摘要
软件的安全性分析和漏洞检测是软件工程和信息安全领域的一个研究热点和难点问题。采用程序分析的方法对软件进行安全性测试,日益受到广泛的关注和重视。首先概述了有关软件安全性测试的基本概念;随后,详细介绍了3种基于程序分析的安全性测试方法:模糊测试、符号执行和自动化白盒模糊测试,并比较了这3种方法的优缺点;最后,给出了自动化白盒模糊测试的分布式模型。
Software security analysis and vulnerability testing are one of the researching focus and difficulty in the soft-ware engineering. People think highly of the software security testing using program analysis. This paper began with an overview of the concepts of the software security testing, then detailed the popular methods of program analysis in soft- wared security testing:fuzz testing, symbolic execution and automated whitebox fuzz test and compared them to each other, finally gave an overview of the automated whitebox fuzz testing distributed system.
出处
《计算机科学》
CSCD
北大核心
2014年第2期7-10,22,共5页
Computer Science
基金
国家自然科学基金(61170189,60973105,90718017)
教育部博士点基金(201111 02130003)资助
