期刊文献+
任意字段
题名或关键词
题名
关键词
文摘
作者
第一作者
机构
刊名
分类号
参考文献
作者简介
基金资助
栏目信息

Fuzzing技术综述 被引量:30

Survey on Fuzzing
下载PDF
导出
摘要 通过分析比较多种Fuzzing技术的定义,结合其当前发展所基于的知识和采用的方法,给出了Fuzzing技术的一个新的定义;重点从与黑盒测试技术的区别、测试对象、架构和测试数据产生机理四个方面总结了当前Fuzzing技术采用的一些新思想、新方法以及它们的缺陷。针对这些缺陷和实际应用中的需求,分别提出了当前Fuzzing技术下一步的具体研究方向和对应的研究方法。 By analyzing and comparing several definitions of Fuzzing, this paper gave a new definition accroding to the knowledge and methods using currently, summerized its new ide'as, new methods and corresponding defeats from these aspects like differences from black-box testing, framework and test data generation mechanism. Based on these defeats and the requiments from practical application, proposed concrete research directions and methods.
作者 吴志勇 王红川 孙乐昌 潘祖烈 刘京菊
机构地区 解放军电子工程学院网络工程系
出处 《计算机应用研究》 CSCD 北大核心 2010年第3期829-832,共4页 Application Research of Computers
基金 电子工程学院博士生创新基金资助项目
关键词 FUZZING技术 黑盒测试 架构 测试数据 生成 变异 动态测试 知识 Fuzzing black-box testing construction test data generation mutation dynamic test knowledge
分类号 TP391 [自动化与计算机技术—计算机应用技术]
  • 相关文献

参考文献49

  • 1MILLER B P, FREDRIKSON L, SO B. An empirical study of the reliablity of UNIX utilities[ J]. Communications of the ACM, 1990, 33(2) :32.
  • 2AITEL D. The advantages of block-based protocol analysis for security testing[ R]. New York: Immunity Inc, 2002.
  • 3SPIKE [ EB/OL ]. ( 2009- 06 ). http ://www. immunitysec, com/resources-freesoftware, shtml.
  • 4GODEFROID P, LEVIN M, MOLNAR D. Active property checking [ C]//Proc of the 8th ACM International Conference on Embedeling Software. 2008 : 19-24.
  • 5GODEFROID P, LEVIN M, MOLNAR D. Automated whitebox fuzz testing[ C ]//Proc of Network Distributed Security Symposium. 2005.
  • 6MILLER B P, KOSKI D, LEE C P,et al. Fuzzing revisted: a reexamination of the reliability of UNIX utilities and services [ R]. Madison: University of Wisconsin Madison, 1995.
  • 7SUTTON M, GREENE A, AMINI P. Fuzzing: brute vulnerability discovery[ M]. [ S. l. ] : Pearson Education Inc, 2007 : 16.
  • 8ANDREA L, LORENZO M, MATTIA M,et al. A smart fuzzer for x86 executables[ C ]//Proc of the 3rd International Workshop on Software Engineering for Secure Systems. [ S. l. ] : IEEE Computer Society, 2007:7.
  • 9OEHLERT P. Violating assumption with fuzzing[ J]. IEEE Security and Privacy,2005,3(2) :58-62.
  • 10VUAGNOUX M. Autodafe: an act of software torture [ EB/OL]. (2006). http://autodafe, sourceforge, net/docs/autodafe, pdf.

二级参考文献19

  • 1B. P. Miller, L. Fredriksen,B. So. An Empirical Study of the Reliability of UNIX Utilities[J].Communications of the ACM, 1990, (12)
  • 2Michael Sutton. The Art of File Format Fuzzing [DB/OL].http://www.blackhat.com/presentations/bhus 05-sutton. pdf
  • 3Microsoft Word 97 Binary File Format with BiDirectional Text[DB/OL]. http://www.moon-soft.com/ program/Format/test/word8.html
  • 4Daniel Rentz. OpenOffice. org's Documentation of the Compound Document File Format[DB/OL].http://so. openoffice.org/compdocfileformat.pdf.2006
  • 5Cowan C,Wagle P,Pu C,et al.Buffer Overflows:Attacks and Defenses for the Vulnerability of the Decade[C]//Proc.of DARPA Information Survivability Conference and Exposition.[S.l.]:DARPA Press,2000.
  • 6Du Wenliang,Mathur A P.Vulnerability Testing of Software System Using Fault Injection[R].Coast,TR 98-02,1998.
  • 7Evans D,Larochelle D.Improving Security Using Extensible Lightweight Static Analysis[J].IEEE Software,2002,19(1):42-51.
  • 8SUTTON M, GREENE A, AMINI P. FUZZING brute force vulnerability discovery [M]. Reading, MA: Addison-Wesley, 2007.
  • 9HAMMOND M, ROBINSON A. Python programming on Win 3 2 [ EB/OL]. [ 2008 - 01 - 05 ]. O'Reilly, 2000. http://download. csdn. net/source/203224.
  • 10DOWD M, MCDONALD J, SCHUH J. The art of software security assessment: Identifying and preventing software vulnerabilities[ M]. Reading, MA: Addison-Wesley, 2006.

共引文献50

同被引文献241

引证文献30

二级引证文献162

计算机应用研究
2010年 第3期

相关作者

内容加载中请稍等...

相关机构

内容加载中请稍等...

相关主题

内容加载中请稍等...

浏览历史

内容加载中请稍等...
;
使用帮助 返回顶部