可扩展的软件错误挖掘实例分析与优化
|
摘要
当前随着计算机技术的发展,计算机软件存在规模大、漏洞难以发现的特点,人工审核大规模软件的漏洞花费的人工成本大,在大规模软件中可行性低。因此,基于机器自动挖掘漏洞的方法成为当前研究的热点。基于现阶段具有代表性的可扩展的软件漏洞挖掘工具AFL,针对此工具在挖掘漏洞中存在的问题,例如通过幻数测试困难的问题,并对此问题出现的原因进行分析,并且采用将幻数测试边拆分成为同语义的一系列幻字节测试边的方法对AFL进行改进,取得了不错的效果。
With the development of computer technology,nowadays the scale of software becomes larger and the vulnerability becomes harder to be detect.Manual audit requires a large amount of time and labor,which makes it infeasible in large-scale software.Machine-based automatical vulnerability detector design therefore becomes a heated research area.We study the state-of-art scalable fuzzer named American Fuzzy Loop(AFL),and aiming at its defects,such as difficulty on passing magic number tests,we analyze the reasons and give a practical solution.The improved method achieves good results in our tests.
With the development of computer technology,nowadays the scale of software becomes larger and the vulnerability becomes harder to be detect.Manual audit requires a large amount of time and labor,which makes it infeasible in large-scale software.Machine-based automatical vulnerability detector design therefore becomes a heated research area.We study the state-of-art scalable fuzzer named American Fuzzy Loop(AFL),and aiming at its defects,such as difficulty on passing magic number tests,we analyze the reasons and give a practical solution.The improved method achieves good results in our tests.
引文
[1]Baidu Baike.Fuzzing[EB/OL].[2014-10-01].https://baike.baidu.com/item/Fuzzing/933670.
[2]InfoSec Institute.Fuzzing-mutation vs.generation[EB/OL].[2012-01-04].https://resources.infosecinstitute.com/fuzzing-mutation-vs-generation/#gref.
[3]lcamtuf.american fuzzy lop(2.52b)[EB/OL].[2018-01-20].http://lcamtuf.coredump.cx/afl/.
[4]Rawat S,Jain V,Cojocar L,et al.Vuzzer:Application-aware evolutionary fuzzing[C]∥Proc of Network and Distributed System Security Symposium(NDSS),2017:1923-1934.
[5]Chen Peng,Hao Chen.Angora:Efficient fuzzing by principled search[J].arXiv preprint arXiv:1803.01307,2018.
[6]Peng Hui,Yan S,Payer M.T-Fuzz:Fuzzing by program transformation[C]∥Proc of 2018IEEE Symposium on Security and Privacy(SP),2018:1893-1901.
[7]Brendan D-G,Hulin P,Kirda E,et al.Lava:Large-scale automated vulnerability addition[C]∥Proc of IEEE Security and Privacy(SP),2016:1802-1820.
[8]DARPA CGC[EB/OL].[2016-01-23].https://github.com/CyberGrandChallenge.
[9]Chen Juan.Learning from mistake:Transformation of programming education[J].Education on Computer,2017(12):54-58.
[1]百度百科.模糊测试[EB/OL].[2014-10-01].https://baike.baidu.com/item/Fuzzing/933670.
[9]陈娟.从错误中学习:计算机程序设计课程改革实践[J].计算机教育,2017(12):54-58.
[2]InfoSec Institute.Fuzzing-mutation vs.generation[EB/OL].[2012-01-04].https://resources.infosecinstitute.com/fuzzing-mutation-vs-generation/#gref.
[3]lcamtuf.american fuzzy lop(2.52b)[EB/OL].[2018-01-20].http://lcamtuf.coredump.cx/afl/.
[4]Rawat S,Jain V,Cojocar L,et al.Vuzzer:Application-aware evolutionary fuzzing[C]∥Proc of Network and Distributed System Security Symposium(NDSS),2017:1923-1934.
[5]Chen Peng,Hao Chen.Angora:Efficient fuzzing by principled search[J].arXiv preprint arXiv:1803.01307,2018.
[6]Peng Hui,Yan S,Payer M.T-Fuzz:Fuzzing by program transformation[C]∥Proc of 2018IEEE Symposium on Security and Privacy(SP),2018:1893-1901.
[7]Brendan D-G,Hulin P,Kirda E,et al.Lava:Large-scale automated vulnerability addition[C]∥Proc of IEEE Security and Privacy(SP),2016:1802-1820.
[8]DARPA CGC[EB/OL].[2016-01-23].https://github.com/CyberGrandChallenge.
[9]Chen Juan.Learning from mistake:Transformation of programming education[J].Education on Computer,2017(12):54-58.
[1]百度百科.模糊测试[EB/OL].[2014-10-01].https://baike.baidu.com/item/Fuzzing/933670.
[9]陈娟.从错误中学习:计算机程序设计课程改革实践[J].计算机教育,2017(12):54-58.