期刊文献+
任意字段
题名或关键词
题名
关键词
文摘
作者
第一作者
机构
刊名
分类号
参考文献
作者简介
基金资助
栏目信息

基于彩色污点传播的黑盒测试方法 被引量:2

Black-box testing based on colorful taint analysis
原文传递
导出
摘要 软件漏洞检测是确保软件安全的重要方法之一.现有可执行程序漏洞检测方法主要分为白盒测试和黑盒测试两类:前者需要完整构造程序漏洞产生表达式,因此存在路径爆炸以及表达式难以求解等问题;后者通过尝试各种输入以检测程序漏洞,针对性不强且存在过多重复计算.本文通过确定程序输入中直接影响程序检测点的部分,结合种子输入产生能够直接到达检测点的输入数据,提高黑盒测试过程的针对性.分析检测点间守护条件和检测条件的相关性,去除检测过程中冗余的检测点,提高整体检测效率.提出了彩色污点传播的方法,快速确定程序检测点与外部输入及约束条件间的依赖关系.通过对4款现有应用软件的分析试验,结果表明本方法提高了黑盒测试的针对性和分析效率. Software vulnerability detection is one of the most important methods for guaranteeing software security. Two main classes of methods can detect vulnerabilities in binary files: white-box testing and black-box testing. The former needs to construct and solve path constraints to detect vulnerabilities. It has two main drawbacks: path exploding and complexity of constraints. The latter often aimlessly exhausts various inputs to test binary files. This paper combines both testing methods to detect vulnerabilities in binary files. By analyzing the input elements that affect check condition corresponding to a certain check point, we can generate one class of inputs that get to the check point to increase fuzzing efficiency. By analyzing the relationship between guard conditions and check condition, the redundant check points are removed. Colorful taint analysis method (CTAM) is proposed to compute guard conditions, which is more efficient than traditional taint analysis method (TTAM). We implemented a prototype and made several experiments on it. The results showed that our method could increase the efficiency of black-box testing.
作者 陈恺 冯登国 苏璞睿 张颖君
机构地区 中国科学院软件研究所信息安全国家重点实验室 中国科学院研究生院信息安全国家重点实验室 信息安全共性技术国家工程研究中心
出处 《中国科学:信息科学》 CSCD 2011年第5期526-540,共15页 Scientia Sinica(Informationis)
基金 国家自然科学基金(批准号:60970028 60703076 61073179)资助项目
关键词 软件测试 漏洞检测 动态检测 黑盒测试 彩色污点传播 software testing vulnerability detection dynamic testing black-box testing colorful taint analysis
分类号 TP311.53 [自动化与计算机技术—计算机软件与理论]
  • 相关文献

参考文献20

  • 1ZHANG YingZhou.A novel formal approach to program slicing[J].Science in China(Series F),2007,50(5):657-670. 被引量:3
  • 2Molnar D A,Wagner D.Catchconv:Symbolic Execution and Run-Time Type Inference for Integer Conversion Errors. Technical Report UCB/EECS-2007 -23 . 2007
  • 3Ghosh A K,O’’’’’’’’Connor T,McGraw G.Automated approach for identifying potential vulnerabilities in software. Proceedings of the IEEE Symposium on Security and Privacy . 1998
  • 4Sutton M,Greene A,Amini P.Fuzzing:Brute Force Vulnerability Discovery. . 2007
  • 5Godefroid P,Kiezun A,Levin M Y.Grammar-based whitebox fuzzing. Proceedings of the2008ACM SIGPLAN Conference on Programming Language Design and Implementation . 2008
  • 6Akritidis P,Cadar C,Raiciu C,et al.Preventing memory error exploits with WIT. Proceedings of the IEEE Symposium on Security and Privacy . 2008
  • 7Dimitrov M,Zhou H.Anomaly-based bug prediction,isolation,and validation:an automated approach for software debugging. Proceeding of the14th International Conference on Architectural Support for Programming Languages and Operating Systems . 2009
  • 8Gegick M,Rotella P,Williams L.Predicting attack-prone components. Proceedings of the2009International Conference on Software Testing Verification and Validation . 2009
  • 9Jiang Y,Cuki B,Menzies T,et al.Comparing design and code metrics for software quality prediction. Proceedings of the4th International Workshop on Predictor Models in Software Engineering . 2008
  • 10P. Godefroid,M. Y. Levin,D. Molnar.Automated Whitebox Fuzz Testing. Proceedings of NDSS‘2008 (Network and Distributed Systems Security) . 2008

二级参考文献1

共引文献2

同被引文献16

  • 1刘奇旭,张翀斌,张玉清,张宝峰.安全漏洞等级划分关键技术研究[J].通信学报,2012,33(S1):79-87. 被引量:36
  • 2Ganesh V, Leek T, Rinard M. Taint-based directed whitebox fuzzing//Proceedings of the International Conference on Software Engineering. Vancouver, Canada, 2009.. 474-484.
  • 3Godefroid P, Klarlund N, Sen K. Dart: Directed automated random testi~//Proceedings of the ACM SIGPLAN Conference on Programming Language Design and Implementation. Chicago, USA, 2005:213-223.
  • 4Babic D, Martignoni L, McCamant S, Song D. Statically- directed dynamic automated test generation//Proceedings of the ACM SIGSOFT International Symposium on Software Testing and Analysis. Toronto, Canada, 2011:285-296.
  • 5Ma K-K, Phang K Y, Foster J S, Hicks M. Directed symbolic execution//Proceedings of the 18th International Static Analysis Symposium (SAS). Venice, Italy, 2011:365-380.
  • 6Chen Zhe, Guo Shize, Fu Damao. A directed fuzzing based on the dynamic symbolic execution and extended program behavior model//Proceedings of the Instrumentation, Measurement, Computer, Communication and Control (IMCCC't2). Harbin, China, 2012: 1641-1644.
  • 7Pak B S. Hybrid Fuzz Testing.. Discovering Software Bugs Via Fuzzing and Symbolic Execution EM- S. dissertation]. Carnegie Mellon University, Pittsburgh, USA, 2012.
  • 8Saxena P, Poosankam P, McCamant S. Loop-extended symbolic execution on binary programs//Proeeedings of the ACM SIGSOFT International Symposium on Software Testing and Analysis. Chicago, USA, 2009:512-528.
  • 9Cadar C, Dunbar D, Engler D. KLEE: Unassisted andautomatic generation of high-coverage tests for complex systems programs//Proceedings of the USENIX Symposium on Operating Systems Design and Implementation. San Diego, USA, 2008:623-635.
  • 10Godefroid P, Levin M, Molnar D. Automated whitebox fuzz testing/ /Proceedings of the 15th Annual Network and Distributed System Security Symposium. San Diego, USA, 2008 : 320-332.

引证文献2

二级引证文献13

中国科学:信息科学
2011年 第5期

相关作者

内容加载中请稍等...

相关机构

内容加载中请稍等...

相关主题

内容加载中请稍等...

浏览历史

内容加载中请稍等...
;
使用帮助 返回顶部