摘要: 软件中的安全漏洞可能导致非常严重的后果,因此漏洞挖掘已成为网络与信息安全领域的重大课题和研究热点。目前常用的漏洞挖掘技术包括静态分析、动态分析、二进制比对、模糊测试等。随着软件的规模和复杂度不断增大,模糊测试具有其它漏洞挖掘技术无法比拟的优势。首先介绍和分析了各种漏洞挖掘技术的优点和缺点;然后分别详细描述了模糊测试的研究进展、模糊测试的过程、测试用例的生成技术;最后介绍了模糊测试在各个领域的应用,并对其发展方向进行了展望。
[1] CNCERT.2013 China Internet Network Security Report [M].Beijing:Post & Telecom Press,2013(in Chinese) 国家计算机应急技术处理协调中心.2013年中国互联网网络安全报告[M].北京:人民邮电出版社,2013 [2] Mei Hong,Wang Qian-xiang,Zhang Lu,et al.Analysis of the progress of software technology[J].Chinese Journal of Computers,2009,32(9):1697-1710(in Chinese) 梅宏,王千祥,张路,等.软件分析技术进展[J].计算机学报,2009,32(9):1697-1710 [3] ITS4[EB/OL].http://seclab.cs.ucdavis.edu/projects/testing/tools/its4.html [4] FLAWFINDER[EB/OL].http://www.dwheeler.com/flawfinder [5] IDA PRO[EB/OL].https://www.hex-rays.com/index.shtml [6] Zhao Xiao-dong.Research and implementation of based malware analysis tool[D].Nanjing:Nanjing University,2012(in Chinese) 赵晓东.基于虚拟化的恶意软件分析工具的研究与实现[D].南京:南京大学,2012 [7] Vouk M A.Software reliability engineering∥A Tutorial Pre-sented at the Annual Reliability and Maintainability Symposium.2000.http://renoir.csc.ncsu.edu/Faculty/Vouk/vouk_se.html [8] OllyDbg[EB/CP].http://www.ollydbg.de [9] WinDbg[EB/CP].Whttp://www.windbg.org [10] SoftICE[EB/OL].http://en.wikipedia.org/wiki/SoftICE [11] Miller B P,Koski D,Lee C,et al.Fuzz Revisited:A Reexamination of the Reliability of UNIX Utilities and Services[R].Wisconsin:Computer Sciences Department,University of Wisconsin,1995 [12] Miller B P,et al.An empirical study of the reliability of UNIX utilities[J].Communications of the ACM,1990,33:32-44 [13] Cohen M B,Snyder J,Rothermel G.Testing across configurations:implications for combinatorial testing[J].ACM SIGSOFT Software Engineering Notes,2006,1(6):1-9 [14] Shu G, Lee D.Testing security properties of protocol implementations-a machine learning based approach[C]∥27th International Conference on Distributed Computing Systems (ICDCS’07).IEEE,2007:25 [15] Aitel D.The advantages of block-based protocol analysis of security testing[R].New York:Immunity Inc,February 2002 [16] SPIKE[EB/OL].http://www.immunitysec.com/resources-free-software.shtml [17] Peach[EB/OL].http://peachfuzz.sourceforge.ne [18] FillFuzz[EB/OL].http://labs.idefense.com/software/fuzzing.php [19] COMRaider[EB/OL].http://labs.idefense.com/software/fuz-zing.php#more_comraider [20] AxMan[EB/OL].http://metasploit.com/users/hdm/tools/axman [21] Demott J.The evolving art of fuzzing[S].Defcon,2006 [22] DeMott J,et al.Revolutionizing the Field of Grey-box AttackSurface Testing with Evolutionary Fuzzing[S].BlackHat and Defcon,2007 [23] Godefroid P,et al.Grammar-based whitebox fuzzing[C]∥2008 ACM SIGPLAN Conference on Programming Language Design and Implementation 2008(PLDI’08).Tucson,AZ,United states,2008:206-215 [24] Godefroid P,et al.Automated Whitebox fuzzing[C]∥Proc Network Distributed Security Symposium(NDSS).San Diego,California,2008 [25] Ganesh V,et al.Taint-based directed whitebox fuzzing[C]∥Proc 2009 31st International Conference on Software Enginee-ring(ICSE 2009).Vancouver,BC,Canada,2009:474-484 [26] Wang T L.Research on key technologies of vulnerability exploiting for binary programs[M].Beijing:Peking University,2011(in Chinese) 王铁磊.面向二进制程序的漏洞挖掘关键技术研究[M].北京:北京大学,2011 [27] Wang T,et al.TaintScope:A checksum-aware directed fuzzing tool for automatic softwarevulnerability detection [C]∥Proc 31st IEEE Symposium on Security and Privacy,SP 2010.Berkeley/Oakland,CA,United states,2010:497-512 [28] Zhang Shu-qin.Research on Fuzz testing technology based ongenetic algorithm[D].Wuhan:Huazhong University of Science and Technology,2011(in Chinese) 章淑琴.基于遗传算法的模糊测试技术研究[D].武汉:华中科技大学,2011 [29] Du Xiao-jun,Lin Bo-gang,Lin Zhi-yuan,et al.Research of Multi population genetic algorithm in fuzz testing [J].Journal of Shandong University(Science Edition),2013(7):79-84(in Chinese) 杜晓军,林柏钢,林志远,等.安全软件模糊测试中多种群遗传算法的研究[J].山东大学学报(理学版),2013(7):79-84 [30] SecurityFocus[EB/OL].http://www.securityfocus.com/ [31] Secunia [EB/OL].http://secunia.com/ [32] CNVD[EB/OL].http://www.cnvd.org.cn/ [33] Jalbert N,Sen K.A trace simplification technique for effective debugging of concurrent programs[C]∥ Proceedings of the eighteenth ACM SIGSOFT International Symposium on Foundations of Software Engineering.ACM,2010:57-66 [34] Luk C,Cohn R,Muth R,et al.Pin:Building customized program analysis tools with dynamic instrumentation[J].Programming Language Design & Implementation,2005,40(6):190-200 [35] Kojarski S,Lorenz D H.Pluggable AOP:designing aspect mechanisms for third-party composition[J].Oopsla’05 Proceedings of Annual Acm Sigplan Conference on Object Oriented Programming Systems Languages & Applications,2005,40(10):247-263 [36] BCEL[EB/OL].http://commons.apache.org/proper/commons- [37] Javassit[EB/OL].http://www.csg.ci.i.u-tokyo.ac.jp/~chiba/javassist/html/javassist/CtClass.html [38] ASM[EB/CP].http://asm.ow2.org/ [39] DynamoRIO[EB/OL].http://www.dynamorio.org/ [40] DynInst[EB/OL].http://www.dyninst.org/ [41] Pin[EB/OL].https://software.intel.com/sites/landingpage/pintool/docs/71313/Pin/html/ [42] Wang T,Wei T,Zou W.Checksum-Aware Fuzzing Combinedwith Dynamic Taint Analysis and Symbolic Execution[J].Acm Transactions on Information & System Security,2011,14(2):613-613 [43] Atwood J W,et al.A new fuzzing technique for software vulnerability mining[D].Concordia University,2009 [44] MSDN[EB/OL].https://msdn.microsoft.com/zh-cn/default.aspx [45] Sulley[EB/OL].http://resources.infosecinstitute.com/sulley-fuzzing/ [46] Miller C,Peterson Z N J.Analysis of Mutation and Generation-Based Fuzzing[R/OL].http://securityevaluators.com/files/papers/analysisfuzzing.pdf [47] Ganesh V,Leek T,Rinard M.Taint-based Directed WhiteboxFuzzing[C]∥Proceeding International Conference on Software Engineering.2009:474-484 [48] Lanzi A,Martignoni L,Monga M,et al.A Smart Fuzzer for x86 Executables[C]∥ICSE Workshops 2007,Third International Workshop on Software Engineering for Secure Systems,2007(SESS’07).IEEE,2007:7-7 [49] Liu G H,Wu G,Tao Z,et al.Vulnerability Analysis for X86 Executables Using Genetic Algorithm and Fuzzing[C]∥International Conference on Convergence & Hybrid Information Technology.IEEE,2008:491-497 [50] PaiMei[CP/OL].http://www.openrce.org/downloads/details/208/PaiMei [51] Liu W.Research on DoS Attack and Detection Programming[C]∥Workshop on Intelligent Information Technology Applications IEEE.2009:207-210 [52] Hydara I,Sultan A B M,Zulzalil H,et al.Current state of research on cross-site scripting(XSS)-A systematic literature review[J].Information & Software Technology,2015:170-186 [53] Dukes L,Yuan X,Akowuah F.A case study on web application security testing with tools and manual testing[C]∥Southeastcon,IEEE.IEEE,2013:1-6 [54] WebScara[EB/OL].https://www.owasp.org/index.php/Ca-tegory:OWASP_WebScarab_Project [55] ShareFuzz[CP/OL].http://www.immunitysec.com/resources |
No related articles found! |
|