| 引用本文: | 陶静,糜娴雅,王宝生,等.混合模糊测试中混合符号执行优化策略评估与分析.[J].国防科技大学学报,2023,45(2):45-54.[点击复制] |
| TAO Jing,MI Xianya,WANG Baosheng,et al.Evaluation and analysis of concolic execution optimizations in hybrid fuzzing[J].Journal of National University of Defense Technology,2023,45(2):45-54[点击复制] |
|
| |
|
|
| 本文已被:浏览 4646次 下载 3683次 |
| 混合模糊测试中混合符号执行优化策略评估与分析 |
| 陶静1,糜娴雅2,王宝生1,王鹏飞1 |
|
(1. 国防科技大学 计算机学院, 湖南 长沙 410073;2. 军事科学院 智能博弈与决策实验室, 北京 100071)
|
| 摘要: |
| 针对传统混合模糊测试提升技术多聚焦于利用多种动静态分析手段辅助而忽略了混合符号执行自身性能的问题,提出一种混合模糊测试平衡点模型,并基于该模型对主流混合符号执行方案进行剖析,包括污点分析辅助模糊测试、混合模糊测试以及混合符号执行,归纳了6种符号执行方案,基于混合符号执行引擎Triton复现了6种符号执行方案,并通过10个典型真实程序进行了测试评估。从效率、内存、覆盖率三个维度对各个方案进行性能对比与影响因素分析。实验证明,优化方案都可以消除不必要的约束并减少时间和空间开销,但约束缩减会造成信息丢失,造成覆盖率降低。基于实验数据分析,提出了一个优化方案的性能序列,并提出三种针对不同测试需求的优化方案。 |
| 关键词: 软件安全 软件漏洞挖掘 混合符号执行 混合模糊测试 |
| DOI:10.11887/j.cn.202302005 |
| 投稿日期:2021-04-09 |
| 基金项目:国防科技大学校科研计划基金资助项目(ZK20-17) |
|
| Evaluation and analysis of concolic execution optimizations in hybrid fuzzing |
| TAO Jing1, MI Xianya2, WANG Baosheng1, WANG Pengfei1 |
|
(1. College of Computer Science and Technology, National University of Defense Technology, Changsha 410073, China;2. Intelligent Game and Decision Lab, Academy of Military Sciences, Beijing 100071, China)
|
| Abstract: |
| Aiming at the problem that the traditional hybrid fuzzy test promotion technology focuses more on the use of multiple dynamic and static analysis methods to assist and ignores the performance of concolic execution, a hybrid fuzzing balance-point model was proposed. Based on the model, the popular concolic execution tools were analyzed, including taint-assist fuzzing, hybrid fuzzing and concolic execution, and 6 symbol execution schemes were summarized. Based on the hybrid symbol execution engine Triton, 6 symbol execution schemes were reproduced, and tested and evaluated through 10 typical real programs. Performance comparison and impact factor analysis of each scheme were conducted from three dimensions of efficiency, memory consumption and coverage. Experiment results show that all of the optimization patterns can basically reduce the unnecessary constraints and thus reduce time and space consumption. However, the reduction of constraints can cause information loss and lead to coverage decrease. Based on the analysis of experimental data, the performance sequence of an optimization scheme was proposed, and three optimization schemes for different test requirements were proposed. |
| Keywords: software security software vulnerability discovery concolic execution hybrid fuzzing |
|
|
|
|
|
