基于控制流分析的导向性灰盒模糊测试方法
DOI:
CSTR:
作者:
作者单位:

西南石油大学 计算机科学学院 成都 610500

作者简介:

通讯作者:

中图分类号:

TP311

基金项目:

国家自然科学基金(61902328)项目资助


Grey box test case generation method based on control flow analysis
Author:
Affiliation:

School of Computer Science, Southwest Petroleum University, Chengdu 610500, China

Fund Project:

  • 摘要
  • |
  • 图/表
  • |
  • 访问统计
  • |
  • 参考文献
  • |
  • 相似文献
  • |
  • 引证文献
  • |
  • 资源附件
  • |
  • 文章评论
    摘要:

    模糊测试(Fuzzing)是软件漏洞挖掘的主要技术,它能随机生成测试用例并动态执行程序,可以覆盖较深的分支。但模糊测试技术中变异存在一定的盲目性,并且随机变异样本执行相同路径的频率很高,导致变异样本冗余,从而降低测试效率。本文提出并实现了一种基于控制流分析的导向性灰盒模糊测试方法CTM (Control Flow Test Case Generate And Mutation)。CTM首先对目标二进制程序进行静态分析获取程序控制流图,再根据程序控制流分析程序路径执行稀有度,接着识别执行路径上敏感函数来计算程序执行路径比重,并且求解生成测试用例;其次在模糊测试过程中,对非格式关键信息位置进行变异;最后根据支路覆盖反馈信息,利用启发式规则对执行路径约束信息进行求解,来生成新测试用例样本。CTM 通过引导性的测试用例和定位变异方法,提高模糊测试生成满足复杂分支条件测试用例的概率,从而提高代码覆盖率和减少变异样本冗余。为了验证本方法有效性,本文选择readelf、gif2png等真实应用程序进行测试,并与业界主流Fuzzing软件Driller和AFL进行对比测试,测试结果表明,CTM发现crash和探索新路径的能力都有所提高。

    Abstract:

    Fuzzing is the main technology of software vulnerability mining. It can randomly generate test cases and dynamically execute programs that can cover deeper branches. However, there is a certain blindness in mutation in fuzzing technology, and the frequency of random mutation samples executing the same path is very high, resulting in redundancy of mutation samples, thus reducing the test efficiency. This paper proposes and implements a guided grey-box fuzzing method CTM (Control Flow Test Case Generate And Mutation) based on control flow analysis. CTM first statically analyzes the target binary program to obtain the program control flow graph, then analyzes the execution rarity of the program path according to the program control flow, then identifies the sensitive functions on the execution path to calculate the program execution path proportion, and solves and generates test cases; The position of non-format key information is mutated in the testing process; Finally, according to the feedback information of branch coverage, the execution path constraint information is solved by heuristic rules to generate new test case samples. CTM improves the probability of fuzzing to generate test cases that satisfy complex branch conditions through guided test cases and locating mutation methods, thereby improving code coverage and reducing mutation sample redundancy. In order to verify the effectiveness of this method, this paper selects real applications such as readelf and gif2png for testing, and compares it with the mainstream Fuzzing software Driller and AFL in the industry. The test results show that CTM's ability to detect crashes and explore new paths has been improved.

    参考文献
    相似文献
    引证文献
引用本文

黎君玉,罗 琴,刘 智.基于控制流分析的导向性灰盒模糊测试方法[J].电子测量技术,2022,45(15):21-27

复制
分享
文章指标
  • 点击次数:
  • 下载次数:
  • HTML阅读次数:
  • 引用次数:
历史
  • 收稿日期:
  • 最后修改日期:
  • 录用日期:
  • 在线发布日期: 2024-04-08
  • 出版日期:
文章二维码