| 引用本文: |
-
郝高健,李丰,霍玮,邹维.一种基于妨碍特征的模糊测试工具测评方法[J].信息安全学报,已采用 [点击复制]
- haogaojian,lifeng,huowei,zouwei.Evaluating Fuzzers Based on Fuzzing-hampering Features[J].Journal of Cyber Security,Accept [点击复制]
|
|
| 摘要: |
| 模糊测试是一种高效的软件漏洞发现技术,在学术界和工业界有着丰富的研究成果和广泛的实践应用,产生了许多模糊测试工具。它们在技术特点及性能方面存在明显差异,需要通过测试以评估其效能,从而为工具的选用及改进提供指导。现有的模糊测试工具测评方法普遍存在一些情况下测评结果无法解释的问题。本文研究发现这与模糊测试的目标程序存在的某些妨碍测评的特征有关,称为模糊测试妨碍特征(Fuzzing-hampering Feature)。并说明了现有测评方法因忽略了妨碍特征,导致结论可解释性差的问题。本文深入研究妨碍特征对模糊测试的影响关系,归纳、提炼出5种妨碍特征,提出了一种将妨碍特征作为控制变量的、细粒度对比测评方法,并运用代码合成技术构建了测试集Bench4I。经过对AFL、MOPT、TortoiseFuzz等模糊测试工具的测评,结果表明,运用该方法,可准确解释目标程序样本对被测工具功效的影响,有效提升了模糊测试工具测评的可解释性。 |
| 关键词: 模糊测试 测评 测试集 软件漏洞 |
| DOI: |
| 投稿时间:2020-09-04修订日期:2020-11-10 |
| 基金项目: |
|
| Evaluating Fuzzers Based on Fuzzing-hampering Features |
|
haogaojian, lifeng, huowei, zouwei
|
| (Institute of Information Engineering, Chinese Academy of Sciences) |
| Abstract: |
| Fuzz testing can find security critical bugs effectively. In recent years, a plenty of fuzzing related works have been pro-posed in both industry and academia and a variety of fuzz testing tools, which differ in techniques and performance, have been developed. The evaluation of fuzzers is demanded to understand these tools better. We find the evaluation results can be affected by fuzzing-hampering features contained in target programs. However, existing evaluations pay little attention on this factor, which leads to the inability to explain the reasons behind the evaluation results, causing un-clear or erroneous conclusions. In this paper, we propose a method to evaluate fuzzers based on fuzzing-hampering fea-tures. The method treats fuzzing-hampering features as one of the controlled variables, performs fine-grained compara-tive testing to find out the relationships between evaluation results and fuzzing-testing features in order to identify the reason causing the different results, making the evaluation more interpretable. To implement the idea and show its effec-tiveness, we summarized 5 fuzzing-testing features, constructed a bug benchmark named Bench4I and evaluated 6 fuzz-ers. The experiment shows that the tools’ detailed capabilities can be inferred according to the evaluation results, which makes the evaluation more interpretable. |
| Key words: Fuzz testing, evaluation, benchmark, security critical bug |
