Operating system kernel fuzzy test seed evaluation and distribution method

A fuzzing, operating system technology, applied in software testing/debugging, character and pattern recognition, climate sustainability, etc., can solve the problem of not taking into account the frequency difference of different execution paths, unable to achieve effective coverage, difficult to find kernel defects, etc. problems, to achieve the effect of reducing vulnerability exposure time, reducing access, and increasing the probability of low-frequency paths

Pending Publication Date: 2022-08-02
CENT SOUTH UNIV
View PDF7 Cites 0 Cited by
  • Summary
  • Abstract
  • Description
  • Claims
  • Application Information

AI Technical Summary

Problems solved by technology

At present, no effective method has been proposed to solve the above problems
[0005] At the same time, the existing kernel fuzzing methods do not take into account the difference in the frequency of different execution paths, that is, some paths will be accessed frequently, while some difficult-to-reach paths are visited too

Method used

the structure of the environmentally friendly knitted fabric provided by the present invention; figure 2 Flow chart of the yarn wrapping machine for environmentally friendly knitted fabrics and storage devices; image 3 Is the parameter map of the yarn covering machine
View more

Image

Smart Image Click on the blue labels to locate them in the text.
Viewing Examples
Smart Image
  • Operating system kernel fuzzy test seed evaluation and distribution method
  • Operating system kernel fuzzy test seed evaluation and distribution method
  • Operating system kernel fuzzy test seed evaluation and distribution method

Examples

Experimental program
Comparison scheme
Effect test

Example Embodiment

[0045] In the present invention, fuzz testing is a security testing technology, which is mainly used to detect security loopholes. This technology automatically or semi-automatically generates input data into the target program, monitors whether the target program is running abnormally, so as to discover the abnormality in the target program. Hide flaws. Seeds refer to the data sources for generating test cases in the fuzzing process. It can use high-quality data sets prepared in advance, or can be generated by models. Some executed input data can also be selected as seeds according to the strategy. The priority of seeds is an evaluation criterion that determines the order in which seeds are selected from the seed pool during fuzzing. Energy refers to the number of times a seed undergoes mutation operations during fuzzing, and represents the number of inputs that the seed can generate. Seed energy allocation, a strategy that specifies how much energy is allocated to each seed. ...

the structure of the environmentally friendly knitted fabric provided by the present invention; figure 2 Flow chart of the yarn wrapping machine for environmentally friendly knitted fabrics and storage devices; image 3 Is the parameter map of the yarn covering machine
Login to view more

PUM

No PUM Login to view more

Abstract

The invention discloses an operating system kernel fuzz test seed evaluation scheduling method. The method comprises the steps that firstly, a fuzz test tool reads an initial corpus to obtain a test case used for kernel fuzz test; the operating system executes the test case; judging whether the test case crashes or not in the execution process; judging whether the test case covers the kernel position which is not covered by the seeds in the ready seed pool or not in the execution process; judging whether the fuzzy test tool receives a test end instruction or not; selecting a next test case seed according to the optimized seed evaluation strategy and the energy distribution strategy, and distributing corresponding energy for mutation operation; and repeating the steps and outputting the crash seed pool maintained and updated in the current test process. According to the method, the seed priority evaluation strategy and the energy distribution strategy are optimized, and the probability that the seeds access the low-frequency path is improved, so that the time for exposing vulnerabilities on the low-frequency path is shortened, and the kernel fuzzy test efficiency is greatly improved.

Description

technical field [0001] The invention belongs to the field of software testing, in particular to a method for evaluating and distributing seeds for fuzzy testing of operating system kernels. Background technique [0002] The operating system manages and controls the hardware and software resources of the entire computer system, and reasonably organizes and allocates computer work and resource allocation. The kernel is the most important part of the operating system, which can provide the upper-layer application software with safe access to computer hardware resources. Therefore, the security of the kernel has always been a hot research topic in the security field. At present, the security detection of the operating system kernel is generally to detect its defects, so as to ensure the security and stability of the kernel. [0003] Fuzzing is a security testing technology, mainly used to detect security vulnerabilities. Its core idea is to input random data generated automati...

Claims

the structure of the environmentally friendly knitted fabric provided by the present invention; figure 2 Flow chart of the yarn wrapping machine for environmentally friendly knitted fabrics and storage devices; image 3 Is the parameter map of the yarn covering machine
Login to view more

Application Information

Patent Timeline
no application Login to view more
IPC IPC(8): G06F11/36G06K9/62
CPCG06F11/3684G06F11/3676G06F11/3688G06F18/295Y02D10/00
Inventor 施荣华梁锴施鹤远胡超
Owner CENT SOUTH UNIV
Who we serve
  • R&D Engineer
  • R&D Manager
  • IP Professional
Why Eureka
  • Industry Leading Data Capabilities
  • Powerful AI technology
  • Patent DNA Extraction
Social media
Try Eureka
PatSnap group products

Browse by: Latest US Patents, China's latest patents, Technical Efficacy Thesaurus, Application Domain, Technology Topic.

© 2024 PatSnap. All rights reserved.Legal|Privacy policy|Modern Slavery Act Transparency Statement|Sitemap