计算机科学 ›› 2023, Vol. 50 ›› Issue (12): 58-65.doi: 10.11896/jsjkx.221000225
徐威1, 武泽慧1, 王子木2, 陆丽3
XU Wei1, WU Zehui1, WANG Zimu2, LU Li3
摘要: 网络协议作为设备之间交互的规范,在计算机网络中发挥着至关重要的作用。协议实体中的漏洞会使设备遭受远程攻击,存在巨大的安全隐患。模糊测试是发现程序中安全漏洞的重要方法。在协议进行模糊测试之前需要对其进行逆向分析,在协议格式以及状态机模型的指导下生成高质量的测试用例。但上述过程中,测试用例生成需要手工构造,并且构造的测试用例难以覆盖深层次状态。针对上述问题,提出了一种自动化的测试用例生成技术。在模板中定义测试用例生成规则,基于状态迁移路径生成算法构建完备的测试路径,有效地对协议程序进行模糊测试。实验结果表明,与当前先进的协议模糊器Boofuzz相比,所提方法的有效测试用例生成数量增加了51.8%。在4个真实软件中进行测试,验证了3个已公开漏洞,同时发现了一个新的缺陷并得到了开发人员的确认。
中图分类号:
[1]MOHURLE S,PATIL M.A brief study of wannacry threat:Ransomware attack 2017[J].International Journal of Advanced Research in Computer Science,2017,8(5):1938-1940. [2]MILLER B P,FREDRIKSEN L,SO B.An empirical study of the reliability of UNIX utilities[J].Communications of the ACM,1990,33(12):32-44. [3]SCHUMILO S,ASCHERMANN C,GAWLIK R,et al.{kAFL}:{Hardware-Assisted} Feedback Fuzzing for {OS} Kernels[C]//26th USENIX Security Symposium(USENIX Security 17).2017:167-182. [4]ZHAO W,XIE F,PENG Y,et al.Security testing methods and techniques of industrial control devices[C]//2013 Ninth International Conference on Intelligent Information Hiding and Multimedia Signal Processing.IEEE,2013:433-436. [5]ASHRAF I,MA X,JIANG B,et al.GasFuzzer:Fuzzing ethe-reum smart contract binaries to expose gas-oriented exception security vulnerabilities[J].IEEE Access,2020,8:99552-99564. [6]MICHAEL E.PEACH FUZZER[EB/OL].(2021-03-30)[2022-10-13].https://peachtech.gitlab.io/peach-fuzzer-community. [7]JOSHUA P.Boofuzz.[EB/OL].(2022-2-12)[2022-10-13].https://github.com/jtpereyda/bo-ofuzz. [8]PHAM V T,BÖHME M,ROYCHOUDHURY A.AFLNet:a greybox fuzzer for network protocols[C]//2020 IEEE 13th International Conference on Software Testing,Validation and Ve-rification(ICST).IEEE,2020:460-465. [9]ANDREW S,SVIATOSLAV S,NIKOLAY K,et al.aiohttp[EB/OL].(202-9-16)[2022-10-13].https://github.com/aio-libs/aiohttp. [10]HAWKES B.Project zero five years of ‘make 0day hard'[EB/OL].(2019-07-15)[2022-10-13].https://i.blackhat.com/USA-19/Thursday/us-19-Hawkes-Project-Zero-Five-Years-Of-Make-0day-Hard.pdf. [11]ZALEWSKI M.American fuzzy lop[EB/OL].(2014-08-08)[2022-10-13].http://lcamtuf.coredump.cx/afl. [12]MAX M,FRANCISCO O,JULIAN V,et al.Libfuzzer[EB/OL].(2021-12-19)[2022-10-13].https://github.com/Dor1s/libfuzzer-workshop. [13]ANESTIS B,DAVID C,KAMIL R,et al.Honggfuzz[EB/OL].(2021-12-19)[2022-10-13].https://github.com/google/honggfuzz. [14]NEVES N,ANTUNES J,CORREIA M,et al.Using attack injection to discover new vulnerabilities[C]//International Conference on Dependable Systems and Networks(DSN'06).IEEE,2006:457-466. [15]NATELLA R.Stateafl:Greybox fuzzing for stateful networkservers[J].Empirical Software Engineering,2022,27(7):1-31. [16]ZOU Y H,BAI J J,ZHOU J,et al.{TCP-Fuzz}:Detecting Memory and Semantic Bugs in {TCP} Stacks with Fuzzing[C]//2021 USENIX Annual Technical Conference(USENIX ATC 21).2021:489-502. [17]NEWSOME J,BRUMLEY D,FRANKLIN J,et al.Replayer:Automatic protocol replay by binary analysis[C]//Proceedings of the 13th ACM Conference on Computer and Communications Security.2006:311-321. [18]LIN Z,ZHANG X,XU D.Automatic reverse engineering of data structures from binary execution[C]//Proceedings of the 11th Annual Information Security Symposium.2010. [19]MA R,ZHENG H,WANG J,et al.Automatic protocol reverse engineering for industrial control systems with dynamic taint analysis[J].Frontiers of Information Technology & Electronic Engineering,2022,23(3):351-360. [20]BOSSERT G,GUIHÉRY F,HIET G.Towards automated protocol reverse engineering using semantic information[C]//Proceedings of the 9th ACM Symposium on Information,Computer and Communications Security.2014:51-62. [21]LEITA C,MERMOUD K,DACIER M.Scriptgen:an automated script generation tool for honeyd[C]//21st Annual Computer Security Applications Conference(ACSAC'05).IEEE,2005. [22]CUI W,KANNAN J,WANG H J.Discoverer:Automatic Protocol Reverse Engineering from Network Traces[C]//USENIX Security Symposium.2007:1-14. [23]KLEBER S,VAN DER HEIJDEN R W,KARGL F.Messagetype identification of binary network protocols using continuous segment similarity[C]//IEEE Conference on Computer Communications(INFOCOM 2020).IEEE,2020:2243-2252. [24]LUO J Z,YU S Z.Position-based automatic reverse engineering of network protocols[J].Journal of Network and Computer Applications,2013,36(3):1070-1077. [25]KARIM F,MAJUMDAR S,DARABI H,et al.LSTM fully convolutional networks for time series classification[J].IEEE Access,2017,6:1662-1669. [26]NEEDLEMAN S B,WUNSCH C D.A general method applicable to the search for similarities in the amino acid sequence of two proteins[J].Journal of Molecular Biology,1970,48(3):443-453. [27]LÁDI G,BUTTYÁN L,HOLCZER T.GrAMeFFSI:GraphAnalysis Based Message Format and Field Semantics Inference For Binary Protocols,Using Recorded Network Traffic[J].Infocommunications Journal,2020,12(2):25-33. |
|