Method for realizing fuzzing of software on the basis of state protocol

A technology for protocol implementation and fuzz testing, which is applied in software testing/debugging, instrumentation, electrical digital data processing, etc., can solve the problems of insufficient state protocol support, low test coverage, poor test efficiency, etc., and achieve the goal of improving test coverage Effect

Inactive Publication Date: 2011-06-08
NAT UNIV OF DEFENSE TECH
View PDF3 Cites 45 Cited by
  • Summary
  • Abstract
  • Description
  • Claims
  • Application Information

AI Technical Summary

Problems solved by technology

[0011] However, current fuzzers do not support stateful protocols far enough
State protocols often include handshake, authentication and other processes. If the generation of test cases does not consider state transitions, but adopts the traditional random mutation generation method, the

Method used

the structure of the environmentally friendly knitted fabric provided by the present invention; figure 2 Flow chart of the yarn wrapping machine for environmentally friendly knitted fabrics and storage devices; image 3 Is the parameter map of the yarn covering machine
View more

Image

Smart Image Click on the blue labels to locate them in the text.
Viewing Examples
Smart Image
  • Method for realizing fuzzing of software on the basis of state protocol
  • Method for realizing fuzzing of software on the basis of state protocol
  • Method for realizing fuzzing of software on the basis of state protocol

Examples

Experimental program
Comparison scheme
Effect test

Embodiment Construction

[0038] The specific implementation manner of the present invention will be described in more detail below in conjunction with the accompanying drawings.

[0039] Step 1), capture the target state protocol to realize the normal interaction flow of the software.

[0040] The status protocol includes network protocols such as FTP and SIP. This embodiment takes the fuzzy test of the FTP server as an example to illustrate the method of the present invention.

[0041] 1.1) Install the normal functional environment of the target program. Enable the FTP server and FTP client to communicate normally, and ensure the normal use of FTP functions such as login, view, download, and upload;

[0042] 1.2) Turn on the network sniffing and packet capture tools, and prepare to capture the normal communication traffic of the target program. Currently commonly used packet capture tools include Wireshark, Tcpdump, etc. These tools can accurately capture network packets of specified interfaces and...

the structure of the environmentally friendly knitted fabric provided by the present invention; figure 2 Flow chart of the yarn wrapping machine for environmentally friendly knitted fabrics and storage devices; image 3 Is the parameter map of the yarn covering machine
Login to view more

PUM

No PUM Login to view more

Abstract

The invention discloses a method for realizing fuzzing of software on the basis of a state protocol. The method comprises the following steps of: 1) acquiring a target state protocol to realize the normal interactive traffic of the software; 2) identifying and extracting a protocol interactive message and a message exchange process from the traffic to finally generate a protocol script file with a certain format; 3) traversing a target program protocol state machine to generate a normal test case ready for mutation; and 4) mutating the normal test case into an abnormal test case, and executing the fuzzing. The method can significantly improve the test coverage rate of the software on the basis of the state protocol by identifying the message and the interactive process of target program normal communication, establishing a state protocol state machine script, and traversing the protocol state machine to generate the test case.

Description

technical field [0001] The invention aims at the safety test and loophole mining of large-scale software, especially the safety test of state protocol implementation software, and can be applied to the safety test of protocol implementation software with high reliability and safety requirements. Background technique [0002] With the in-depth development and wide application of information technology, computer software has penetrated into every corner of people's lives. Software systems have an increasing impact on people's lives and production, and social development and stability are increasingly dependent on various The efficiency, security and stability of the software system. However, while these software systems provide the world with efficient and convenient electronic services and the exchange of massive information and data, the hidden software vulnerabilities are like time bombs, threatening the global economy and society at all times. order and stability. At pre...

Claims

the structure of the environmentally friendly knitted fabric provided by the present invention; figure 2 Flow chart of the yarn wrapping machine for environmentally friendly knitted fabrics and storage devices; image 3 Is the parameter map of the yarn covering machine
Login to view more

Application Information

Patent Timeline
no application Login to view more
IPC IPC(8): G06F11/36G06F21/00
Inventor 张博锋赖志权吴逸伦乔林波王勇军解培岱李美剑
Owner NAT UNIV OF DEFENSE TECH
Who we serve
  • R&D Engineer
  • R&D Manager
  • IP Professional
Why Eureka
  • Industry Leading Data Capabilities
  • Powerful AI technology
  • Patent DNA Extraction
Social media
Try Eureka
PatSnap group products

Browse by: Latest US Patents, China's latest patents, Technical Efficacy Thesaurus, Application Domain, Technology Topic.

© 2024 PatSnap. All rights reserved.Legal|Privacy policy|Modern Slavery Act Transparency Statement|Sitemap