摘要
通信协议可保障网络应用和物联网设备之间的通信,但其在设计或实现中存在的脆弱性会带来严重的安全威胁和隐患。模糊测试技术作为一种软件安全分析的有效方法,在针对网络协议的脆弱性分析中表现出高效的性能和无可比拟的优势。现有的针对网络协议的灰盒测试技术仍依赖于人工识别协议格式来辅助测试,并且变异策略的设计更偏向于位和字节的变异,忽略了协议消息本身的格式信息,导致在测试时性能不佳。针对上述问题,提出一种基于对齐聚类的智能化协议格式推断模型ProCluster,用于指导灰盒测试中协议状态机构建和种子的变异。该模型通过自动提取协议关键字和推断相应类型,辅助协议灰盒测试模型构建更精准的种子变异策略,从而生成更符合协议规范的测试用例,以此加速提升模糊测试的代码覆盖能力和脆弱路径发现能力。实验结果表明,在对TinyDTLS、OpenSSL等程序的模糊测试中,与典型协议灰盒测试工具AFLNet相比,ProCluster的边覆盖率能够提升75%~182%,并且在TinyDTLS中发现一个缓冲区溢出漏洞样本。
Communication protocols ensure secure communication between network applications and IoT devices.However,the fragility of their design and implementation can result in serious security threats and hidden dangers.Fuzzing,as an effective method for software security analysis,demonstrates efficient performance and unparalleled advantages in vulnerability analysis of network protocols.Nevertheless,existing stateful coverage-based grey-box fuzzing for network protocols still relies on manual identification of the protocol format to assist testing.In addition,the design of the mutation strategy is more prominent in the mutation of bits and bytes,disregarding the format information of the protocol message itself,resulting in suboptimal fuzzing performance.To address these issues,this study proposes an intelligent protocol format based on an aggregate class.This model uses high-efficiency and automatic extraction of protocol keywords and infers corresponding types to assist in building a more accurate seed mutation strategy for the protocol gray-box test model.This approach generates test cases that better conform to the specifications of protocols,thereby accelerating code coverage,improving illegal testing capability,enhancing the capacity of the fuzzy test,and increasing the ability to identify fragile paths.The experimental results demonstrate that,when fuzzing programs such as TinyDTLS and OpenSSL,ProCluster outperforms the typical stateful gray-box fuzzing tool AFLNet by increasing edge coverage by 75%to 182%.Furthermore,it successfully identified a buffer overflow vulnerability sample in TinyDTLS.
作者
刘华玉
甘水滔
尹小康
柳晓龙
刘胜利
李宏亮
LIU Huayu;GAN Shuitao;YIN Xiaokang;LIU Xiaolong;LIU Shengli;LI Hongliang(School of Cyberspace Security,Strategic Support Force Information Engineering University,Zhengzhou 450001,China;State Key Laboratory of Mathematical Engineering and Advanced Computing,Wuxi 214215,Jiangsu,China;Institute for Network Research,Tsinghua University,Beijing 100084,China;Jiangnan Institute of Computing Technology,Wuxi 214083,Jiangsu,China)
出处
《计算机工程》
CAS
CSCD
北大核心
2023年第12期129-135,145,共8页
Computer Engineering
基金
中国博士后科学基金面上资助项目(2021M701942)。
关键词
灰盒测试
协议逆向
变异策略
网络协议
漏洞挖掘
gray-box test
protocol reverse
mutation strategy
network protocols
vulnerability mining