摘要: 针对高可信软件提出一种软件脆弱性自动测试方法。与传统测试方法不同,该方法对待测试程序进行预处理,使用自动机学习算法构造软件与环境交互的抽象机模型,在符号化执行迭代过程中利用抽象机模型指导符号化执行,并动态生成测试数据,同时精化交互抽象机用于后继的符号化迭代测试。解决了传统符号化执行测试技术中缺乏指引、具有较高盲目性的问题,同时也提高了符号化执行测试的效率和代码覆盖率。
[1] Godefroid P,Klarlund N.DART:Directed Automated RandomTesting [C]∥PLDI05.Chicago,Illinois,USA,June 2005:12-15 [2] King J C,Wegbreit B.Symbolic Execution and Program Testing[J].Communications of the ACM on Programming Languages,1976,19(7):385-394 [3] Sen T,Mall R.State-Model-Based Regression Test Reduction for Component-Based Software[J].ISRN Software Enginee-ring,2012(7):15-26 [4] Alsmadi I.Advanced Automated Software Testing:Frameworks for Refined Practice [M].Yarmouk University,Jordan,2012:209-224 [5] Cho C Y,Babi D,Poosankam P.MACE:Model-inference-Assisted Concolic Exploration for Protocol and Vulnerability Disco-very[C]∥Proceedings of the 20th USENIX conference on Security(SEC 11).Usenix,2011:78-90 [6] Angluin D.Learning regular sets from queries and counterexamples[J].Information and Computation,1987,75(2):87-106 [7] Shahbaz M,Groz R.Inferring Mealy machines [C]∥FM’09:Proc.of the 2nd World Congress on Formal Methods.Springer,2009:207-222 [8] Shu Guo-qiang,Lee D.Testing Security Properties of Protocol Implementations-a Machine Learning Based Approach [C]∥27th International Conference on Distributed Computing Systems(ICDCS’07).2007:34-43 [9] Zhang Da-zhi,Liu Dong-gang,Wang Wen-hua.Detecting Vul-nerabilities in C Programs Using Trace-Based Testing[C]∥Proc.40th Annual IEEE/IFIP International Conference on Dependable Systems and Networks.IEEE Publisher,2010:241-250 |
No related articles found! |
|