摘要
软件中的安全漏洞可能导致非常严重的后果,因此漏洞挖掘已成为网络与信息安全领域的重大课题和研究热点。目前常用的漏洞挖掘技术包括静态分析、动态分析、二进制比对、模糊测试等。随着软件的规模和复杂度不断增大,模糊测试具有其它漏洞挖掘技术无法比拟的优势。首先介绍和分析了各种漏洞挖掘技术的优点和缺点;然后分别详细描述了模糊测试的研究进展、模糊测试的过程、测试用例的生成技术;最后介绍了模糊测试在各个领域的应用,并对其发展方向进行了展望。
Security vulnerabilities in software may lead to serious consequences,and vulnerability exploiting has become a hot area of research in network and information security.Popular vulnerability exploiting technologies include static analysis,dynamic analysis,binary code comparison,fuzz testing and so on.Along with the expansion of the scale and complexity of software,fuzz testing has incomparable advantages which other vulnerability exploiting technology can't provide.Firstly,both advantages and disadvantages of various vulnerability exploiting technology are discussed.Secondly,an account of the research advances of fuzz testing the procedure of fuzz testing and test case generation technology were described in detail.Finally,the applications of fuzz testing were shown and the trend of future study was discussed.
出处
《计算机科学》
CSCD
北大核心
2016年第5期1-8,26,共9页
Computer Science
基金
国家自然科学基金(61170189
61370126)
国家863计划(2015AA016004)
博士点基金(20111102130003)资助
关键词
软件安全
漏洞挖掘
模糊测试
测试用例生成
Software security
Vulnerability exploiting
Fuzz testing
Test case generation