基于分解重构的网络软件测试数据生成方法

计算机科学 ›› 2013, Vol. 40 ›› Issue (10): 108-113.

基于分解重构的网络软件测试数据生成方法

李程,魏强,彭建山,王清贤

国家数字交换系统工程研究中心郑州450002;国家数字交换系统工程研究中心郑州450002;国家数字交换系统工程研究中心郑州450002;国家数字交换系统工程研究中心郑州450002

出版日期:2018-11-16 发布日期:2018-11-16
基金资助:
本文受国家高技术研究发展计划(863计划)项目(2012AA012902)资助

Network Software Test Data Generation Based on Decomposition and Reconstruction

LI Cheng,WEI Qiang,PENG Jian-shan and WANG Qing-xian

Online:2018-11-16 Published:2018-11-16

摘要/Abstract

摘要： 协议测试能够有效检测网络应用软件的缺陷,但是在面对加密和验证机制时,现有方法难以有效构造测试数据。为此,提出一种基于“分解-重构”的网络软件测试数据生成方法,即使用检查点以及解密内存定位技术,结合加密和验证机制的组合情况,分解出测试端未经编码的有效测试数据；借助基于副本消除的内存回溯算法,在通信另一端定位编码前非副本内存,重构编码后测试数据包。实例分析和对比测试表明,该方法能够有效生成测试用例。

关键词: fuzzing技术,污点分析,加密机制,验证机制,符号执行

Abstract: Protocol fuzz testing can effectively detect vulnerabilities in network software,whereas when facing encryption and checksum mechanisms,existing approaches are hard to generate valid test data．A test case generation method based on “decomposition and reconstruction” was proposed．By means of detection technology on check point and decrypted memory,the valid decoded test data was decomposed at test side．A memory-backtracking algorithm was also proposed,which detects the memory none of the duplication of other memories at the other side,based on which the encoded test packet is reconstructed．Case study and comparison test demonstrate that the method can effectively generate test cases.

Key words: Fuzz testing,Taint analysis,Encryption mechanism,Authentication mechanism,Symbolic execution

李程,魏强,彭建山,王清贤. 基于分解重构的网络软件测试数据生成方法[J]. 计算机科学, 2013, 40(10): 108-113. https://doi.org/

LI Cheng,WEI Qiang,PENG Jian-shan and WANG Qing-xian. Network Software Test Data Generation Based on Decomposition and Reconstruction[J]. Computer Science, 2013, 40(10): 108-113. https://doi.org/

参考文献

[1] ProxyFuzz [EB/OL]．http://www.darknet.org.uk/2007/06/proxyfuzz-mitm-network-fuzzer-in-python/
[2] SPIKE Proxy[EB/OL]．http://www.immunitysec.com/resou-rcesfreesoftware
[3] 李伟明,张爱芳,刘建.网络协议的自动化模糊测试漏洞挖掘方法[J].计算机学报,2010,34(2):242-255
[4] Milani C P,Gilbert W,Christopher K,et al．Prospex:protocol specification extraction[C]∥Proc．of the 30th IEEE Symposium on Security and Privacy．Oakland,California,USA,2009:110-125
[5] Tsankov P,Dashti M T,Basin D．SECFUZZ:Fuzz-testing securi-ty protocols[C]∥Proc．of the 7th International Workshop on Automation of Software Test(AST)．Zurich,Switzerland,2012
[6] Caballero J,Johnson N,McCamant S,et al．Binary code extraction and interface identification for security applications[C]∥Proc of the 16th ACM Conference on Computer and Communications Security(CCS)．Chicago,USA,2009
[7] Wang T,Wei T, Zou W．TaintScope:a checksum-aware directed fuzzing tool for automatic software vulnerability detection[C]∥Proc．of the 31st IEEE Symposium on Security & Privacy(S&P)．Oakland,California,USA,2010
[8] Godefroid P,Levin M Y,Molnar D．Automated whitebox fuzz testing[C]∥Proc．of the 16th Network and Distributed System Security(NDSS)．California,USA,2008
[9] 过辰楷,姬秀娟,许静.基于分支混淆算法的符号执行技术[J].计算机科学,2012,39(9):115-119
[10] Cui Bao-jiang,Ji Yu-peng,Wang Jian-xin．An instruction-levelsymbolic checksum system for windows x86program[J]．Chinese Journal of Electronics,2012,21(1):23-26
[11] Caballero J,Poosankam P,McCamant S．Input generation via decomposition and re-stitching:finding bugs in malware[C]∥Proc．of the 18th ACM Conference on Comput Communications Security(CCS)．Chicago,USA,2010
[12] Ganesh V,Leek T,Rinard M．Taint-based directed whiteboxfuzzing[C]∥Proc．of the 31st International Conference on Software Engineering．Vancouver,Canada,2009
[13] Kang M G,McCaman S,Poosankam P,et al.DTA++ dynamic taint analysis with targeted control-flow propagation[C]∥Proc of the 18th Annual Network and Distributed System Security Symposium(NDSS)．San Diego,California,USA,2011
[14] Felix G,Carsten W,Thorsten H．Automatic identification ofcryptographic primitives in binary programs[C]∥Symposium on 14thRecent Advances in Intrusion Detection(RAID)．Menlo Park,California,2011
[15] Brumley D,Jager I,Avgerinos T,et al．BAP:The CMU binary analysis platform[C]∥ Proc．of the 23rd Conference on Computer Aided Verification(CAV)．Snowbird,UT,2011
[16] Ganish V,Dill D．STP:A decision procedure for bit-vectors and arrays[C]∥Proc．of the 19th International Conference on computer Aided Verification．Berlin,Germany,2007
[17] In Memory Fuzzing [EB/OL]．https://www.corelan.be/in-dex.php/2010/10/20/in-memory-fuzzing/
[18] PIN-A Dynamic Binary Instrumentation Tool [CP/OL]．ht-tp://www.pintool.org

Metrics

Viewed

Full text

Abstract

Cited

Shared

Discussed