| 引用本文: |
-
宗珮媛,梁瑞刚,张志宇,刘菁华,彭昱.轻量级定向模糊测试技术研究[J].信息安全学报,已采用 [点击复制]
- ZONG Peiyuan,LIANG Ruigang,Zhang Zhiyu,Liu Jinghua,PENG Yu.Research on Lightweight Directed Fuzzing[J].Journal of Cyber Security,Accept [点击复制]
|
|
| 摘要: |
| 模糊测试技术在软件漏洞挖掘领域中扮演着非常重要的角色,凭借其高自动化、易扩展、低成本等优势,一直以来都是软件安全提供支撑与保障的主流安全性测试技术。然而,随着系统与软件的日益复杂化,大量的版本迭代对漏洞挖掘的效率提出了新的需求与挑战,需要更高效的技术对新增代码可能引入的潜在漏洞进行定向化测试。针对该问题,本文分析了当前主流模糊测试技术的效率瓶颈,研究了在版本迭代场景下的定向模糊测试效率提升方式,提出了一种在程序版本迭代中迁移种子的轻量级定向模糊测试方法。该方法通过优化插桩机制、设计种子迁移方法、构建轻量级引导机制等优化模糊测试过程,在历史模糊测试过程记录和迭代有效的测试输入与程序分支之间的对应关系,积累并利用这些关系来指导该程序后续版本的模糊测试过程,实现在低时间成本的基础上有效提升大规模版本迭代过程中的模糊测试的定向覆盖率,增强对目标程序相邻版本之间进行测试的定向引导效果。本文进一步实现了一个轻量级定向模糊测试框架LFuzz,选择AFL为基准模糊测试工具,使用4款开源软件进行了实验验证,在模糊测试的定向覆盖率上平均取得了22.39%的提升,将触发目标代码的任意边的平均用时缩短了36.15%,从而验证了本文方法的有效性和可行性。 |
| 关键词: 定向模糊测试 漏洞挖掘 种子迁移 覆盖率 |
| DOI: |
| 投稿时间:2023-01-09修订日期:2023-03-06 |
| 基金项目: |
|
| Research on Lightweight Directed Fuzzing |
|
ZONG Peiyuan, LIANG Ruigang, Zhang Zhiyu, Liu Jinghua, PENG Yu
|
| (Institute of Information Engineering,Chinese Academy of Sciences) |
| Abstract: |
| Fuzzy testing technology plays a vital role in the field of software vulnerability mining. With its advantages of high auto-mation, easy scalability, and low cost, it has been the mainstream security testing technology to support and guarantee software security. However, with the increasing complexity of systems and software, a large number of version iterations have raised new demands and challenges on the efficiency of vulnerability mining, requiring more efficient techniques for targeted testing of potential vulnerabilities that may be introduced by new code. To address this problem, this paper analyzes the efficiency bottlenecks of current mainstream fuzzy testing techniques, investigates how to improve the efficien-cy of targeted fuzzy testing in version iteration scenarios, and proposes a lightweight targeted fuzzy testing method for migrating seeds in program version iterations. Our approach optimizes the fuzzy testing process by optimizing the staking mechanism, designing the seed migration method, and building a lightweight guidance mechanism, records and iterates the correspondence between valid test inputs and program branches in the historical fuzzy testing process, accumulates and uses these relationships to guide the fuzzy testing process of subsequent versions of this program, and realizes the effective improvement of the large-scale version iteration process based on low time cost The paper further implements a lightweight fuzzy testing system to improve the coverage rate of fuzzy testing during large-scale version iterations and enhance the effect of directional guidance for testing between adjacent versions of the target program. We further implement a lightweight directed fuzzy testing framework LFuzz, select AFL as the benchmark fuzzy testing tool, and conduct experimental validation using four open-source software, which achieves an average improvement of 22.39% in fuzzy testing coverage and reduces the average time spent on directed triggering of any target edge by 36.15%, thus verifying the effectiveness and feasibility of our approach. |
| Key words: directed fuzzing vulnerability discovery seed transfer coverage |
