| 引用本文: |
-
孙俭,邹燕燕,简鲲鹏,霍玮.针对有状态网络协议模糊测试吞吐率的实证研究[J].信息安全学报,已采用 [点击复制]
- Sun Jian,Zou Yanyan,Jian Kunpeng,Huo wei.Empirical Study on Fuzzing Throughput for Stateful Net-work Protocols[J].Journal of Cyber Security,Accept [点击复制]
|
|
| 摘要: |
| 模糊测试是一种自动且高效的软件漏洞发现技术,其中灰盒模糊测试技术当前得到更广泛的关注。随着有状态网络协议的安全性日渐重要,灰盒模糊测试已逐步应用于有状态网络协议的实现程序中。由于模糊测试的有效性由吞吐率和新增覆盖能力共同决定,但有状态网络协议灰盒模糊测试的吞吐率普遍存在不足,导致其有效性仍然受限。虽然目前学术界已关注该问题,但尚未系统分析模糊测试吞吐率受限制的原因,亦未全面评估吞吐率优化手段的有效性。本文以代表性的有状态协议实现程序作为基准测试集,选择典型的五个有状态网络协议灰盒模糊测试工具对六个吞吐率影响因素、四种吞吐率优化手段开展实证研究。实验表明:(1)用例测试阶段的时间开销是影响模糊测试吞吐率的首要因素。(2)消除用例测试阶段的冗余等待时间能够有效降低该阶段的时间开销,可显著提升吞吐率;(3)快照恢复机制虽会增加测试目标启动时间,但通过消除状态恢复阶段的测试痕迹清理等操作,仍可提升测试吞吐率。 |
| 关键词: 模糊测试 网络协议 吞吐率 实证研究 |
| DOI: |
| 投稿时间:2023-02-02修订日期:2023-03-30 |
| 基金项目: |
|
| Empirical Study on Fuzzing Throughput for Stateful Net-work Protocols |
|
Sun Jian, Zou Yanyan, Jian Kunpeng, Huo wei
|
| (Institute of Information Engineering,Chinese Academy of Sciences) |
| Abstract: |
| Fuzzing is one of the most efficient methods to automatically mine software vulnerabilities, in which greybox fuzzing has been paid more attention. As the security of stateful network protocols becomes increasingly important, greybox fuzzing has been gradually applied to the implementations of stateful network protocols. The effectiveness of fuzzing is determined by both throughput and capability of increasing new coverage. However, since the throughput is generally insufficient, the effectiveness of greybox fuzzing for stateful network protocols is still limited. Although the academic community has focused on this problem, the reasons why the throughput is limited have not been systematically ana-lyzed, and the effectiveness of throughput optimization measures has not been comprehensively evaluated. This paper uses representative implementations of stateful network protocol as the benchmark set, and selects five typical greybox fuzzers for stateful network protocols to conduct empirical study on seven influencing factors and four optimization measures of the limited throughput. The experimental results show that: (1) The time cost in the phase of case testing is the primary factor affecting the greybox fuzzing throughput for stateful network protocols. (2) Eliminating the redun-dant waiting time in the phase of case testing can effectively reduce the time cost of this phase, and significantly im-prove the greybox fuzzing throughput for stateful network protocols; (3) Although increasing the time cost of target startup, snapshots can still improve the greybox fuzzing throughput for stateful network protocols by eliminating the operation test trace cleaning in the phase of state recovery. |
| Key words: fuzz testing network protocol throughput empirical study |
