摘要
随着新一代网络信息技术的不断创新突破,软件从单机场景逐步扩展到移动终端、物联网设备、工业控制设备、云计算平台等新兴领域,推动了信息化基础设施建设的发展。然而,应用软件质量良莠不齐,给黑客组织提供了可乘之机。事件型漏洞和高危零H漏洞数量上升,如何高效准确地挖掘软件漏洞亟待解决。为实现漏洞的快速检测,模糊测试技术备受关注,它具有部署简单、自动化程度高、兼容性好等特点,能通过提供大量的输入样例实现对目标程序的脆弱性分析。现有的模糊测试通常在单处理器环境中执行,存在单个检测任务耗时长、计算资源利用率低、可持续能力差等缺陷。因此,并行化模糊测试一经提出便备受青睐。针对并行架构下的任务划分、数据存储、通信交互等问题,学术界和工业界对其展开了深入分析,并设计了一系列的实现方法。为此,系统地总结了当前模糊测试面临的挑战,概述了当前阶段模糊测试的并行化需求,着重比较分析了现存并行化模糊测试方案的优势和不足,并对高性能计算场景下并行化模糊测试的未来趋势进行了展望。
With continuous innovation and breakthroughs in the new generation of network information technology,the software system has gradually extended from stand-alone scenarios to mobile terminals>Internet of Things devices,industrial control equipment?cloud computing platforms,and other emerging areas,promoting the development of information technology infrastructure construction.However,the software applications are of varying quality,making them vulnerable to attacks from hacker organizations.It is highly demanded to mine software vulnerabilities efficiently and accurately due to the increasing number of event-based vulnerabilities and high-risk zero-day vulnerabilities.To detect vulnerabilities quickly,fuzzing has attracted much attention.It finds bugs by repeatedly injecting mutated inputs to a target program with the benefit of simple deployment,high automation and compatibility.However,existing fuzzing tests are usually performed in a single-processor environment,which suffers from significant time overhead,low computational resource utilization,and poor sustainability.Therefore,parallel fuzzing has been proposed and gained much attention.Academia and industry have launched an in-depth research on parallel fuzzing and designed a series of methods for task division,data storage,and communication interaction under the parallel architecture.This work systematically summarized current challenges in fuzzing process,scientifically outlined the needs of parallel fuzzing,then focused on comparing and analyzing the advantages and disadvantages o£each parallel fuzzing scheme.In the end,this work prospected for the future trend of parallel fuzzing in high-performance computing scenarios.
作者
张旭鸿
梁红
夏亦凡
蒲誉文
纪守领
ZHANG Xuhong;LIANG Hong;XIA Yifan;PU Yuwen;JI Shouling(School of Software Technology,Zhejiang University,Ningbo 315048,China;College of Computer Science and Technology,Zhejiang University,Hangzhou 310007,China;School of Cyber Science and Engineering,Huazhong University of Science and Technology,Wuhan 430040,China)
出处
《信息对抗技术》
2022年第1期24-42,共19页
Information Countermeasures Technology
关键词
软件测试
模糊测试
漏洞检测
并行计算
software testing
fuzzing
vulnerability detection
parallel computing
