A binary-oriented fuzz testing method and system
A fuzz testing and oriented technology, applied in the field of software system security detection and binary-oriented fuzz testing, can solve problems such as inability to effectively bypass program inspection, difficulty in triggering program logic code parts, and difficulty in finding program loopholes
Active Publication Date: 2021-11-19
SICHUAN UNIV
View PDF11 Cites 0 Cited by
- Summary
- Abstract
- Description
- Claims
- Application Information
AI Technical Summary
Problems solved by technology
The current popular fuzz testing tools use genetic algorithms and use code coverage as feedback to screen offspring. Compared with traditional fuzz testing, this type of fuzz testing tool improves the efficiency of fuzz testing, but this type of tool still has certain limitations. If you don’t know which bytes in the input file are worth mutating and how to mutate the bytes in the input file, it will often take a lot of time to mutate some insignificant bytes, even if sometimes the mutation occurs in a key position. However, since the tool does not know how to mutate, it still cannot effectively bypass the program check
These problems make it difficult for the input file to trigger the complex logic code part of the program, so it is difficult to find potential loopholes deep in the program
Method used
the structure of the environmentally friendly knitted fabric provided by the present invention; figure 2 Flow chart of the yarn wrapping machine for environmentally friendly knitted fabrics and storage devices; image 3 Is the parameter map of the yarn covering machine
View moreImage
Smart Image Click on the blue labels to locate them in the text.
Smart ImageViewing Examples
Examples
Experimental program
Comparison scheme
Effect test
Embodiment Construction
[0015] The present invention will be further described below in conjunction with the accompanying drawings. The invention aims to provide a oriented mutation method for fuzz testing in binary-oriented fuzz testing, reduce the blindness of mutation in traditional fuzz testing, and improve the efficiency of fuzz testing.
[0016] figure 1 It is an architecture diagram describing the composition of the system of the present invention.
[0017] Such as figure 1 As shown, the fuzzing system includes four modules: static analysis information extractor, binary instrumentation, dependency inference and fuzzer. The static analysis information extractor is responsible for extracting the comparison instruction information in the target binary file; the binary stub inserter inserts the target binary file according to the comparison instruction information obtained in the static analysis information extractor; the dependency speculator is used to speculate and establish the input file D...
the structure of the environmentally friendly knitted fabric provided by the present invention; figure 2 Flow chart of the yarn wrapping machine for environmentally friendly knitted fabrics and storage devices; image 3 Is the parameter map of the yarn covering machine
Login to View More PUM
Login to View More Abstract
The invention relates to the field of binary-oriented fuzz testing in the field of software system security detection and vulnerability mining methods, and aims to provide a binary-oriented fuzz testing method and system. This method adopts a lightweight static analysis method and binary source code instrumentation technology. The specific content includes: first, through static analysis, extract the comparison instruction information that hinders the fuzz test from penetrating into the program, and then insert the binary file based on the obtained information. The stub is used to obtain the specific value of the operand in the process of fuzzing, and then mutate the input file byte by byte, and then speculate on the dependency relationship between the input file and the comparison instruction, and finally according to the dependency relationship and the comparison progress information. Guided mutation of files. The system does not depend on program source code, reduces the blindness of mutation in fuzz testing, saves computing resources, and has higher versatility.
Description
technical field [0001] The invention relates to the field of software system safety detection, in particular to the field of binary-oriented fuzzy testing in vulnerability mining technology. Background technique [0002] With the widespread use of computers and the rapid development of computer networks, people's lives and even various industries such as financial securities, national defense technology, medical and health care, etc. are inseparable from various computer software, and the number of software is increasing day by day. The hidden dangers of security vulnerabilities have also become more prominent. Hidden dangers of software security vulnerabilities provide opportunities for attackers, and attacks by attackers using software vulnerabilities have emerged in an endless stream in recent years. Therefore, discovering and patching vulnerabilities as early as possible has become a hot issue in the field of software security research. [0003] In the field of vulnera...
Claims
the structure of the environmentally friendly knitted fabric provided by the present invention; figure 2 Flow chart of the yarn wrapping machine for environmentally friendly knitted fabrics and storage devices; image 3 Is the parameter map of the yarn covering machine
Login to View More Application Information
Patent Timeline
Login to View More Patent Type & Authority Patents(China)
IPC IPC(8): G06F21/57
CPCG06F21/577G06F2221/033
Inventor 刘亮张瀚方刘露平
Owner SICHUAN UNIV