摘要
传统反馈式模糊测试方法在产生测试用例时,需要对原始输入数据的所有字节进行变异,产生了大量无效测试用例,针对这一缺点提出一种改进方法,首先利用动态污点分析,根据程序数据流信息建立输入数据和程序变量的字节映射关系,根据污点传播路径将字节聚合为字段,按照字段是否影响分支判断条件和危险操作参数,将字段分类为代码覆盖率相关、危险操作相关和无害数据3类.然后对代码覆盖率相关字段进行基因编码,并执行遗传算法的选择变异过程,对危险操作相关字段执行边界值赋值,产生新的测试用例.通过实验证明,该方法相较于传统反馈式模糊测试方法,通过较少的输入数据更多地发现代码路径和触发程序异常.
The traditional feedback fuzz testing method needs to mutate all the bytes of the original input data when generating test cases,and generates a large number of invalid test cases.This paper proposes an improved method for this shortcoming.Firstly,using the dynamic taint analysis technology to construct the mapping relationship between the input data and the program variable according to the program data flow information.The bytes of the input data are aggregated into fields based on taint diffuse path and fields are classified into three classes:code coverage related,dangerous operation related and harmless fields,depending on whether influence branch judgment condition or dangerous operation parameter.Then,encode code coverage related fields into gene and execute choose and mutate process of genetic algorithm,and then assign boundary values to dangerous operation related fields to generate a new test case.The experiment proves that the proposed method has improvement in new path discovery and triggering program crash compared with the traditional feedback fuzzy test method.
作者
唐枭
Tang Xiao(School of Computer Science,Sichuan University,Chengdu 610065)
出处
《信息安全研究》
2019年第2期145-151,共7页
Journal of Information Security Research
关键词
漏洞挖掘
动态污点分析
字段分类
模糊测试
遗传算法
vulnerability discovery
dynamic taint analysis
field classification
fuzz testing
genetic algorithm
