Test data generating device and method based on binary program

Abstract

The invention relates to test data generating device and method based on a binary program. The test data generating method mainly comprises the following steps of: operating a dynamic symbol executing program for the state information of the binary program which corresponds to a guide path and initial test data; obtaining corresponding conditional jump address information according to an operating result; matching an actual operation path which corresponds to the initial test data with the guide path on the basis of the obtained conditional jump address information; and generating the test data which corresponds to the actual operation path and is matched with the guide path. The invention combines the advantages of static analysis and dynamic analysis and can enhance the availability and the accuracy of symbolic execution and the accuracy degree of the generated test data and generate the test data used for carrying out path sensitivity analysis on a key code segment, thereby effectively mitigating the problem of path explosion in the symbolic execution.

Description

technical field [0001] The present invention relates to the field of communications and computers, in particular to the field of software security analysis. Background technique [0002] At present, in the field of software security research, software security analysis is often carried out, and a major problem in the process of security analysis is to generate test data with a certain degree of coverage. Whether in academia or industry, common security analysis methods are divided into two types: dynamic analysis method and static analysis method. [0003] The method of dynamic analysis is to run the target program to be analyzed, and set different input parameters artificially, so that the target program runs in different states, so as to observe the internal situation of the program or the errors generated during the operation, so as to find security defects. The most commonly used method in dynamic analysis is FuzzTesting (fuzz testing, also known as random number black ...

AI Technical Summary

Problems solved by technology

The advantages of symbolic execution analysis technology are: the analysis is path-sensitive; because there is no approximation to the path and state, the result is accurate; it is suitable for state checking and timing checking; it is very effective for concurrent errors; Approximation may lead to inaccurate results; exhaustive search for all possible states is expensive; it is difficult to approximate path and timing attributes at the boundary, so compounding is difficult

[0006] Based on the above, there are some problems in the current mainstream static analysis technology and dynamic analysis technology: (1) dynamic test automatically generates test data, but there are many uncertain factors in the test, which has a certain degree of blindness; (2) the efficiency of static analysis Higher, the analysis is path-sensitive, but in theory there is a high rate of false negatives and false positives, it is difficult to accurately locate the vulnerability; most static analysis needs to be analyzed on the basis of obtaining the source code, and it is aimed at the symbolic execution of the binary program The technology is complex; symbolic execution can automatically generate test data for path traversal, but the execution path is not targeted, and there is a problem of path explosion. It is not realistic to automatically generate test data for complete path-sensitive analysis

Images