A Fuzzing System Based on Program Tracing and Mixed Execution

A fuzzing and hybrid execution technology, applied in the field of information security, can solve the problems of unique identification conflict collision, error, low efficiency of constraint solving, etc., and achieve the effect of simplifying path constraints, improving effectiveness, improving efficiency and vulnerability discovery ability
CN109739755BActive Publication Date: 2020-07-10BEIJING INSTITUTE OF TECHNOLOGYGY
10 Cites 0 Cited by

Patent Information

Authority / Receiving Office
CN Β· China
Patent Type
Patents(China)
Current Assignee / Owner
BEIJING INSTITUTE OF TECHNOLOGYGY
Publication Date
2020-07-10

Smart Images

  • Figure 1
    Figure 1
Patent Text Reader

Abstract

The invention provides a fuzzy test system based on program tracking and hybrid execution, and the system mainly comprises three modules: a fuzzy test module, a data flow tracking module, and a hybridexecution module. Wherein the input of the fuzzy test module is a target binary program, the type information of variables corresponding to byte sequences in a seed test case and the seed test case extracted by the data flow tracking module is output as a test case for triggering a new path; wherein the input of the data flow tracking module is a seed test case loaded by the target binary programand the fuzzy test module, and the output of the data flow tracking module is a dependency relationship between type information of variables corresponding to byte sequences in the seed test case anddata in the target binary program; wherein the input of the hybrid execution module is a dependency relationship of data in a target binary program provided by the data flow tracking module in real time, and the output of the hybrid execution module is a candidate test case which is newly generated by the module and can trigger a new path. Compared with the prior art, the system can improve the effectiveness of test case generation.
Need to check novelty before this filing date? Find Prior Art

Description

technical field

[0001] The invention belongs to the technical field of information security, in particular to a fuzz testing system based on program tracing and mixed execution. Background technique

[0002] Fuzz testing: Fuzz testing is a method of discovering software vulnerabilities by providing unexpected inputs to the target system or software and monitoring abnormal results. Because fuzz testing technology can convert a large number of manual tests into highly automated tests, between black and white Between box testing and white box testing, it is widely used in the field of vulnerability mining at home and abroad.

[0003] Test cases: The generation strategy of test cases determines the test efficiency of fuzz testing. Better test cases can cover more paths of the program to be tested, thereby detecting more program vulnerabilities. Fuzzing test case generation methods can be divided into two types, generation-based and mutation-based. The generation-based method m...

Claims

the structure of the environmentally friendly knitted fabric provided by the present invention; figure 2 Flow chart of the yarn wrapping machine for environmentally friendly knitted fabrics and storage devices; image 3 Is the parameter map of the yarn covering machine
Login to View More