本文已被:浏览 5次 下载 153次
Received:May 19, 2024 Revised:June 12, 2024
Received:May 19, 2024 Revised:June 12, 2024
中文摘要: 针对现有二进制模糊测试难以深入程序内部发现漏洞这一问题, 提出一种融合硬件程序追踪、静态分析和混合执行3种技术的多角度优化方案. 首先, 利用静态分析和硬件追踪评估程序路径复杂度及执行概率; 之后, 根据路径复杂度与执行概率进行种子选择和变异能量分配; 同时, 利用混合执行辅助种子生成并记录关键字节用于针对性变异. 实验结果表明, 相比现有模糊测试方案, 该方案在多数情况下能发现更多的程序路径和crash.
Abstract:Existing methods for binary fuzzing are difficult to dive into programs to find vulnerabilities. To address this problem, this study proposes a multi-angle optimization method integrating hardware-assisted program tracing, static analysis, and concolic execution. Firstly, static analysis and hardware-assisted tracing are used to calculate program path complexity and execution probability. Then, seed selection and mutation energy allocation are performed according to the path complexity and execution probability. Meanwhile, concolic execution is leveraged to assist seed generation and record key bytes for targeted variations. Experimental results show that this method finds more program paths as well as crashes in most cases, compared to other fuzzing methods.
文章编号: 中图分类号: 文献标志码:
基金项目:国家电网有限公司科技项目(5700-202316312A-1-1-ZN)
引用文本:
王文婷,孙嘉珺,万逸峰,王文杰,田东海.基于程序分析的二进制软件模糊测试.计算机系统应用,,():1-14
WANG Wen-Ting,SUN Jia-Jun,WAN Yi-Feng,WANG Wen-Jie,TIAN Dong-Hai.Fuzzing for Binary Programs Based on Program Analysis.COMPUTER SYSTEMS APPLICATIONS,,():1-14
王文婷,孙嘉珺,万逸峰,王文杰,田东海.基于程序分析的二进制软件模糊测试.计算机系统应用,,():1-14
WANG Wen-Ting,SUN Jia-Jun,WAN Yi-Feng,WANG Wen-Jie,TIAN Dong-Hai.Fuzzing for Binary Programs Based on Program Analysis.COMPUTER SYSTEMS APPLICATIONS,,():1-14