摘要
为了解决目前Fuzzing挖掘技术存在的挖掘算法移植性差、挖掘点不易修改和挖掘程度难以度量等不足,在分析当前程序输入数据特点和程序状态特点的基础上,总结出程序状态变化和程序处理输入数据的特点,设计了基于输入触发的漏洞挖掘模型。通过建立目标系统的程序状态、输入点和输入数据的模型来建立挖掘过程以及生成测试数据,实验结果表明,该模型能够解决上述Fuzzing技术的不足,还表明了基于输入触发的漏洞挖掘模型可行性和有效性。
Fuzzing discloses lots of faults of itself in vulnerability disclosure field such as poor transplantablity, poor changeability of disclosure point and poor measurability on disclosure degree at present. On the basis of analyzing the characteristic of the input data of programs and the running state of a programs, the rules of the transition of programs' states and the rules of programs in processing data from input are educed, and then the based on input-triggering vulnerability disclosure model is designed to solve the problem mentioned above. The model create procedure of vulnerability disclosure and produce testing data by building the model of programs' state, the model of interface of input and the model of data from input. Then a demo experiment validate that the model can solve the problem, that proves the feasibility and validity of the model.
出处
《计算机工程与设计》
CSCD
北大核心
2009年第18期4227-4230,共4页
Computer Engineering and Design
