计算机科学 ›› 2016, Vol. 43 ›› Issue (5): 1-8, 26.doi: 10.11896/j.issn.1002-137X.2016.05.001

• 目次 •    下一篇

模糊测试技术研究综述

张雄,李舟军   

  1. 北京航空航天大学计算机学院 北京100191,北京航空航天大学计算机学院 北京100191
  • 出版日期:2018-12-01 发布日期:2018-12-01
  • 基金资助:
    本文受国家自然科学基金(61170189,6), 国家863计划(2015AA016004), 博士点基金(20111102130003)资助

Survey of Fuzz Testing Technology

ZHANG Xiong and LI Zhou-jun   

  • Online:2018-12-01 Published:2018-12-01

摘要: 软件中的安全漏洞可能导致非常严重的后果,因此漏洞挖掘已成为网络与信息安全领域的重大课题和研究热点。目前常用的漏洞挖掘技术包括静态分析、动态分析、二进制比对、模糊测试等。随着软件的规模和复杂度不断增大,模糊测试具有其它漏洞挖掘技术无法比拟的优势。首先介绍和分析了各种漏洞挖掘技术的优点和缺点;然后分别详细描述了模糊测试的研究进展、模糊测试的过程、测试用例的生成技术;最后介绍了模糊测试在各个领域的应用,并对其发展方向进行了展望。

关键词: 软件安全,漏洞挖掘,模糊测试,测试用例生成

Abstract: Security vulnerabilities in software may lead to serious consequences,and vulnerability exploiting has become a hot area of research in network and information security.Popular vulnerability exploiting technologies include static analysis,dynamic analysis,binary code comparison,fuzz testing and so on.Along with the expansion of the scale and complexity of software,fuzz testing has incomparable advantages which other vulnerability exploiting technology can’t provide.Firstly,both advantages and disadvantages of various vulnerability exploiting technology are discussed.Second-ly,an account of the research advances of fuzz testing the procedure of fuzz testing and test case generation technology were described in detail.Finally,the applications of fuzz testing were shown and the trend of future study was discussed.

Key words: Software security,Vulnerability exploiting,Fuzz testing,Test case generation

[1] CNCERT.2013 China Internet Network Security Report [M].Beijing:Post & Telecom Press,2013(in Chinese) 国家计算机应急技术处理协调中心.2013年中国互联网网络安全报告[M].北京:人民邮电出版社,2013
[2] Mei Hong,Wang Qian-xiang,Zhang Lu,et al.Analysis of the progress of software technology[J].Chinese Journal of Computers,2009,32(9):1697-1710(in Chinese) 梅宏,王千祥,张路,等.软件分析技术进展[J].计算机学报,2009,32(9):1697-1710
[3] ITS4[EB/OL].http://seclab.cs.ucdavis.edu/projects/testing/tools/its4.html
[4] FLAWFINDER[EB/OL].http://www.dwheeler.com/flawfinder
[5] IDA PRO[EB/OL].https://www.hex-rays.com/index.shtml
[6] Zhao Xiao-dong.Research and implementation of based malware analysis tool[D].Nanjing:Nanjing University,2012(in Chinese) 赵晓东.基于虚拟化的恶意软件分析工具的研究与实现[D].南京:南京大学,2012
[7] Vouk M A.Software reliability engineering∥A Tutorial Pre-sented at the Annual Reliability and Maintainability Symposium.2000.http://renoir.csc.ncsu.edu/Faculty/Vouk/vouk_se.html
[8] OllyDbg[EB/CP].http://www.ollydbg.de
[9] WinDbg[EB/CP].Whttp://www.windbg.org
[10] SoftICE[EB/OL].http://en.wikipedia.org/wiki/SoftICE
[11] Miller B P,Koski D,Lee C,et al.Fuzz Revisited:A Reexamination of the Reliability of UNIX Utilities and Services[R].Wisconsin:Computer Sciences Department,University of Wisconsin,1995
[12] Miller B P,et al.An empirical study of the reliability of UNIX utilities[J].Communications of the ACM,1990,33:32-44
[13] Cohen M B,Snyder J,Rothermel G.Testing across configurations:implications for combinatorial testing[J].ACM SIGSOFT Software Engineering Notes,2006,1(6):1-9
[14] Shu G, Lee D.Testing security properties of protocol implementations-a machine learning based approach[C]∥27th International Conference on Distributed Computing Systems (ICDCS’07).IEEE,2007:25
[15] Aitel D.The advantages of block-based protocol analysis of security testing[R].New York:Immunity Inc,February 2002
[16] SPIKE[EB/OL].http://www.immunitysec.com/resources-free-software.shtml
[17] Peach[EB/OL].http://peachfuzz.sourceforge.ne
[18] FillFuzz[EB/OL].http://labs.idefense.com/software/fuzzing.php
[19] COMRaider[EB/OL].http://labs.idefense.com/software/fuz-zing.php#more_comraider
[20] AxMan[EB/OL].http://metasploit.com/users/hdm/tools/axman
[21] Demott J.The evolving art of fuzzing[S].Defcon,2006
[22] DeMott J,et al.Revolutionizing the Field of Grey-box AttackSurface Testing with Evolutionary Fuzzing[S].BlackHat and Defcon,2007
[23] Godefroid P,et al.Grammar-based whitebox fuzzing[C]∥2008 ACM SIGPLAN Conference on Programming Language Design and Implementation 2008(PLDI’08).Tucson,AZ,United states,2008:206-215
[24] Godefroid P,et al.Automated Whitebox fuzzing[C]∥Proc Network Distributed Security Symposium(NDSS).San Diego,California,2008
[25] Ganesh V,et al.Taint-based directed whitebox fuzzing[C]∥Proc 2009 31st International Conference on Software Enginee-ring(ICSE 2009).Vancouver,BC,Canada,2009:474-484
[26] Wang T L.Research on key technologies of vulnerability exploiting for binary programs[M].Beijing:Peking University,2011(in Chinese) 王铁磊.面向二进制程序的漏洞挖掘关键技术研究[M].北京:北京大学,2011
[27] Wang T,et al.TaintScope:A checksum-aware directed fuzzing tool for automatic softwarevulnerability detection [C]∥Proc 31st IEEE Symposium on Security and Privacy,SP 2010.Berkeley/Oakland,CA,United states,2010:497-512
[28] Zhang Shu-qin.Research on Fuzz testing technology based ongenetic algorithm[D].Wuhan:Huazhong University of Science and Technology,2011(in Chinese) 章淑琴.基于遗传算法的模糊测试技术研究[D].武汉:华中科技大学,2011
[29] Du Xiao-jun,Lin Bo-gang,Lin Zhi-yuan,et al.Research of Multi population genetic algorithm in fuzz testing [J].Journal of Shandong University(Science Edition),2013(7):79-84(in Chinese) 杜晓军,林柏钢,林志远,等.安全软件模糊测试中多种群遗传算法的研究[J].山东大学学报(理学版),2013(7):79-84
[30] SecurityFocus[EB/OL].http://www.securityfocus.com/
[31] Secunia [EB/OL].http://secunia.com/
[32] CNVD[EB/OL].http://www.cnvd.org.cn/
[33] Jalbert N,Sen K.A trace simplification technique for effective debugging of concurrent programs[C]∥ Proceedings of the eighteenth ACM SIGSOFT International Symposium on Foundations of Software Engineering.ACM,2010:57-66
[34] Luk C,Cohn R,Muth R,et al.Pin:Building customized program analysis tools with dynamic instrumentation[J].Programming Language Design & Implementation,2005,40(6):190-200
[35] Kojarski S,Lorenz D H.Pluggable AOP:designing aspect mechanisms for third-party composition[J].Oopsla’05 Proceedings of Annual Acm Sigplan Conference on Object Oriented Programming Systems Languages & Applications,2005,40(10):247-263
[36] BCEL[EB/OL].http://commons.apache.org/proper/commons-
[37] Javassit[EB/OL].http://www.csg.ci.i.u-tokyo.ac.jp/~chiba/javassist/html/javassist/CtClass.html
[38] ASM[EB/CP].http://asm.ow2.org/
[39] DynamoRIO[EB/OL].http://www.dynamorio.org/
[40] DynInst[EB/OL].http://www.dyninst.org/
[41] Pin[EB/OL].https://software.intel.com/sites/landingpage/pintool/docs/71313/Pin/html/
[42] Wang T,Wei T,Zou W.Checksum-Aware Fuzzing Combinedwith Dynamic Taint Analysis and Symbolic Execution[J].Acm Transactions on Information & System Security,2011,14(2):613-613
[43] Atwood J W,et al.A new fuzzing technique for software vulnerability mining[D].Concordia University,2009
[44] MSDN[EB/OL].https://msdn.microsoft.com/zh-cn/default.aspx
[45] Sulley[EB/OL].http://resources.infosecinstitute.com/sulley-fuzzing/
[46] Miller C,Peterson Z N J.Analysis of Mutation and Generation-Based Fuzzing[R/OL].http://securityevaluators.com/files/papers/analysisfuzzing.pdf
[47] Ganesh V,Leek T,Rinard M.Taint-based Directed WhiteboxFuzzing[C]∥Proceeding International Conference on Software Engineering.2009:474-484
[48] Lanzi A,Martignoni L,Monga M,et al.A Smart Fuzzer for x86 Executables[C]∥ICSE Workshops 2007,Third International Workshop on Software Engineering for Secure Systems,2007(SESS’07).IEEE,2007:7-7
[49] Liu G H,Wu G,Tao Z,et al.Vulnerability Analysis for X86 Executables Using Genetic Algorithm and Fuzzing[C]∥International Conference on Convergence & Hybrid Information Technology.IEEE,2008:491-497
[50] PaiMei[CP/OL].http://www.openrce.org/downloads/details/208/PaiMei
[51] Liu W.Research on DoS Attack and Detection Programming[C]∥Workshop on Intelligent Information Technology Applications IEEE.2009:207-210
[52] Hydara I,Sultan A B M,Zulzalil H,et al.Current state of research on cross-site scripting(XSS)-A systematic literature review[J].Information & Software Technology,2015:170-186
[53] Dukes L,Yuan X,Akowuah F.A case study on web application security testing with tools and manual testing[C]∥Southeastcon,IEEE.IEEE,2013:1-6
[54] WebScara[EB/OL].https://www.owasp.org/index.php/Ca-tegory:OWASP_WebScarab_Project
[55] ShareFuzz[CP/OL].http://www.immunitysec.com/resources

No related articles found!
Viewed
Full text


Abstract

Cited

  Shared   
  Discussed   
[1] 雷丽晖,王静. 可能性测度下的LTL模型检测并行化研究[J]. 计算机科学, 2018, 45(4): 71 -75, 88 .
[2] 夏庆勋,庄毅. 一种基于局部性原理的远程验证机制[J]. 计算机科学, 2018, 45(4): 148 -151, 162 .
[3] 厉柏伸,李领治,孙涌,朱艳琴. 基于伪梯度提升决策树的内网防御算法[J]. 计算机科学, 2018, 45(4): 157 -162 .
[4] 王欢,张云峰,张艳. 一种基于CFDs规则的修复序列快速判定方法[J]. 计算机科学, 2018, 45(3): 311 -316 .
[5] 孙启,金燕,何琨,徐凌轩. 用于求解混合车辆路径问题的混合进化算法[J]. 计算机科学, 2018, 45(4): 76 -82 .
[6] 张佳男,肖鸣宇. 带权混合支配问题的近似算法研究[J]. 计算机科学, 2018, 45(4): 83 -88 .
[7] 伍建辉,黄中祥,李武,吴健辉,彭鑫,张生. 城市道路建设时序决策的鲁棒优化[J]. 计算机科学, 2018, 45(4): 89 -93 .
[8] 刘琴. 计算机取证过程中基于约束的数据质量问题研究[J]. 计算机科学, 2018, 45(4): 169 -172 .
[9] 钟菲,杨斌. 基于主成分分析网络的车牌检测方法[J]. 计算机科学, 2018, 45(3): 268 -273 .
[10] 史雯隽,武继刚,罗裕春. 针对移动云计算任务迁移的快速高效调度算法[J]. 计算机科学, 2018, 45(4): 94 -99, 116 .