摘要
脚本语言作为解释性语言,需要由脚本语言执行引擎动态解释执行。由于脚本语言的广泛应用,其执行引擎也在各种平台上得到广泛部署。因此,脚本语言执行引擎中的安全漏洞往往具有很高的安全影响。模糊测试作为一种有效的自动化漏洞挖掘方法,在挖掘脚本语言执行引擎的软件缺陷和漏洞方面也有重要作用。本文对近年来国内外学者在该领域的研究进行了系统的总结,介绍了模糊测试和脚本语言执行引擎的基本概念,整理了现有的脚本语言执行引擎的模糊测试工作的评价指标,分类梳理了脚本语言执行引擎的模糊测试工作,阐述了该领域所关注的研究问题和解决方法。最后,根据现有工作的不足和研究趋势,提出具有潜力的下一步研究方向。
The scripting language,being an interpreted language,needs to be dynamically interpreted by the scripting language execution engine.Because scripting languages are widely used in many fields,their execution engines have also been widely deployed on various platforms.As a result,security vulnerabilities in scripting language execution engines often have a high-security impact.Fuzzing,as an effective automatic vulnerability finding method,also plays an important role in mining the defects and vulnerabilities in scripting language execution engines.This paper systematically summarizes recent domestic and foreign research in this field.First,it introduces the fundamental concepts of fuzzing and scripting language execution engines;then it lists the evaluation indicators of the existing fuzzing work for scripting language execution engines;next,it categorizes the fuzzing work for scripting language execution engines and expounds on the research problems and solutions in this field;finally,it puts forward the future potential research directions according to the inadequacies and research trends of current work.
作者
孙力立
武成岗
许佳丽
张培华
唐博文
谢梦瑶
SUN Lili;WU Chenggang;XU Jiali;ZHANG Peihua;TANG Bowen;XIE Mengyao(State Key Laboratory of Computer Architecture,Institute of Computing Technology,Chinese Academy of Sciences,Beijing 100190;School of Computer Science and Technology,University of Chinese Academy of Sciences,Beijing 100190)
出处
《高技术通讯》
CAS
2022年第12期1226-1235,共10页
Chinese High Technology Letters
基金
国家自然科学基金(U1736208,61902374)资助项目。
