期刊文献+
任意字段
题名或关键词
题名
关键词
文摘
作者
第一作者
机构
刊名
分类号
参考文献
作者简介
基金资助
栏目信息

一种fuzzing策略评价方法 被引量:1

Evaluation method for fuzzing strategy
在线阅读 下载PDF
导出
摘要 鉴于当前fuzzing技术发展中出现的各种策略的性能无法形式化衡量的问题,设计一种评价框架,通过基于跟踪器生成的污点数据图与解析器生成的语义树之间的映射关系,计算某种策略的效能值与熵值来对此策略性能进行量化,根据评价结果从策略集中筛选出较优策略。通过实例的测试,证明了方法的可行性。对测试目标实施最优策略将能提高对测试目标的代码覆盖率与漏洞检测能力。 Considering the lack of evaluation methods aiming to evaluate the performance of many kinds of fuzzing strategies in the developing of fuzzing techniques at present, this paper proposed an evaluation framework, which showed the mapping between tainted data graph and syntax tree based tracer developed. According to the relation of mappings, it proposed an evaluation method to calculate the power and entropy values of a strategy and the optimal one would be chosen from strategy sets. Compared with the results on the current fuzzing platform, it proves the validity and effectiveness of method. The application of optimal strategy on the SUT will improve the capability of code coverage and vulnerability detection.
作者 张海涛 陈光宣 王斌君
机构地区 中国人民公安大学
出处 《计算机应用研究》 CSCD 北大核心 2013年第12期3804-3806,共3页 Application Research of Computers
基金 中国人民公安大学博士生创新基金资助项目
关键词 FUZZING 污点数据图 映射 语义树 回溯 策略评价 fuzzing tainted data graph mapping syntax tree backtrace strategy evaluation
分类号 TP311 [自动化与计算机技术—计算机软件与理论]
  • 相关文献

参考文献16

  • 1MILLER C,PETEFtSONZN J.Analysis of mutation and generation-based fuzzing[EB/OL].2007-03-01(2009-07).http://securityeval-uators.com/files/papers/analysis fuzzing,pdf.
  • 2Peach[EB/OL].(2009-06).http://www.peachFuzzer.com.
  • 3邵林,张小松,苏恩标.一种基于fuzzing技术的漏洞发掘新思路[J].计算机应用研究,2009,26(3):1086-1088. 被引量:17
  • 4吴志勇,王红川,孙乐昌,潘祖烈,刘京菊.Fuzzing技术综述[J].计算机应用研究,2010,27(3):829-832. 被引量:30
  • 5VUAGNOUX M.Autodafe:an act of software torture[EB/OL].2006-08-05(2009-06).http://autodafe.sourceforge.net/docs/autodafe.pdf.
  • 6SPIKE proxy[EB/OL].(2009-06).http://www.immunitysec.com/resources-freesoftware.shtml.
  • 7吴志勇,夏建军,孙乐昌,张旻.多维Fuzzing技术综述[J].计算机应用研究,2010,27(8):2810-2813. 被引量:12
  • 8LANZI A,MARTIGNONI L5MONGA M,et al.A smart fuzzer for x86executables[C]//Proc of the 3rd International Workshop on SoftwareEngineering for Secure Systems.Washington DC:IEEE Computer So-ciety,2007:7.
  • 9XU Hai-zhi,CHAPIN S J.Address-space layout randomization usingcode islands[J].Journal of Computer Security,2009,17(3):331-362.
  • 10HO A,FETTERMAN M,CLARK C,et al.Practical taint-based protec-tion using demand emulation[C]//Proc of the 1st ACM SIGOPS/Eu-roSys European Conference on Computer Systems.New York:ACMPress,2006:29-41.

二级参考文献89

  • 1邵林,张小松,苏恩标.一种基于fuzzing技术的漏洞发掘新思路[J].计算机应用研究,2009,26(3):1086-1088. 被引量:17
  • 2MILLER B P, FREDRIKSON L, SO B. An empirical study of the reliablity of UNIX utilities[ J]. Communications of the ACM, 1990, 33(2) :32.
  • 3AITEL D. The advantages of block-based protocol analysis for security testing[ R]. New York: Immunity Inc, 2002.
  • 4SPIKE [ EB/OL ]. ( 2009- 06 ). http ://www. immunitysec, com/resources-freesoftware, shtml.
  • 5GODEFROID P, LEVIN M, MOLNAR D. Active property checking [ C]//Proc of the 8th ACM International Conference on Embedeling Software. 2008 : 19-24.
  • 6GODEFROID P, LEVIN M, MOLNAR D. Automated whitebox fuzz testing[ C ]//Proc of Network Distributed Security Symposium. 2005.
  • 7MILLER B P, KOSKI D, LEE C P,et al. Fuzzing revisted: a reexamination of the reliability of UNIX utilities and services [ R]. Madison: University of Wisconsin Madison, 1995.
  • 8SUTTON M, GREENE A, AMINI P. Fuzzing: brute vulnerability discovery[ M]. [ S. l. ] : Pearson Education Inc, 2007 : 16.
  • 9ANDREA L, LORENZO M, MATTIA M,et al. A smart fuzzer for x86 executables[ C ]//Proc of the 3rd International Workshop on Software Engineering for Secure Systems. [ S. l. ] : IEEE Computer Society, 2007:7.
  • 10OEHLERT P. Violating assumption with fuzzing[ J]. IEEE Security and Privacy,2005,3(2) :58-62.

共引文献51

同被引文献8

引证文献1

二级引证文献3

计算机应用研究
2013年 第12期

相关作者

内容加载中请稍等...

相关机构

内容加载中请稍等...

相关主题

内容加载中请稍等...

浏览历史

内容加载中请稍等...
;
使用帮助 返回顶部