计算机科学 ›› 2018, Vol. 45 ›› Issue (9): 171-176.doi: 10.11896/j.issn.1002-137X.2018.09.028
李佳莉1, 陈永乐1, 李志2,3, 孙利民2,3,4
LI Jia-li1, CHEN Yong-le1, LI Zhi2,3, SUN Li-min2,3,4
摘要: 目前,视频监控设备中很多摄像头、DVR、NVR都支持RTSP协议,而且由RTSP协议引起的缓冲区溢出漏洞个数较多,危害性大,因此对RTSP协议的研究具有理论意义和应用价值。直接利用模糊测试框架中的方法生成的测试用例数量庞大,测试过程耗时长。针对上述问题,以视频监控设备的RTSP协议为研究对象,提出对协议基本块的样本集进行去重,利用协议状态间的约束关系和状态转移的关联关系构造协议状态图,并基于协议状态图进行深度遍历的方法。该方法减少了测试用例的生成,并提高了生成的有效性。对RTSP协议进行fuzzy测试时,利用发送TCP探测包的方法,判断测试目标是否异常。去除记录的异常测试用例的冗余部分,以缩短后续重放过程的耗时,从而提高漏洞挖掘的效率。
中图分类号:
[1]SHI F Y,FU D S.A survey on analysis and utilization of buffer overflow vulnerability[J].Journal of Computer Science,2013,40(11):143-146.(in Chinese) 史飞悦,傅德胜.缓冲区溢出漏洞挖掘分析及利用的研究[J].计算机科学,2013,40(11):143-146. [2]MEI H,WANG Q X,ZHANG L,et al.Analysis of the progress of software technology[J].Chinese Journal of Computers,2009,32(9):1697-1710. [3]CHI Q,LUO H,QIAO X D.A survey of vulnerability mining and analysis technology[J].Computer and Information Techno-logy,2009(Z2):90-92.(in Chinese) 迟强,罗红,乔向东.漏洞挖掘分析技术综述[J].计算机与信息技术,2009(Z2):90-92. [4]MA R,JI W,HU C,et al.Fuzz testing data generation for network protocol using classification tree[C]∥Communications Security Conference.IET,2014:1-5. [5]MA R,WANG D,HU C,et al.Test data generation for Stateful network protocol fuzzing using a rule-based state machine[J].Tsinghua Science and Technology,2016,21(3):352-360. [6]KIM S J,JO W Y,SHON T.A novel vulnerability analysis approach to generate fuzzing test case in industrial control systems[C]∥IEEE Information Technology,Networking,Electronic and Automation Control Conference.IEEE,2016:566-570. [7]HAN X,WEN Q,ZHANG Z.A mutation-based fuzz testing approach for network protocol vulnerability detection[C]∥International Conference on Computer Science and Network Techno-logy.IEEE,2013:1018-1022. [8]LI H,WANG S,ZHANG B,et al.Network protocol security testing based on fuzz[C]∥International Conference on Compu-ter Science and Network Technology.IEEE,2015:955-958. [9]WANG W,SUN H,ZENG Q.SeededFuzz:Selecting and Gene-rating Seeds for Directed Fuzzing[C]∥International Symposium on Theoretical Aspects of Software Engineering.IEEE,2016:49-56. [10]MA R,REN S,MA K,et al.Semi-valid fuzz testing case generation for stateful network protocol[J].Tsinghua Science & Technology,2017,22(5):458-468. [11]胡昌振,马锐,纪文东,et al.Case generation method for semi-legalized fuzz test of network protocol based on finite-state machine:CN 105095075 A[P].2015. [12]NARAYAN J,SHUKLA S K,CLANCY T C.A Survey of Automatic Protocol Reverse Engineering Tools[J].Acm Computing Surveys,2015,48(3):1-26. [13]MA R,ZHU T,HU C,et al.SulleyEX:A Fuzzer for Stateful Network Protocol[M]∥Network and Systems Security.2017:359-372. [14]龚波,冯军.模糊测试——强制性安全漏洞发掘[M].北京:机械工业出版社,2009. [15]Sulley[EB/OL].(2013-06-11)[2016-10-18].http://github.com/OpenRCE/sulley. [16]RFC2326.RTSP Protocol[Z/OL].(2009-08-10).https://tools.ietf.org/html/rfc2326. |
[1] | 黄松, 杜金虎, 王兴亚, 孙金磊. 以太坊智能合约模糊测试技术研究综述 Survey of Ethereum Smart Contract Fuzzing Technology Research 计算机科学, 2022, 49(8): 294-305. https://doi.org/10.11896/jsjkx.220500069 |
[2] | 胡志濠, 潘祖烈. 基于QRNN的网络协议模糊测试用例过滤方法 Testcase Filtering Method Based on QRNN for Network Protocol Fuzzing 计算机科学, 2022, 49(5): 318-324. https://doi.org/10.11896/jsjkx.210300281 |
[3] | 李明磊, 黄晖, 陆余良, 朱凯龙. SymFuzz:一种复杂路径条件下的漏洞检测技术 SymFuzz:Vulnerability Detection Technology Under Complex Path Conditions 计算机科学, 2021, 48(5): 25-31. https://doi.org/10.11896/jsjkx.200600128 |
[4] | 郑建云, 庞建民, 周鑫, 王军. 基于约束推导式的增强型二进制漏洞挖掘 Enhanced Binary Vulnerability Mining Based on Constraint Derivation 计算机科学, 2021, 48(3): 320-326. https://doi.org/10.11896/jsjkx.200700047 |
[5] | 李毅豪, 洪征, 林培鸿. 基于深度优先搜索的模糊测试用例生成方法 Fuzzing Test Case Generation Method Based on Depth-first Search 计算机科学, 2021, 48(12): 85-93. https://doi.org/10.11896/jsjkx.200800178 |
[6] | 赵赛, 刘昊, 王雨峰, 苏航, 燕季薇. Android组件间通信的模糊测试方法 Fuzz Testing of Android Inter-component Communication 计算机科学, 2020, 47(11A): 303-309. https://doi.org/10.11896/jsjkx.200100122 |
[7] | 锁延锋,王少杰,秦宇,李秋香,丰大军,李京春. 工业控制系统的安全技术与应用研究综述 Summary of Security Technology and Application in Industrial Control System 计算机科学, 2018, 45(4): 25-33. https://doi.org/10.11896/j.issn.1002-137X.2018.04.004 |
[8] | 张亚丰,洪征,吴礼发,周振吉,孙贺. 基于状态的工控协议Fuzzing测试技术 Protocol State Based Fuzzing Method for Industrial Control Protocols 计算机科学, 2017, 44(5): 132-140. https://doi.org/10.11896/j.issn.1002-137X.2017.05.024 |
[9] | 程诚,周彦晖. 基于模糊测试和遗传算法的XSS漏洞挖掘 Findding XSS Vulnerabilities Based on Fuzzing Test and Genetic Algorithm 计算机科学, 2016, 43(Z6): 328-331. https://doi.org/10.11896/j.issn.1002-137X.2016.6A.078 |
[10] | 张雄,李舟军. 模糊测试技术研究综述 Survey of Fuzz Testing Technology 计算机科学, 2016, 43(5): 1-8. https://doi.org/10.11896/j.issn.1002-137X.2016.05.001 |
[11] | 张亚军,李舟军,廖湘科,蒋瑞成,李海峰. 自动化白盒模糊测试技术研究 Survey of Automated Whitebox Fuzz Testing 计算机科学, 2014, 41(2): 7-10. |
[12] | 侯莹,洪征,潘增,吴礼发. 基于模型的Fuzzing测试脚本自动化生成 Model Based Automatic Fuzzing Script Generation 计算机科学, 2013, 40(3): 206-209. |
[13] | 史飞悦,傅德胜. 缓冲区溢出漏洞挖掘分析及利用的研究 Research of Buffer Overflow Vulnerability Discovering Analysis and Exploiting 计算机科学, 2013, 40(11): 143-146. |
[14] | 陈韬,孙乐昌,潘祖烈,刘京菊. 基于文件格式的漏洞挖掘技术研究 Research on Software Vulnerability Mining Technique Based on File-format 计算机科学, 2011, 38(Z10): 78-82. |
|