Looking for breakthrough ideas for innovation challenges? Try Patsnap Eureka!

Method for improving software fuzzy testing efficiency in combination with symbol execution

A technology of fuzz testing and symbolic execution, applied in software testing/debugging, error detection/correction, instrumentation, etc., can solve problems such as blindness of test cases, low code coverage, high complexity, and time-consuming, etc., to improve Defect mining performance, the effect of improving the overall performance

Active Publication Date: 2018-11-20
NAT UNIV OF DEFENSE TECH
View PDF7 Cites 23 Cited by
  • Summary
  • Abstract
  • Description
  • Claims
  • Application Information

AI Technical Summary

Problems solved by technology

White-box testing has the characteristics of strong coverage, but this method requires a lot of manual analysis, and the complexity is very high. When the source code of the software to be tested has hundreds of thousands of lines or more, the operability is relatively poor
[0006] 2. Black box testing: It is a method of directly writing test cases for testing without knowing the internal details of the software to be tested. It is easy to operate and does not need to obtain the source code of the software to be tested. The usability is good, but most of the test cases come from testers Subjective guess, poor coverage
Although gray box testing has good usability, it has a lot of complexity, especially in the binary audit work, which will spend a lot of time
[0008] The above three fuzz tests have their own defects, and they are not well compatible with binary programs without source code. The generated test cases have problems such as blindness and low code coverage.

Method used

the structure of the environmentally friendly knitted fabric provided by the present invention; figure 2 Flow chart of the yarn wrapping machine for environmentally friendly knitted fabrics and storage devices; image 3 Is the parameter map of the yarn covering machine
View more

Image

Smart Image Click on the blue labels to locate them in the text.
Viewing Examples
Smart Image
  • Method for improving software fuzzy testing efficiency in combination with symbol execution
  • Method for improving software fuzzy testing efficiency in combination with symbol execution
  • Method for improving software fuzzy testing efficiency in combination with symbol execution

Examples

Experimental program
Comparison scheme
Effect test

Embodiment Construction

[0048] The present invention will be further described below in conjunction with the accompanying drawings and specific preferred embodiments, but the protection scope of the present invention is not limited thereby.

[0049] Such as figure 1 As shown, the present embodiment combines symbolic execution to improve the method for software fuzz testing efficiency, and the steps include:

[0050] S1. Preprocessing: perform preprocessing on the target program including disassembly, stub insertion, etc., and obtain information including assembly code, control flow graph CFG, etc. of the target program;

[0051] S2. Fuzz testing: input the fuzz tester to the target program to generate test cases, and detect whether the program is abnormal. If a program abnormality occurs, record the corresponding test case, that is, record the test case that can trigger the program abnormality;

[0052] S3. Scheduling based on path coverage: construct scheduling parameters for scheduling based on pa...

the structure of the environmentally friendly knitted fabric provided by the present invention; figure 2 Flow chart of the yarn wrapping machine for environmentally friendly knitted fabrics and storage devices; image 3 Is the parameter map of the yarn covering machine
Login to View More

PUM

No PUM Login to View More

Abstract

The invention discloses a method for improving software fuzzy testing efficiency in combination with symbol execution. The method comprises the steps of S1, preprocessing a target program to obtain information of the target program; S2, inputting a fuzzy tester into the target program to generate a test case, and detecting whether the program is abnormal or not; S3, constructing scheduling parameters based on a path coverage rate, calculating the scheduling parameters in a fuzzy testing process, judging a state of the fuzzy tester, if the fuzzy tester is in a low-speed state, going to the stepS4, if the tester is in a high-speed state, returning to the step S2, and if the tester is in a halt state, exiting from the testing; and S4, identifying branches which are not traversed in the fuzzytesting process, constructing a non-traversed program path, generating an effective test case by using a symbol execution method to stimulate the fuzzy tester to be in the high-speed state, and if the effective test case cannot be generated and the tester is in the halt state, exiting from the testing. The method has the advantages of simple implementation principle, good vulnerability mining performance, high efficiency, low false alarm rate, flexible and reliable use, and the like.

Description

technical field [0001] The invention relates to the technical field of vulnerability mining of non-source code executable binary programs, in particular to a method for improving the efficiency of software fuzz testing in combination with symbolic execution. Background technique [0002] With the increasing attention to software security issues, vulnerability mining technology has gradually become the current focus of research. Vulnerability mining technology refers to the exploration of unknown vulnerabilities, and the comprehensive application of various technologies and tools to find potential vulnerabilities in software as much as possible. The traditional vulnerability mining technology including static analysis technology and dynamic analysis technology is not only time-consuming and labor-intensive, but also difficult to scan every software for all-round vulnerabilities, and it is very easy to miss vulnerabilities. Therefore, even the rigorously tested software , aft...

Claims

the structure of the environmentally friendly knitted fabric provided by the present invention; figure 2 Flow chart of the yarn wrapping machine for environmentally friendly knitted fabrics and storage devices; image 3 Is the parameter map of the yarn covering machine
Login to View More

Application Information

Patent Timeline
no application Login to View More
IPC IPC(8): G06F11/36
CPCG06F11/3688G06F11/3692
Inventor 董威徐鲁杭尹良泽贾维熙陈振邦陈立前王戟
Owner NAT UNIV OF DEFENSE TECH
Who we serve
  • R&D Engineer
  • R&D Manager
  • IP Professional
Why Patsnap Eureka
  • Industry Leading Data Capabilities
  • Powerful AI technology
  • Patent DNA Extraction
Social media
Patsnap Eureka Blog
Learn More
PatSnap group products

Browse by: Latest US Patents, China's latest patents, Technical Efficacy Thesaurus, Application Domain, Technology Topic, Popular Technical Reports.

© 2024 PatSnap. All rights reserved.Legal|Privacy policy|Modern Slavery Act Transparency Statement|Sitemap|About US| Contact US: help@patsnap.com