流完整性方法 Fine-grained Control Flow Integrity Method on Binaries 计算机科学, 2019, 46(11A): 417-420. |
|