覆盖率制导的灰盒模糊测试研究综述

A Survey of Research on Coverage-Guided Greybox Fuzzing

由于部署简单、可扩展性强、挖掘到大量真实漏洞等原因,模糊测试得到了科研和工程人员的广泛关注。其中,覆盖率制导的灰盒模糊测试(Coverage-guided Greybox Fuzzing,简称CGF)以被测程序代码覆盖率为反馈信息,可对软件进行较为充分的自动化测试,有效地保障软件质量,是目前最为流行的一类模糊测试技术.研究人员为改进CGF投人了大量精力,产生了许多研究成果.然而,目前并未有研究针对CGF的已有研究工作进行系统性综述.为此,本文分析了近年来CGF的相关重要研究成果,将CGF流程划分为4个阶段:预处理、测试用例选择、测试用例演化和测试用例评估,并系统地分阶段分析了已有研究进展.此外,针对现有工作中评估分析设置不一致的问题,本文整理了CGF领域中常用的测试对象、实验设置及评估指标。最后,基于对已有研究进展的分析,阐述了CGF目前在预处理、测试用例选择等阶段存在的局限性、可能的解决方案以及未来的研究方向。

Due to simple deployment,high scalability,and many real-world vulnerabilities are successfully detected,fuzz testing has attracted the attention of many scientific researchers and industry engineers.Among them,Coverage-guided Greybox Fuzzing(CGF)has become one of the most popular fuzzing techniques.It uses coverage of the program under test as feedback information,which can perform adequate software testing automatically and ensure the quality of software effectively.As a result,researchers have invested considerable efforts into improving CGF,resulting in numerous achievements.However,there is still no systematic survey of the existing CGF research work.For this reason,this paper analyzes the critical research achievements of CGF in recent years,divides the CGF process into four stages:preprocessing,test case selection,test case evolution,and test case evaluation,and systematically summarizes research progress in different stages.Furthermore,to address the inconsistency of evaluation settings in existing works,this paper provides statistics on the commonly used benchmarks,experimental settings,and evaluation metrics in the CGF field.Lastly,based on an analysis of the current research progresses,this paper discusses the limitations,potential solutions,and future research directions of CGF in different stages,such as preprocessing and test case selection.