面向递增累积型缺陷的灰盒模糊测试变异优化

Mutation Optimization of Directional Fuzzing for Cumulative Defects

大量访问越界、内存耗尽、性能故障等缺陷是输入中有效数据的规模过大,超过临界值引起的.而现有灰盒模糊测试技术中的数据依赖识别和变异优化技术大都针对固定规模输入数据格式,对规模递增输入数据的构造效率不高.为此,针对这类累积型缺陷模糊测试对应的状态特征值最优化问题,提出一种对特征值依赖的输入数据的格式判别和差分变异方法.根据引发特征值最值更新的有效变异的位置分布和发现频次特征,判别待发现缺陷状态优化是否依赖于输入中相关数据规模的增长,将引发最值更新的有效变异内容应用于规模递增输入数据生成,提升该类累积型缺陷的复现和定向测试效率.依据该思想,实现了模糊测试工具Jigsaw,在测评实验数据集上的实验结果表明提出的判别方法能够高效地区分特征值依赖的输入数据组织形式,且提出的差分变异方法显著提升了需要大量输入才能触发累积型缺陷的复现效率.

Many quantifiable state-out-of-bound software defects,such as access violations,memory exhaustion,and performance failures,are caused by a large quantity of input data.However,existing dependent data identification and mutation optimization technologies for grey-box fuzzing mainly focus on fixed-length data formats.They are not efficient in increasing the amount of cumulated data required by the accumulated buggy states.This study proposes a differential mutation method to accelerate feature state optimization during the directed fuzzing.By monitoring the seed that updates the maximum or minimum state value of the cumulative defects,the effective mutate offset and content are determined.The frequency is leveraged and the distribution of the effective mutation is offset to distinguish whether the feature value of the defect depends on a fixed field or cumulative data in the input.The effective mutation content is reused as a material in the cumulative input mutation to accelerate the bug reproduction or directed testing.Based on this idea,this study implements the fuzzing tool Jigsaw.The evaluation results on the experimental data set show that the proposed dependency detection method can efficiently detect the input data type that drives the feature value of cumulative defects and the mutation method significantly shorten the reproduction time of the cumulative defect that requires a large amount of special input data.