现代电子技术
現代電子技術
현대전자기술
MODERN ELECTRONICS TECHNIQUE
2014年
19期
89-94
,共6页
张斌%李孟君%吴波%唐朝京
張斌%李孟君%吳波%唐朝京
장빈%리맹군%오파%당조경
安全漏洞%导向性模糊测试%动态污点分析%输入分域
安全漏洞%導嚮性模糊測試%動態汙點分析%輸入分域
안전루동%도향성모호측시%동태오점분석%수입분역
security vulnerability%oriented fuzzy testing%dynamic taint analysis%input field classification
传统模糊测试中,由于不同的输入可能重复测试相同的状态空间,导致其效率严重低下。提出一种基于动态污点分析与输入分域技术相结合的二进制程序导向性模糊测试技术,可以对典型安全敏感操作与一般模块函数进行导向性模糊测试,很好地解决了传统模糊测试效率低下的问题。实现了二进制导向性模糊测试的原型系统TaintedFuzz,实验证明,该系统能够对二进制程序中存在的典型安全漏洞进行高效地发掘。
傳統模糊測試中,由于不同的輸入可能重複測試相同的狀態空間,導緻其效率嚴重低下。提齣一種基于動態汙點分析與輸入分域技術相結閤的二進製程序導嚮性模糊測試技術,可以對典型安全敏感操作與一般模塊函數進行導嚮性模糊測試,很好地解決瞭傳統模糊測試效率低下的問題。實現瞭二進製導嚮性模糊測試的原型繫統TaintedFuzz,實驗證明,該繫統能夠對二進製程序中存在的典型安全漏洞進行高效地髮掘。
전통모호측시중,유우불동적수입가능중복측시상동적상태공간,도치기효솔엄중저하。제출일충기우동태오점분석여수입분역기술상결합적이진제정서도향성모호측시기술,가이대전형안전민감조작여일반모괴함수진행도향성모호측시,흔호지해결료전통모호측시효솔저하적문제。실현료이진제도향성모호측시적원형계통TaintedFuzz,실험증명,해계통능구대이진제정서중존재적전형안전루동진행고효지발굴。
Since traditional fuzzy testing may test the same state space repeatedly due to the different input,and lead to a low efficiency,a binary oriented fuzzy testing technique based on dynamic taint analysis combined with input field classification technology is presented in this paper,which can perform the oriented fuzzy testing for typical security-sensitive operation and general module function,and serve as a good solution to the problem of low efficiency of the traditional fuzzy testing. The proto-type system TaintedFuzz was also realized for binary oriented fuzzy testing. The experiment proves that the method is capable of exploring the typical security vulnerabilities in the binary program efficiently.
