Binary oriented hybrid fuzzing method

A fuzzing and binary technology, applied in the computer field, can solve problems such as inability to analyze binary programs, achieve high test coverage, enhance usability, and eliminate blindness.

Active Publication Date: 2015-02-25
JIANGNAN INST OF COMPUTING TECH
View PDF9 Cites 25 Cited by
  • Summary
  • Abstract
  • Description
  • Claims
  • Application Information

AI Technical Summary

Problems solved by technology

[0014] However, the method proposed in Non-Patent Document 1 is only appl

Method used

the structure of the environmentally friendly knitted fabric provided by the present invention; figure 2 Flow chart of the yarn wrapping machine for environmentally friendly knitted fabrics and storage devices; image 3 Is the parameter map of the yarn covering machine
View more

Image

Smart Image Click on the blue labels to locate them in the text.
Viewing Examples
Smart Image
  • Binary oriented hybrid fuzzing method
  • Binary oriented hybrid fuzzing method
  • Binary oriented hybrid fuzzing method

Examples

Experimental program
Comparison scheme
Effect test

test Embodiment 400

[0033] Adopt fuzz test 100 as front-end processing, wherein utilize test case to drive the execution of the program under test (fuzz test 100 can utilize the test case that the policy generation based on mutation initially drives the execution of the program under test, namely, fuzz test 100 is received Before the new test case 400 fed back from the symbolic execution process 300, use the test case generated based on the mutation strategy to drive the execution of the program under test);

[0034] Using the binary code coverage monitoring process 200 as the middle layer processing, wherein during the execution of the tested program, recording the basic blocks covered by the tested program, thereby calculating the coverage rate of the fuzz test 100;

[0035] When the coverage rate of the calculated fuzz test 100 no longer improves, execute the symbolic execution process 300 as the backend process, wherein the symbolic execution process 300 generates a new test case 400 covering ...

specific example

[0045] Perform security analysis on the commonly used binary program ls (display directory content in list form) under Linux system. The external input of the target program ls is composed of a series of option parameters and the target path, and the test cases are randomly generated by the mutation-based test case generation strategy. Use the generated test cases to drive the target program ls to run.

[0046] The ls program starts to run, and at the same time starts the binary code coverage monitoring module. After each test case is executed, analyze the basic blocks covered by the use case, add the test case to all previously executed test cases to form a new test case set, and then calculate the code coverage of the entire test case set ( It is also possible to count the number of distinct basic blocks covered by the set of use cases).

[0047] When the binary code coverage monitoring module detects that the newly executed test cases cannot improve the coverage of the en...

the structure of the environmentally friendly knitted fabric provided by the present invention; figure 2 Flow chart of the yarn wrapping machine for environmentally friendly knitted fabrics and storage devices; image 3 Is the parameter map of the yarn covering machine
Login to view more

PUM

No PUM Login to view more

Abstract

The invention provides a binary oriented hybrid fuzzing method. The method includes: adopting fuzzing as front-end processing, and utilizing test cases to drive a tested program to be executed; adopting binary code coverage rate monitoring processing as intermediate layer processing, recording basic blocks covered by the tested program in the execution process of the tested program, and calculating coverage rate of fuzzing; when the calculated fuzzing coverage rate is no longer increased, executing symbolic execution processing serving as back-end processing, generating new test cases covering other paths different from the path of the current test case during symbolic execution processing, and then feeding back the new test cases to fuzzing to enable the new test cases to be used for driving the tested program to be executed by the fuzzing.

Description

technical field [0001] The invention relates to the field of computer technology, and more specifically, the invention relates to a binary-oriented hybrid fuzz testing method. Background technique [0002] With the rapid development of computer science and Internet technology, software security issues emerge in an endless stream, and software security has always attracted much attention. In the field of software security testing, fuzz testing and symbolic execution are two widely used testing methods. [0003] Fuzzing is currently the most commonly used technique in the field of security testing. Its basic idea is to provide a large number of malformed inputs to the target program and monitor the abnormal results of the target system to find software defects. The basic process of fuzz testing is: [0004] 1) Determine the target program to be tested, and analyze the basic structural information of the program input data. The program input includes command line parameters, ...

Claims

the structure of the environmentally friendly knitted fabric provided by the present invention; figure 2 Flow chart of the yarn wrapping machine for environmentally friendly knitted fabrics and storage devices; image 3 Is the parameter map of the yarn covering machine
Login to view more

Application Information

Patent Timeline
no application Login to view more
IPC IPC(8): G06F11/36
Inventor 董芳泉董超群张慧张垚杨书轩程来旺
Owner JIANGNAN INST OF COMPUTING TECH
Who we serve
  • R&D Engineer
  • R&D Manager
  • IP Professional
Why Eureka
  • Industry Leading Data Capabilities
  • Powerful AI technology
  • Patent DNA Extraction
Social media
Try Eureka
PatSnap group products

Browse by: Latest US Patents, China's latest patents, Technical Efficacy Thesaurus, Application Domain, Technology Topic.

© 2024 PatSnap. All rights reserved.Legal|Privacy policy|Modern Slavery Act Transparency Statement|Sitemap